1) make sure that the xpra socket exists before trying to attach to it
2) make sure that the client has attached before we start the application
The fix for '1' solves a problem when the system is under load and the
one for '2' fixes a problem with firefox starting too soon and not
having system themes applied.
Exercising the 1 week rule. Seth Arnold commented on the added sleeps and I
adjusted one based on his comments and replied to the list that the other is
needed and that this improves the sandbox/xpra code but that there are
limitations with driving xpra.
Acked-By: Jamie Strandboge <jamie@canonical.com>
This patch adds a test script/driver for the aa-decode utility. The only
change from the previous versions is to support overriding the location
of the aa-decode to test via the APPARMOR_DECODE environment variable
and documenting the utils/ tests in the top level README.
The aa-decode test can be run directly from the commandline in the utils
directory like so:
test/test-aa-decode.py -v
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Christian Boltz <apparmor@cboltz.de>
Handling stdin was totally broken (= no output) with the current log
format because aa-decode expected name= to be the last entry in the
log line.
This patch for stdin handling
- fixes the pattern to match the current log format (name= is NOT the
last part in the log entry)
- uses bash replacement to avoid some sed calls (which also means the
script now needs an explicit "#!/bin/bash")
- prints decoded filenames in double instead of single quotes to be
consistent with filenames that were not encoded
- also prints lines that do not contain an encoded filename (instead of
grepping them away)
- replace tr calls by perl's uc() (also for non-stdin mode)
- also handle encoded profile names (introduced by Steve)
- don't fail if a file or profile name contains a '
In other words: you can pipe your audit.log through aa-decode, and the
only difference to the raw audit.log is that filenames are decoded.
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
/etc/apparmor/profiles/extras/, and update the path at various places.
Also update the mailinglist address in extra-profiles README and
recommend cp instead of mv.
Note: if you want to have a symlink
/etc/apparmor/profiles/extras -> /usr/share/apparmor/extra-profiles/
for backward compability, you'll have to create it yourself (for example
in the .spec file)
This also fixes https://bugzilla.novell.com/show_bug.cgi?id=713647
Acked-by: John Johansen <john.johansen@canonical.com>
@{HOME}/.Xauthority
utils/apparmor/sandbox.py: verify the above rule is any any dynamic templates
that use -X
utils/aa-sandbox.pod: update man page to warn about /.Xauthority access
- use signal.<signal> instead of hardcoding a number
- add --with-xauthority option
- remove '-r' and '--with-geometry' and use --with-xephyr-geometry instead
- allow passing arguments to the application when using aa-exec
- kill with SIGTERM, then try again with SIGKILL
- always use os.execv() in forks. Using cmd() when not specifying '-d' created
different behaviors between debug and non-debug mode
- better cleanup Xpra when aa-exec command fails
- use the full dummy.xorg.conf, which gives us the correct modelines for large
displays. This fixes the issue "Server's virtual screen is too small .... You
may see strange behavior." which should up when the window's size was bigger
than the 'current server resolution'
