lp://qastaging/~intrigeri/apparmor/etc-dconf

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp://qastaging/apparmor/2.12 at revision 3207

Jamie Strandboge: Approve on 2015-07-20

Diff: 10 lines (+1/-0)

1 file modified

profiles/apparmor.d/abstractions/dconf (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

3207. By intrigeri on 2015-07-19

dconf abstraction: allow reading /etc/dconf/**.

That's needed e.g. for Totem on current Debian Jessie.

3206. By Christian Boltz on 2015-07-17

drop shebang from apparmor/rule/*.py

The '#!/usr/bin/env python' line in apparmor/rule/*.py is superfluous
and causes "non-executable script" rpmlint warnings on openSUSE.

Acked-by: Tyler Hicks <email address hidden>

3205. By Steve Beattie on 2015-07-14

common/Version: prepare for 2.10 release

3204. By Christian Boltz on 2015-07-14

Initialize child profile in handle_children()

TL;DR: the answer is "yes" ;-)
(see the patch for the question...)

Long version:
When creating a new child profile with aa-logprof or aa-genprof, the
child profile wasn't properly initialized in handle_children(), which
lead to a crash in delete_duplicates() later because capability etc.
was not set to a CapabilityRuleset etc. class and therefore
profile['capability'] didn't have a .delete_duplicates() method.

Funnily there was already a comment "do we need to init the profile here?"

This patch replaces the question in the comment with the answer.

Acked-by: Steve Beattie <email address hidden>

3203. By John Johansen on 2015-07-14

With the export of more AA_MAY_ defines from apparmor.h

The local defines in the link_subset test collide and result in build
warnings. Replace the defines with a naming that won't collide and
makes it clear a local define for the test is being used.

Signed-off-by: John Johansen <email address hidden>
Acked-by: Steve Beattie <email address hidden>

3202. By John Johansen on 2015-07-14

Fix: query_label regression test failures

1. The test is using the wrong defines: It is using the defines from the
parser for the packed dfa permissions. This set of permissions is not
meant to be exposed to the outside world

2. The kernel is using the wrong mapping function for the permissions
in the file class. This results in partially exposing the packed
permissions, but even then it doesn't fully line up with the packed
permissions, and is not correct for several of the potential permissions.

Attached is a patch that fixes the test, and moves the two tests that
fail due to the kernel to xpass.

Signed-off-by: John Johansen <email address hidden>
Acked-by: Tyler Hicks <email address hidden>

3201. By Steve Beattie on 2015-07-14

regression tests: more ptrace adjustments for arm64 upstream changes

In the commit "Rev 3169: regression tests: have
ptrace use PTRACE_GETREGSET by default", I created
some ifdef magic to use the per arch general purpose
register data structures for various architectures,
including arm64. Unfortunately, in the upstream glibc commit
http://repo.or.cz/w/glibc.git/commitdiff/7d05a8168b45c0580e1f9a79c2dd26c8f0d31fca
<bits/ptrace.h> is no longer included in the arm64 specific user.h,
which defined the structure as 'struct user_pt_regs'; instead user.h
was converted to define 'struct user_regs_struct'. Because of this, the
ptrace test fails to compile on arm64 when glibc is 2.20 or newer.

This patch adjusts the ptrace test to use the newer structure on arm64
if it's detected that a newer glibc is detected and reverts to using
the older one for older glibcs. It also adds an error when compiling
on architectures that haven't been incorporated yet.

Signed-off-by: Steve Beattie <email address hidden>
Acked-by: John Johansen <email address hidden>

3200. By Steve Beattie on 2015-07-14

libapparmor: prepare libtool versioning for impending 2.10 release.

3199. By Christian Boltz on 2015-07-13

Add --no-reload option to aa-autodep

Besides adding this feature, this also fixes a crash in tools.py __init__():
    AttributeError: 'Namespace' object has no attribute 'do_reload'

Acked-by: Steve Beattie <email address hidden>

3198. By Christian Boltz on 2015-07-13

fix create_new_profile() to avoid aa-genprof crash

create_new_profile() created a wrong structure for local_profile, which
resulted in an aa-genprof crash directly at startup (in the autodep
phase).

This patch fixes it to use the correct structure.

Acked-by: Steve Beattie <email address hidden>