lp:~cmiller/apparmor/chromiumbrowser-fcitx-abstraction

Created by Chad Miller on 2016-01-11 and last modified on 2016-01-15
Get this branch:
bzr branch lp:~cmiller/apparmor/chromiumbrowser-fcitx-abstraction
Only Chad Miller can upload to this branch. If you are Chad Miller please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Chad Miller
Project:
AppArmor
Status:
Development

Recent revisions

3338. By Chad Miller on 2016-01-15

Finish separating accessibility rules.

3337. By Chad Miller on 2016-01-11

Un-splitting. Reverting dbus-accessibility-strict.

Remove unneeded rules.

3336. By Chad Miller on 2016-01-11

Split into two pieces. The first updates the strict ruleset for the
accessibility facilities' dbus access, and adds some missing member calls like
Hello. The other groups members in fcitx abstraction together nicer.

3335. By Chad Miller on 2016-01-11

Create a new input-method abstraction: pass through dbus method calls and
responses relating to the FCITX input method

3334. By Tyler Hicks on 2016-01-08

libapparmor: Fix minor formatting issue in the aa_query_label(2) man

Remove extra leading parenthesis from some of the function prototypes.

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

3333. By Tyler Hicks on 2016-01-08

libapparmor: Reorder SYNOPSIS section of aa_query_label(2) man

Swap aa_query_link_path_len() and aa_query_link_path() to match the
order of aa_query_file_path() and aa_query_file_path_len().

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

3332. By Tyler Hicks on 2016-01-08

libapparmor: Fix line wrapping of the aa_query_label(2) man

Doing manual line wraps resulted in an unreadable SYNOPSIS section.
Allow man to handle line wrapping the function prototypes itself.

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

3331. By Tyler Hicks on 2016-01-08

libapparmor: Add funcs to the NAME section of the aa_query_label(2) man

aa_query_file_path, aa_query_file_path_len, aa_query_link_path, and
aa_query_link_path_len were omitted from the NAME section.

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

3330. By Christian Boltz on 2016-01-07

Add some simple_tests ("deny dbus name=(SomeService)," and "deny file,")

Acked-by: Steve Beattie <email address hidden>

3329. By Christian Boltz on 2016-01-07

Fix handling of link events in aa-logprof

handle_children() has some special code for handling link events with
denied_mask = 'l'. Unfortunately this special code depends on a regex
that matches the old, obsolete log format - in a not really parsed
format ("^from .* to .*$").

The result was that aa-logprof did not ask about events containing 'l'
in denied_mask.

Fortunately the fix is easy - delete the code with the special handling
for 'l' events, and the remaining code that handles other file
permissions will handle it :-)

References: Bugreport by pfak on IRC

Testcase (with hand-tuned log event):

    aa-logprof -f <( echo 'Jan 7 03:11:24 mail kernel: [191223.562261] type=1400 audit(1452136284.727:344): apparmor="ALLOWED" operation="link" profile="/usr/sbin/smbd" name="/foo" pid=10262 comm=616D617669736420286368362D3130 requested_mask="l" denied_mask="l" fsuid=110 ouid=110 target="/bar"')

should ask to add '/foo l,' to the profile.

Acked-by: Seth Arnold <email address hidden> for trunk, 2.10 and 2.9.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:apparmor/2.12
This branch contains Public information 
Everyone can see this information.

Subscribers