[apparmor] [patch] apparmor.vim - pux/PUx permissions
John Johansen
john.johansen at canonical.com
Thu Aug 18 22:25:57 UTC 2011
On 08/18/2011 03:20 PM, Christian Boltz wrote:
> Hello,
>
> another patch for apparmor.vim to allow pux and PUx permissions.
>
> We discussed this already in April, but it never went in.
>
> I intentionally don't allow pUx and Pux since the behaviour of those is
> very unexpected (the first letter decides if the environment is cleaned
> up or not - at least that's the result of the discussion in April - and
> the average user won't know this).
>
>
> Regards,
>
> Christian Boltz
> -- Das hätte man auch kürzer sagen können: | "Please don't use evolution anymore. It's not intended as a | mailingprogramm, we're just riding around a little bit on our | C-Compilers to find out how to break the rules." Yes, sir. Nice outlooks. [Ratti in suse-linux]
>
>
> apparmor-vim-pux.diff
>
>
> === modified file 'utils/vim/apparmor.vim.in'
> --- utils/vim/apparmor.vim.in 2011-04-05 21:56:14 +0000
> +++ utils/vim/apparmor.vim.in 2011-08-18 22:08:18 +0000
> @@ -176,9 +176,10 @@
> syn match sdEntryWriteExec /@@FILE@@(l|r|w|a|m|k|[iuUpPcC]x)+@@TRANSITION@@@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
>
> " ux(mr) - unconstrained entry, flag the line red
> -syn match sdEntryUX /@@FILE@@(r|m|k|ux)+@@TRANSITION@@@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
> -" Ux(mr) - like ux + clean environment
> -syn match sdEntryUXe /@@FILE@@(r|m|k|Ux)+@@TRANSITION@@@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
> +" also includes pux which is unconstrained if no profile exists
> +syn match sdEntryUX /@@FILE@@(r|m|k|ux|pux)+@@TRANSITION@@@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
> +" Ux(mr) and PUx(mr) - like ux + clean environment
> +syn match sdEntryUXe /@@FILE@@(r|m|k|Ux|PUx)+@@TRANSITION@@@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
> " px/cx/pix/cix(mrk) - standard exec entry, flag the line blue
> syn match sdEntryPX /@@FILE@@(r|m|k|px|cx|pix|cix)+@@TRANSITION@@@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
> " Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment
>
>
Acked-by: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list