lp:~xfactor973/apparmor/bug-1564625
- Get this branch:
- bzr branch lp:~xfactor973/apparmor/bug-1564625
Branch merges
Branch information
Recent revisions
- 3490. By Tyler Hicks
-
utils: Handle the safe/unsafe change_profile exec modes
https:/
/launchpad. net/bugs/ 1584069 This patch adds support for the safe and unsafe exec modes for
change_profile rules. The logic is pretty simple at this point because
the kernel's default for exec modes changed in newer versions.
Therefore, this patch simply retains any specified exec mode in parsed
rules. If an exec mode is not specified in a rule, there is no attempt
to force the usage of "safe" because older kernels do not support it.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Seth Arnold <email address hidden>
Acked-by: Christian Boltz <email address hidden> - 3489. By Tyler Hicks
-
tests: Fix onexec.sh races by using the transition test program
The onexec.sh test has periodically exhibited unexplicable failures that
are possibly due to race conditions when onexec.sh is verifying the
/proc/PID/attr/{current, exec} values of the process under test. This
patch attempts to solve the flaky test failures by removing the need for
IPC to coordinate between the test script and the test program.The old onexec test program is removed and the transition test program
is used instead. This allows for the test script to tell the transition
test program what its current and exec procattr labels should be via
command line options.Since IPC is no longer needed, the signal:ALL allow rule can be dropped
from the test profile. A new allow rule is needed to grant reading of
/proc/*/attr/{ current, exec} since transition must verify the contents of
these files.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3488. By Tyler Hicks
-
tests: Add transition test options to verify exec procattr
Add optional command line parameters to the transition test program that
can be used to verify a certain label and/or mode that should be found
in /proc/self/attr/exec. Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3487. By Steve Beattie
-
profiles: ubuntu-browsers abstraction: support Debian's firefox-esr
Merged from <email address hidden>; thanks!
- 3486. By Seth Arnold
-
<email address hidden> 2016-06-24 mod_apparmor manpage: fix "documenation" typo.
- 3485. By Seth Arnold
-
From: Simon McVittie <email address hidden>
Date: Tue, 21 Jun 2016 18:18:45 +0100
Subject: abstractions/nameservice: also support ConnMan-managed resolv.conf Follow the same logic we already did for NetworkManager,
resolvconf and systemd-resolved. The wonderful thing about
standards is that there are so many to choose from.Signed-off-by: Simon McVittie <email address hidden>
- 3484. By Christian Boltz
-
Drop unused escape() function from aa.py
Besides being unused, this function contains a broken regex.
References: https:/
/bugs.launchpad .net/bugs/ 1593324 Acked-by: Steve Beattie <email address hidden>
- 3483. By Kshitij Gupta
-
Re-order imports in aa-mergeprof and rule/capability.py
Acked-by: Christian Boltz <email address hidden>
- 3482. By Christian Boltz
-
Add a note about still enforcing deny rules to aa-complain manpage
This behaviour makes sense (for example to force the confined program to
use a fallback path), but is probably surprising for users, so we should
document it.References: https:/
/bugs.debian. org/cgi- bin/bugreport. cgi?bug= 826218# 37 Acked-by: John Johansen <email address hidden> for trunk, 2.10 and 2.9
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12