AppArmor

lp:~sdeziel/apparmor/usr.sbin.sshd-refresh

Created by Simon Déziel on 2016-01-09 and last modified on 2016-04-29

Get this branch:: bzr branch lp:~sdeziel/apparmor/usr.sbin.sshd-refresh

Only Simon Déziel can upload to this branch. If you are Simon Déziel please log in for upload directions.

Branch merges

No branches dependent on this one.

Merged into lp:apparmor/2.12 at revision 3441

Seth Arnold: Approve on 2016-04-29

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Simon Déziel

Project:: AppArmor

Status:: Merged

Recent revisions

3275. By Simon Déziel on 2016-04-29

usr.sbin.sshd: allow reading blacklisted host keys

3274. By Simon Déziel on 2016-04-21

usr.sbin.sshd: deny net_admin that is not strictly required

Matthew Dawson explained why:

> sshd doesn't actually require the net_admin capability. libpam-systemd tries
> to use it if available to set the send/receive buffers size, but will fall
> back to a non-privileged version if it fails.

https://lists.ubuntu.com/archives/apparmor/2016-April/009586.html

3273. By Simon Déziel on 2016-04-05

usr.sbin.sshd: remove commented-out hat related rules

3272. By Simon Déziel on 2016-04-05

usr.sbin.sshd: allow ptrace tracing to cope with recent kernel/AA changes

3271. By Simon Déziel on 2016-04-05

usr.sbin.sshd: add cgroup-related rules

3270. By Simon Déziel on 2016-01-09

usr.sbin.sshd: refresh profile and add libpam-systemd abstractions

3269. By Simon Déziel on 2015-11-10

Allow reading conf snippets from /etc/dnsmasq.d-available

Some packages like libvirt-bin and lxc drop conf snippets in /etc/dnsmasq.d-available
and make them available through symlinks in /etc/dnsmasq.d created during postinst.

3268. By Christian Boltz on 2015-10-28

Add __repr__() functions to BaseRule and BaseRuleset

This makes print()ing a class object much more helpful - instead of
<apparmor.rule.network.NetworkRule object at 0x7f416b239e48>
we now get something like
<NetworkRule> network inet stream,
(based on get_raw())

A NetworkRuleset will be printed as (also based on get_raw())

<NetworkRuleset>
network inet stream,
allow network inet stream, # comment
</NetworkRuleset>

Also add tests to test-network.py to ensure that __repr__() works as
expected.

Acked-by: Kshitij Gupta <email address hidden>

3267. By Christian Boltz on 2015-10-28

Add (abstract) get_clean() method to baserule

Also add a test to ensure it raises an AppArmorBug.

Acked-by: Kshitij Gupta <email address hidden>

3266. By Christian Boltz on 2015-10-28

let logparser.py ignore file_inherit events without request_mask

That's not nice, but still better than a crash ;-)

References: https://bugs.launchpad.net/apparmor/+bug/1466812/

Acked-by: Kshitij Gupta <email address hidden> for trunk and 2.9

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:apparmor/2.12

This branch contains Public information

Everyone can see this information.

Subscribers

Simon Déziel