@{HOME}/.Xauthority
utils/apparmor/sandbox.py: verify the above rule is any any dynamic templates
that use -X
utils/aa-sandbox.pod: update man page to warn about /.Xauthority access
- use signal.<signal> instead of hardcoding a number
- add --with-xauthority option
- remove '-r' and '--with-geometry' and use --with-xephyr-geometry instead
- allow passing arguments to the application when using aa-exec
- kill with SIGTERM, then try again with SIGKILL
- always use os.execv() in forks. Using cmd() when not specifying '-d' created
different behaviors between debug and non-debug mode
- better cleanup Xpra when aa-exec command fails
- use the full dummy.xorg.conf, which gives us the correct modelines for large
displays. This fixes the issue "Server's virtual screen is too small .... You
may see strange behavior." which should up when the window's size was bigger
than the 'current server resolution'
utils/apparmor/common.py: adjust for python3 (ie, make bi-lingual)
utils/apparmor/sandbox.py:
- set reasonable default template
- gen_policy_name() uses full pathname
- adjust for python3
http://thread.gmane.org/gmane.linux.kernel/1289986
This allows for drivers that support poll to prevent suspend. Adjust
utils/severity.db for this.
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
create-apparmor.vim.py was failing on systems with python 2.5, fix that
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
This patch moves the generation of file rules from apparmor.vim.in to
create-apparmor.vim.py. It also adds support for
- filenames in quotes
- reverse syntax (permissions first)
The patch also removes an outdated $Id header in apparmor.vim.in and
updates the copyright year.
Acked-By: John Johansen <john.johansen@canonical.com>
* the application, library, documentation and installation script
* the initial templates and policy groups. This will undoubtedly need
refinement as we get feedback from users. Initial policy is based on Ubuntu's
Application Review Board (ARB) requirements[2].
* tests for the library
* Makefile integration
Templates are stored in /usr/share/apparmor/easyprof/templates and policy
groups in /usr/share/apparmor/easyprof/policygroups. This can be adjusted via
/etc/apparmor/easyprof.conf.
The aa-easyprof.pod has complete documentation on usage with some
additional information in utils/easyprof/README (mostly duplicated
here).
Testing can be performed in a number of ways:
$ cd utils ; make check # runs unit tests and pyflakes
Unit tests manually:
$ ./test/test-aa-easyprof.py
In source manual testing:
$ ./aa-easyprof --templates-dir=./easyprof/templates \
--policy-groups-dir=./easyprof/policygroups \
... \
/opt/foo/bin/foo
Post-install manual testing:
$ make DESTDIR=/tmp/test PERLDIR=/tmp/test/usr/share/perl5/Immunix install
$ cd /tmp/test
$ PYTHONPATH=/tmp/test/usr/local/.../dist-packages ./usr/bin/aa-easyprof \
--templates-dir=/tmp/test/usr/share/apparmor/easyprof/templates \
--policy-groups-dir=/tmp/test/usr/share/apparmor/easyprof/policygroups \
/opt/bin/foo
(you may also adjust /tmp/test/etc/apparmor/easyprof.conf to avoid
specifying --templates-dir and --policy-groups-dir).
Committing this now based on conversation with John and Steve.
Acked-By: Jamie Strandboge <jamie@canonical.com>
