lp:~smcv/apparmor/connman-resolv

Created by Simon McVittie and last modified
Get this branch:
bzr branch lp:~smcv/apparmor/connman-resolv
Only Simon McVittie can upload to this branch. If you are Simon McVittie please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Simon McVittie
Project:
AppArmor
Status:
Development

Recent revisions

3485. By Simon McVittie

abstractions/nameservice: also support ConnMan-managed resolv.conf

Follow the same logic we already did for NetworkManager,
resolvconf and systemd-resolved. The wonderful thing about
standards is that there are so many to choose from.

Signed-off-by: Simon McVittie <email address hidden>

3484. By Christian Boltz

Drop unused escape() function from aa.py

Besides being unused, this function contains a broken regex.

References: https://bugs.launchpad.net/bugs/1593324

Acked-by: Steve Beattie <email address hidden>

3483. By Kshitij Gupta

Re-order imports in aa-mergeprof and rule/capability.py

Acked-by: Christian Boltz <email address hidden>

3482. By Christian Boltz

Add a note about still enforcing deny rules to aa-complain manpage

This behaviour makes sense (for example to force the confined program to
use a fallback path), but is probably surprising for users, so we should
document it.

References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826218#37

Acked-by: John Johansen <email address hidden> for trunk, 2.10 and 2.9

3481. By Christian Boltz

honor 'chown' file events in logparser.py

Also add a testcase to libapparmor's log collection

Acked-by: Kshitij Gupta <email address hidden> for trunk, 2.10 and 2.9

3480. By Jamie Strandboge

profiles: Create abstraction for mozc input method editor

An abstraction to allow mozc clients to connect to the mozc-server.

Signed-off-by: Jamie Strandboge <email address hidden>
[tyhicks: Wrote commit message]
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

3479. By Jamie Strandboge

profiles: Create abstractions for fcitx input method framework

Create a set of strict and non-strict abstractions, much like the
existing dbus abstractions, for connecting to the fcitx bus.

Signed-off-by: Jamie Strandboge <email address hidden>
[tyhicks: Wrote commit message]
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

3478. By John Johansen

Fix: make sure overlapping safe and unsafe exec rules conflict

BugLink: https://launchpad.net/bugs/1588069

Currently

  change_profile /** -> A,
  change_profile unsafe /** -> A,

do not conflict because the safe rules only set the change_profile
permission where the unsafe set unsafe exec. To fix this we have the
safe version set exec bits as well with out setting unsafe exec.
This allows the exec conflict logic to detect any conflicts.

This is safe to do even for older kernels as the exec bits off of the
2nd term encoding in the change_onexec rules are unused.

Test files
  tst/simple_tests/change_profile/onx_no_conflict_safe1.sd
  tst/simple_tests/change_profile/onx_no_conflict_safe2.sd
by Christian Boltz <email address hidden>

Signed-off-by: John Johansen <email address hidden>
Acked-by: Tyler Hicks <email address hidden>

3477. By Christian Boltz

Document aliases for dbus send and receive in apparmor.d

Acked-by: Tyler Hicks <email address hidden>

3476. By Christian Boltz

aa-genprof: ask about profiles in extra dir (again)

Thanks to reading the wrong directory in read_inactive_profiles()
(profile_dir instead of extra_profile_dir), aa-genprof never asked about
using a profile from the extra_profile_dir.

Sounds like an easy fix, right? ;-)

After fixing this (last chunk), several other errors popped up, one
after the other:
- get_profile() missed a required parameter in a serialize_profile() call
- when saving the profile, it was written to extra_profile_dir, not to
  profile_dir where it (as a now-active profile) should be. This is
  fixed by removing the filename from existing_profiles{} so that it can
  pick up the default name.
- CMD_FINISHED (when asking if the extra profile should be used or a new
  one) behaved exactly like CMD_CREATE_PROFILE, but this is surprising
  for the user. Remove it to avoid confusion.
- displaying the extra profile was only implemented in YaST mode
- get_pager() returned None, not an actual pager. Since we have 'less'
  hardcoded at several places, also return it in get_pager()

Finally, also remove CMD_FINISHED from the get_profile() test in
test-translations.py.

(test-translations.py is only in trunk, therefore this part of the patch
is obviously trunk-only.)

Acked-by: Seth Arnold <email address hidden> for trunk
Acked-by: John Johansen <email address hidden> for trunk + a 50% ACK for 2.10 and 2.9
Acked-by: Kshitij Gupta <email address hidden> for trunk, 2.10 and 2.9

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:apparmor/2.12
This branch contains Public information 
Everyone can see this information.

Subscribers