[apparmor] apparmor.vim - profile format changes since 2.3?
Christian Boltz
apparmor at cboltz.de
Tue Feb 1 21:43:45 UTC 2011
Hello,
Am Dienstag, 1. Februar 2011 schrieb John Johansen:
> On 02/01/2011 07:01 AM, Christian Boltz wrote:
> > What does this mean regarding external hats?
>
> Your wish is granted, well sort of. They don't have to be declared
> in the main profile. You just create the profile and load it and as
> long as it has the hat flag it will work.
>
> however it looks like the ability to add the hat flag is missing. It
> would look something like
>
> /some/profile//external_hat (hat) {
Never heard about the "hat" flag before ;-)
> }
>
> Its an easy fix to add back in and I'll see if I can't get the patch
> out today.
I just did a short test and apparmor_parser seems to load the following
successfully: (one of my test profiles for apparmor.vim)
/foo {
}
/foo//externalhat {
/in/the/hat Ux,
network raw,
}
I can see /foo and /foo//externalhat in rcapparmor status.
What I don't know is if /foo would be allowed to change to the hat.
BTW: IMHO the "hat" flag is superfluous - the // in the profile name
should be enough to mark a profile as hat...
Regards,
Christian Boltz
--
:O h:, ich schmeiß mich weg. Wenn es das mit dem Quiz nicht ist, ist es
dann so ein Pyramidenschema? Bekommt man eine Prämie, wenn man einen
weiteren Newbie in sein Unglück lockt? [Thorsten Haude in suse-linux]
More information about the AppArmor
mailing list