On 08/16/2016 04:17 AM, John Johansen wrote: > On 08/02/2016 04:32 PM, William Hua wrote: >> Hello, >> >> If I may, I'd like to revive the old dconf confinement patches that we >> started over a year ago, but were never merged. >> >> All necessary patches are attached, as well as an extra test profile and >> program. I've refreshed them to work properly against kernel 4.6.4 and >> current AppArmor trunk. >> > Hey William > > the kernel patch still looks good, and pathes 1-3 have my ACK >
slightly modified versions of the kernel patches have been pushed into the xenial, yakkety, and zesty kernels, so what follows should be able to work on any of those releases. > the issue lies with 04 the actual dconf patch. The code looks good however > I said it before and I will say it again we can not be putting permission > information into the query data. > > You have separated out the query data into > rpaths > rwpaths > arpaths > arwpaths > The following patches basically restore the split set of paths interfaces that you proposed above, but achieves the lists in a different way. packages xenial, yakkety, and zesty have been built in the lp:apparmor-dev/apparmor-devel ppa The parser support is still minimal but will provide a full list of keys/paths, and a dfa with permissions. Pattern matching for dconf paths is disabled, but special pattern matching chars must be escaped. This leaves us open to selectively enabled some of the pattern matching (like alternations) in the future. I still have regression and check tests to finish, and yes support for the tools, but it is usable. The following series is built on top of williams patches but I have reincluded them so that the patches are all together in a set. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
