lp:~cameronnemo/apparmor/gnome-abstraction
- Get this branch:
- bzr branch lp:~cameronnemo/apparmor/gnome-abstraction
Branch merges
- intrigeri: Disapprove
- AppArmor Developers: Pending requested
-
Diff: 21 lines (+4/-0)1 file modifiedprofiles/apparmor.d/abstractions/gnome (+4/-0)
Branch information
Recent revisions
- 3110. By Christian Boltz
-
Update comments in minitools_test.py
After switching to winbindd as test profile, comments about the ntpd
profile don't make sense anymore ;-)The patch also includes some whitespace fixes.
Acked-by: Kshitij Gupta <email address hidden>
Acked-by: Steve Beattie <email address hidden> - 3109. By Christian Boltz
-
Add tests for RlimitRule and RlimitRuleset
This time we only have 98% coverage (some missing and partial) because
I didn't find corner cases that raise some exceptions ;-)Acked-by: Steve Beattie <email address hidden>
- 3108. By Christian Boltz
-
Add RlimitRule and RlimitRuleset classes
The class comes with the usual set of features, so I'll only mention a
special feature: the is_covered() and is_equal() functions can even
compare limits with different units (for example they recognize that
2minutes == 120seconds).Also change RE_PROFILE_RLIMIT:
- make it a bit more strict (the old one accepted any chars, including
spaces, for rlimit and value)
- convert it to named matches
- '<=' isn't optional - remove the '?' (but keep the parenthesis to
avoid breaking parsing in aa.py)
- allow rules with no spaces around '<='Acked-by: Steve Beattie <email address hidden>
- 3107. By Christian Boltz
-
split off parse_comment() from parse_modifiers()
This is needed for rule types that don't have modifiers in their regex, for
example rlimit rules.Acked-by: Steve Beattie <email address hidden>
- 3106. By Christian Boltz
-
change aa-cleanprof to use reload_profile()
aa-cleanprof (actually clean_profile() in tools.py) used reload_base()
from aa.py which sends the parser output to /dev/null. This had two
effects:
- aa-cleanprof ignored the --no-reload parameter
- there was no error message because reload_base() /dev/null's the
parser outputThis patch changes clean_profile() to use reload_profile() from tools.py
(which honors the --no-reload option).Also add a TODO note to aa.py reload_base(), the (AFAIK only) winner of
the 'useless use of cat' award in the AppArmor code.
We should really change it to use reload_profile(), even if that means
moving the function from tools.py to aa.py or common.py. And it should
not /dev/null the apparmor_parser output. ;-)References: https:/
/bugs.launchpad .net/apparmor/ +bug/1443637 Acked-by: Steve Beattie <email address hidden>
- 3105. By Christian Boltz
-
Let aa-complain delete the disable symlink
aa-complain is part of the enforce/
complain/ disable triple. Therefore
I expect it to actually load a profile in complain mode.To do this, it has to delete the 'disable' symlink, but set_complain()
in aa.py didn't do this (and therefore kept the profile disabled).Acked-by: Kshitij Gupta <email address hidden>
- 3104. By Christian Boltz
-
Let aa-audit print a warning if a profile is disabled
Users might expect that setting a profile into audit mode also activates
it (which shouldn't happen IMHO because the audit flag is not part of
the enforce/complain/ disable triple), so we should at least tell them. References: https:/
/bugs.launchpad .net/apparmor/ +bug/1429448 Acked-by: Kshitij Gupta <email address hidden>
- 3103. By Christian Boltz
-
Allow aa-complain etc. to change profiles for non-existing binaries
aa-complain, aa-enforce, aa-disable and aa-audit refused to change
profiles for non-existing binaries. This patch also allows paths
starting with /. This also makes it possible to use
aa-complain '/{usr/,}bin/ping'
and
aa-complain /etc/apparmor.d/bin.ping This patch fixes https:/
/bugs.launchpad .net/apparmor/ +bug/1416346 Well, mostly - we still need to decide how we handle wildcards in
profile names:
aa-complain ping
aa-complain /usr/bin/ping
will still error out with "Profile not found" because it isn't an exact
match (and matching the wildcard would change more than the user wants).Oh, and this patch also fixes the last failure in minitools_test.py.
Acked-by: Steve Beattie <email address hidden> for trunk and 2.9
- 3102. By Christian Boltz
-
Fix all tests in minitools_test.py
Change minitools_test.py to use the winbind instead of the ntpd profile
for testing. The tests broke because the ntpd profile has the
attach_disconnected flag set now, and therefore didn't match the
expected flags anymore.Also replace the usage of filecmp.cmp() in the cleanprof test with
reading the file and using assertEqual - this has the advantage that we
get a full diff instead of just "files differ".Note: The aa-cleanprof test is still failing because of a bug in
tools.py, but will be fixed by the next patch.
See https://bugs.launchpad .net/apparmor/ +bug/1416346 for details. Acked-by: Kshitij Gupta <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12