Nominated cherrpicks for 2.5.1
Steve Beattie
steve at nxnw.org
Mon Jun 21 23:43:38 BST 2010
On Mon, Jun 21, 2010 at 01:37:49PM -0500, Jamie Strandboge wrote:
> Here are a list of apparmor_notify and abstraction updates that I think
> should be in 2.5.1.
>
> r1409: statvfs allowed by default
ACK
> r1406: abstractions/user-tmp: require 'owner' matching
ACK
> r1403: add dbus-session abstraction
I don't really like this one; dbus-launch as Ux essentially lets you
escape confinement without any effort whatsoever; dbus-launch /bin/bash
gives you an unconfined shell. Comments?
> r1397-r1398: adjust cgi path for php5 abstraction (LP: #538661)
ACK
> r1389: add 'k' to /var/lib/samba/**.tdb in the samba abstraction
ACK
> r1391-r1396,r1401-r1402,r1405,r1407-r1408: apparmor_notify updates.
> These commits should bring apparmor_notify and apparmor_notify.pod up to
> what is in trunk. In short:
>
> - add long options
> - cleanup output
> - better handle auditd
> - handle logfile rotation
> - use seteuid() to drop privileges so we can raise/drop after log file
> rotation. Add -u USER option for dropping privileges when not using
> sudo
> - man page updates
> - group like entries together when using -v with -s (and later cleanups)
ACK on all of these.
I've pushed them to a nominations branch:
lp:~sbeattie/apparmor/apparmor-2.5.1-nominations
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100621/f7100cb2/attachment.pgp
More information about the AppArmor
mailing list