lp://qastaging/~intrigeri/apparmor/gnome-gtk3-config

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp://qastaging/apparmor/2.12 at revision 3577

Seth Arnold: Approve on 2016-11-07

Diff: 11 lines (+1/-0)

1 file modified

profiles/apparmor.d/abstractions/gnome (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

3577. By intrigeri on 2016-11-06

gnome abstraction: grant read access to ~/.config/gtk-3.0/*.

E.g. Totem needs access to ~/.config/gtk-3.0/settings.ini.

3576. By Christian Boltz on 2016-11-02

Add a test_multi testcase for dbus eavesdrop

The log line (with a different profile=...) was sitting around on my
disk since a year, so let's do something useful with it ;-)

Acked-by: Seth Arnold <email address hidden>

3575. By Christian Boltz on 2016-11-01

More test_multi profiles

This patch adds profiles for all log sniplets that are expected to
result in a profile rule.

This also means some changes in test-libapparmor-test_multi.py are
needed:
- split off log_to_profile_skip from log_to_profile_known_failures to
  - only skip tests in log_to_profile_skip (causing a crash or requiring
    user interaction)
  - run tests in log_to_profile_known_failures, but expect a non-equal
    result (caused by not added rules etc.)
- add quite some tests to log_to_profile_known_failures - they were
  skipped before because they didn't have a *.profile file.
- add handling for hats to shorten list of known failures
  This fixes testcase24 and testcase33 (after adjusting the profiles)
  and lots of the new *.profile files.
- since we now have *.profile files for all log events that should result
  in a profile rule, no longer ignore FileNotFoundError

Acked-by: Seth Arnold <email address hidden>

3574. By Christian Boltz on 2016-10-21

dnsmasq profile: more lxd additions

Besides dnsmasq.leases, dnsmasq.pid needs to be written. Also read
access for some files is needed (currently dnsmasq.raw and
dnsmasq.hosts - using dnsmasq.* makes this more future-proof when
more files get added)

References: https://bugs.launchpad.net/apparmor/+bug/1634199 (again)

Acked-by: John Johansen <email address hidden>

3573. By Christian Boltz on 2016-10-18

Add new dnsmasq.leases location for lxd to dnsmasq profiles

References: https://bugs.launchpad.net/bugs/1634199

Acked-by: Seth Arnold <email address hidden> for trunk, 2.10 and 2.9.

3572. By Christian Boltz on 2016-10-17

Test log to profile "translation"

This patch adds TestLogToProfile to test-libapparmor-test_multi.py which
"translates" the test_multi log sniplets to a profile, and checks if it
matches the expected profile.

The expected profile for one log event will obviously contain only one
rule, and gets added as *.profile to the test_multi directory.

This patch includes 33 test_multi profiles - which means 83 more need to
be created. Whenever you have some time, add one or two! (Please write
those test_multi profiles manually, without using the tools.)

I know some parts of the test code looks complicated. Unfortunately this
is how things work - compare it with do_logprof_pass() in aa.py...

While on it, set tests = 'invalid' which ensures a failure in case
parse_test_profiles() doesn't set the tests array, and move printing
the test name out of parse_test_profiles() to avoid printing it twice.

A nice side effect of this patch is increased test coverage:
- 30% -> 40% in aa.py (= 250 more lines)
- 52% -> 78% in aamode.py (= 23 more lines)
- 26% -> 68% in logparser.py (= 120 more lines)
- total coverage increases from 57% to 62%

Acked-by: Seth Arnold <email address hidden>

3571. By Christian Boltz on 2016-10-15

fix typo in "reasonable" in apparmor_parser manpage

(merge request by intrigeri)

Acked-By: <Christian Boltz> for trunk, 2.10 and 2.9

3570. By Christian Boltz on 2016-10-14

allow reading /tmp/.X11-unix/* in abstractions/X

This is needed when starting X with "-nolisten local".

References: https://bugs.launchpad.net/apparmor/+bug/1589823

Acked-by: Seth Arnold <email address hidden> for trunk, 2.10 and 2.9

3569. By Christian Boltz on 2016-10-14

add network 'kcm' keyword to apparmor.d manpage

I already did this in the python code a month ago, and now realized that
we should also update the apparmor.d manpage ;-)

Acked-by: Seth Arnold <email address hidden> for trunk and 2.10.

3568. By Christian Boltz on 2016-10-14

Drop unused 'found' counter from aa.py ask_the_questions()

Acked-by: Seth Arnold <email address hidden>