[apparmor] [PATCH 3/8] add optional allow prefix to the language
Tyler Hicks
tyhicks at canonical.com
Thu Sep 12 21:37:15 UTC 2013
On 2013-09-11 01:47:42, Tyler Hicks wrote:
> From: John Johansen <john.johansen at canonical.com>
>
> let allow be used as a prefix in place of deny. Allow is the default
> and is implicit so it is not needed but some user keep tripping over
> it, and it makes the language more symmetric
>
> eg.
> /foo rw,
> allow /foo rw,
> deny /foo rw,
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Tyler Hicks <tyhicks at canonical.com>
There should be dbus tests for this in simple_tests/dbus/, but there's
currently only generated dbus tests. I'll need to add a set of
"simple_tests" and I'll include some allow tests in there.
Tyler
> ---
> parser/parser_misc.c | 1 +
> parser/parser_yacc.y | 2 +
> parser/tst/simple_tests/capability/ok_allow1.sd | 156 ++++++++++++++++++++
> parser/tst/simple_tests/capability/ok_allow2.sd | 160 +++++++++++++++++++++
> parser/tst/simple_tests/capability/ok_allow3.sd | 9 ++
> parser/tst/simple_tests/file/allow/ok_1.sd | 7 +
> parser/tst/simple_tests/file/allow/ok_3.sd | 9 ++
> parser/tst/simple_tests/file/allow/ok_append_1.sd | 13 ++
> parser/tst/simple_tests/file/allow/ok_carat_1.sd | 7 +
> parser/tst/simple_tests/file/allow/ok_carat_2.sd | 7 +
> parser/tst/simple_tests/file/allow/ok_comma_1.sd | 7 +
> parser/tst/simple_tests/file/allow/ok_comma_2.sd | 7 +
> .../file/allow/ok_embedded_spaces_1.sd | 6 +
> .../file/allow/ok_embedded_spaces_2.sd | 6 +
> .../file/allow/ok_embedded_spaces_3.sd | 6 +
> .../simple_tests/file/allow/ok_inv_char_class.sd | 7 +
> parser/tst/simple_tests/file/allow/ok_lock_1.sd | 17 +++
> parser/tst/simple_tests/file/allow/ok_mmap_1.sd | 12 ++
> parser/tst/simple_tests/file/allow/ok_mmap_2.sd | 14 ++
> 19 files changed, 453 insertions(+)
> create mode 100644 parser/tst/simple_tests/capability/ok_allow1.sd
> create mode 100644 parser/tst/simple_tests/capability/ok_allow2.sd
> create mode 100644 parser/tst/simple_tests/capability/ok_allow3.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_1.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_3.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_append_1.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_carat_1.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_carat_2.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_comma_1.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_comma_2.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_embedded_spaces_1.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_embedded_spaces_2.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_embedded_spaces_3.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_inv_char_class.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_lock_1.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_mmap_1.sd
> create mode 100644 parser/tst/simple_tests/file/allow/ok_mmap_2.sd
>
> diff --git a/parser/parser_misc.c b/parser/parser_misc.c
> index d864737..24dd53d 100644
> --- a/parser/parser_misc.c
> +++ b/parser/parser_misc.c
> @@ -74,6 +74,7 @@ static struct keyword_table keyword_table[] = {
> {"subset", TOK_SUBSET},
> {"audit", TOK_AUDIT},
> {"deny", TOK_DENY},
> + {"allow", TOK_ALLOW},
> {"set", TOK_SET},
> {"rlimit", TOK_RLIMIT},
> {"alias", TOK_ALIAS},
> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
> index d259f50..7b7556c 100644
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -111,6 +111,7 @@ void add_local_entry(struct codomain *cod);
> %token TOK_SUBSET
> %token TOK_AUDIT
> %token TOK_DENY
> +%token TOK_ALLOW
> %token TOK_PROFILE
> %token TOK_SET
> %token TOK_ALIAS
> @@ -519,6 +520,7 @@ opt_owner_flag: { /* nothing */ $$ = 0; }
> | TOK_OTHER { $$ = 2; };
>
> opt_deny: { /* nothing */ $$ = 0; }
> + | TOK_ALLOW { $$ = 0; }
> | TOK_DENY { $$ = 1; }
>
> opt_prefix: opt_audit_flag opt_deny opt_owner_flag
> diff --git a/parser/tst/simple_tests/capability/ok_allow1.sd b/parser/tst/simple_tests/capability/ok_allow1.sd
> new file mode 100644
> index 0000000..57eeb3e
> --- /dev/null
> +++ b/parser/tst/simple_tests/capability/ok_allow1.sd
> @@ -0,0 +1,156 @@
> +#
> +#=DESCRIPTION validate some uses of capabilties.
> +#=EXRESULT PASS
> +# vim:syntax=subdomain
> +# Last Modified: Sun Apr 17 19:44:44 2005
> +#
> +/does/not/exist {
> + allow capability chown,
> + allow capability dac_override,
> + allow capability dac_read_search,
> + allow capability fowner,
> + allow capability fsetid,
> + allow capability kill,
> + allow capability setgid,
> + allow capability setuid,
> + allow capability setpcap,
> + allow capability linux_immutable,
> + allow capability net_bind_service,
> + allow capability net_broadcast,
> + allow capability net_admin,
> + allow capability net_raw,
> + allow capability ipc_lock,
> + allow capability ipc_owner,
> + allow capability sys_module,
> + allow capability sys_rawio,
> + allow capability sys_chroot,
> + allow capability sys_ptrace,
> + allow capability sys_pacct,
> + allow capability sys_admin,
> + allow capability sys_boot,
> + allow capability sys_nice,
> + allow capability sys_resource,
> + allow capability sys_time,
> + allow capability sys_tty_config,
> + allow capability mknod,
> + allow capability lease,
> + allow capability audit_write,
> + allow capability audit_control,
> + allow capability setfcap,
> + allow capability mac_override,
> +}
> +
> +/does/not/exist2 {
> + ^chown {
> + allow capability chown,
> + }
> + ^dac_override {
> + allow capability dac_override,
> + }
> + ^dac_read_search {
> + allow capability dac_read_search,
> + }
> + ^fowner {
> + allow capability fowner,
> + }
> + ^fsetid {
> + allow capability fsetid,
> + }
> + ^kill {
> + allow capability kill,
> + }
> + ^setgid {
> + allow capability setgid,
> + }
> + ^setuid {
> + allow capability setuid,
> + }
> + ^setpcap {
> + allow capability setpcap,
> + }
> + ^linux_immutable {
> + allow capability linux_immutable,
> + }
> + ^net_bind_service {
> + allow capability net_bind_service,
> + }
> + ^net_broadcast {
> + allow capability net_broadcast,
> + }
> + ^net_admin {
> + allow capability net_admin,
> + }
> + ^net_raw {
> + allow capability net_raw,
> + }
> + ^ipc_lock {
> + allow capability ipc_lock,
> + }
> + ^ipc_owner {
> + allow capability ipc_owner,
> + }
> + ^sys_module {
> + allow capability sys_module,
> + }
> + ^sys_rawio {
> + allow capability sys_rawio,
> + }
> + ^sys_chroot {
> + allow capability sys_chroot,
> + }
> + ^sys_ptrace {
> + allow capability sys_ptrace,
> + }
> + ^sys_pacct {
> + allow capability sys_pacct,
> + }
> + ^sys_admin {
> + allow capability sys_admin,
> + }
> + ^sys_boot {
> + allow capability sys_boot,
> + }
> + ^sys_nice {
> + allow capability sys_nice,
> + }
> + ^sys_resource {
> + allow capability sys_resource,
> + }
> + ^sys_time {
> + allow capability sys_time,
> + }
> + ^sys_tty_config {
> + allow capability sys_tty_config,
> + }
> + ^mknod {
> + allow capability mknod,
> + }
> + ^lease {
> + allow capability lease,
> + }
> + ^audit_write {
> + allow capability audit_write,
> + }
> + ^audit_control {
> + allow capability audit_control,
> + }
> +}
> +
> +# Test for duplicates?
> +/does/not/exist3 {
> + allow capability mknod,
> + allow capability mknod,
> +}
> +
> +/does/not/exit101 {
> + allow capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,
> +
> +}
> +
> +/does/not/exit102 {
> + allow capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,
> +
> + allow capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,
> +
> +}
> +
> diff --git a/parser/tst/simple_tests/capability/ok_allow2.sd b/parser/tst/simple_tests/capability/ok_allow2.sd
> new file mode 100644
> index 0000000..e3ad26e
> --- /dev/null
> +++ b/parser/tst/simple_tests/capability/ok_allow2.sd
> @@ -0,0 +1,160 @@
> +#
> +#=DESCRIPTION validate some uses of capabilties.
> +#=EXRESULT PASS
> +# vim:syntax=subdomain
> +# Last Modified: Sun Apr 17 19:44:44 2005
> +#
> +/does/not/exist {
> + audit allow capability chown,
> + audit allow capability dac_override,
> + audit allow capability dac_read_search,
> + audit allow capability fowner,
> + audit allow capability fsetid,
> + audit allow capability kill,
> + audit allow capability setgid,
> + audit allow capability setuid,
> + audit allow capability setpcap,
> + audit allow capability linux_immutable,
> + audit allow capability net_bind_service,
> + audit allow capability net_broadcast,
> + audit allow capability net_admin,
> + audit allow capability net_raw,
> + audit allow capability ipc_lock,
> + audit allow capability ipc_owner,
> + audit allow capability sys_module,
> + audit allow capability sys_rawio,
> + audit allow capability sys_chroot,
> + audit allow capability sys_ptrace,
> + audit allow capability sys_pacct,
> + audit allow capability sys_admin,
> + audit allow capability sys_boot,
> + audit allow capability sys_nice,
> + audit allow capability sys_resource,
> + audit allow capability sys_time,
> + audit allow capability sys_tty_config,
> + audit allow capability mknod,
> + audit allow capability lease,
> + audit allow capability audit_write,
> + audit allow capability audit_control,
> + audit allow capability setfcap,
> + audit allow capability mac_override,
> +}
> +
> +/does/not/exist2 {
> + ^chown {
> + deny capability chown,
> + }
> + ^dac_override {
> + deny capability dac_override,
> + }
> + ^dac_read_search {
> + deny capability dac_read_search,
> + }
> + ^fowner {
> + deny capability fowner,
> + }
> + ^fsetid {
> + deny capability fsetid,
> + }
> + ^kill {
> + deny capability kill,
> + }
> + ^setgid {
> + deny capability setgid,
> + }
> + ^setuid {
> + deny capability setuid,
> + }
> + ^setpcap {
> + deny capability setpcap,
> + }
> + ^linux_immutable {
> + deny capability linux_immutable,
> + }
> + ^net_bind_service {
> + deny capability net_bind_service,
> + }
> + ^net_broadcast {
> + deny capability net_broadcast,
> + }
> + ^net_admin {
> + deny capability net_admin,
> + }
> + ^net_raw {
> + deny capability net_raw,
> + }
> + ^ipc_lock {
> + deny capability ipc_lock,
> + }
> + ^ipc_owner {
> + deny capability ipc_owner,
> + }
> + ^sys_module {
> + deny capability sys_module,
> + }
> + ^sys_rawio {
> + deny capability sys_rawio,
> + }
> + ^sys_chroot {
> + deny capability sys_chroot,
> + }
> + ^sys_ptrace {
> + deny capability sys_ptrace,
> + }
> + ^sys_pacct {
> + deny capability sys_pacct,
> + }
> + ^sys_admin {
> + deny capability sys_admin,
> + }
> + ^sys_boot {
> + deny capability sys_boot,
> + }
> + ^sys_nice {
> + deny capability sys_nice,
> + }
> + ^sys_resource {
> + deny capability sys_resource,
> + }
> + ^sys_time {
> + deny capability sys_time,
> + }
> + ^sys_tty_config {
> + deny capability sys_tty_config,
> + }
> + ^mknod {
> + deny capability mknod,
> + }
> + ^lease {
> + deny capability lease,
> + }
> + ^audit_write {
> + deny capability audit_write,
> + }
> + ^audit_control {
> + deny capability audit_control,
> + }
> +}
> +
> +# Test for duplicates?
> +/does/not/exist3 {
> + capability mknod,
> + audit allow capability mknod,
> + deny capability mknod,
> + audit allow capability mknod,
> + deny capability mknod,
> + allow capability mknod,
> +}
> +
> +/does/not/exit101 {
> + allow capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,
> +
> +}
> +
> +/does/not/exit102 {
> + audit deny capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,
> +
> + deny capability chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control,
> +
> +}
> +
> diff --git a/parser/tst/simple_tests/capability/ok_allow3.sd b/parser/tst/simple_tests/capability/ok_allow3.sd
> new file mode 100644
> index 0000000..6dc21a3
> --- /dev/null
> +++ b/parser/tst/simple_tests/capability/ok_allow3.sd
> @@ -0,0 +1,9 @@
> +#
> +#=DESCRIPTION validate some uses of capabilties.
> +#=EXRESULT PASS
> +# vim:syntax=subdomain
> +# Last Modified: Sun Apr 17 19:44:44 2005
> +#
> +/does/not/exist {
> + allow capability,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_1.sd b/parser/tst/simple_tests/file/allow/ok_1.sd
> new file mode 100644
> index 0000000..2d20f86
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic file rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /usr/bin/foo r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_3.sd b/parser/tst/simple_tests/file/allow/ok_3.sd
> new file mode 100644
> index 0000000..0c7da93
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_3.sd
> @@ -0,0 +1,9 @@
> +#
> +#=DESCRIPTION A simple successful profile
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /usr/bin/foo r,
> + allow /usr/bin/blah rix,
> +}
> +
> diff --git a/parser/tst/simple_tests/file/allow/ok_append_1.sd b/parser/tst/simple_tests/file/allow/ok_append_1.sd
> new file mode 100644
> index 0000000..01792f3
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_append_1.sd
> @@ -0,0 +1,13 @@
> +#
> +#=DESCRIPTION test append
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /bin/cat a,
> + allow /bin/true ra,
> + allow /bin/false ma,
> + allow /lib/libc.so la,
> + allow /bin/less ixa,
> + allow /bin/more pxa,
> + allow /a uxa,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_carat_1.sd b/parser/tst/simple_tests/file/allow/ok_carat_1.sd
> new file mode 100644
> index 0000000..6199607
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_carat_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION carat in pathname
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /foo^bar r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_carat_2.sd b/parser/tst/simple_tests/file/allow/ok_carat_2.sd
> new file mode 100644
> index 0000000..7521a8e
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_carat_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION trailing carat in pathname
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /foo/bar^ r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_comma_1.sd b/parser/tst/simple_tests/file/allow/ok_comma_1.sd
> new file mode 100644
> index 0000000..1b12577
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_comma_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION comma in pathname
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /foo,bar r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_comma_2.sd b/parser/tst/simple_tests/file/allow/ok_comma_2.sd
> new file mode 100644
> index 0000000..4979da8
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_comma_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION comma at end of pathname
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow "/foobar," r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_embedded_spaces_1.sd b/parser/tst/simple_tests/file/allow/ok_embedded_spaces_1.sd
> new file mode 100644
> index 0000000..52b373f
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_embedded_spaces_1.sd
> @@ -0,0 +1,6 @@
> +#=DESCRIPTION Simple test case for embedded spaces
> +#=EXRESULT PASS
> +
> +/bin/foo {
> + allow "/abc\ def" r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_embedded_spaces_2.sd b/parser/tst/simple_tests/file/allow/ok_embedded_spaces_2.sd
> new file mode 100644
> index 0000000..f22ea3a
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_embedded_spaces_2.sd
> @@ -0,0 +1,6 @@
> +#=DESCRIPTION Simple test case for embedded spaces
> +#=EXRESULT PASS
> +
> +/bin/foo {
> + allow "/abc def" r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_embedded_spaces_3.sd b/parser/tst/simple_tests/file/allow/ok_embedded_spaces_3.sd
> new file mode 100644
> index 0000000..7c72166
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_embedded_spaces_3.sd
> @@ -0,0 +1,6 @@
> +#=DESCRIPTION Simple test case for embedded spaces
> +#=EXRESULT PASS
> +
> +"/bin/fo o" {
> + allow "/abc def" r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_inv_char_class.sd b/parser/tst/simple_tests/file/allow/ok_inv_char_class.sd
> new file mode 100644
> index 0000000..c35e528
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_inv_char_class.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION carat in pathname
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /foo[^me]bar r,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_lock_1.sd b/parser/tst/simple_tests/file/allow/ok_lock_1.sd
> new file mode 100644
> index 0000000..e67e635
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_lock_1.sd
> @@ -0,0 +1,17 @@
> +#
> +#=DESCRIPTION k and other perms do not conflict
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /bin/a k,
> + allow /bin/b rk,
> + allow /bin/c wk,
> + allow /bin/d ak,
> + allow /bin/e lk,
> + allow /bin/e mk,
> + allow /bin/f pxk,
> + allow /bin/g Pxk,
> + allow /bin/h ixk,
> + allow /bin/i uxk,
> + allow /bin/j Uxk,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_mmap_1.sd b/parser/tst/simple_tests/file/allow/ok_mmap_1.sd
> new file mode 100644
> index 0000000..4d62d54
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_mmap_1.sd
> @@ -0,0 +1,12 @@
> +#
> +#=DESCRIPTION m and [uUpPi]x do not conflict
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /bin/cat mix,
> + allow /bin/true mpx,
> + allow /bin/false mux,
> + allow /lib/libc.so rwlm,
> + allow /bin/less mUx,
> + allow /bin/more mPx,
> +}
> diff --git a/parser/tst/simple_tests/file/allow/ok_mmap_2.sd b/parser/tst/simple_tests/file/allow/ok_mmap_2.sd
> new file mode 100644
> index 0000000..487be5a
> --- /dev/null
> +++ b/parser/tst/simple_tests/file/allow/ok_mmap_2.sd
> @@ -0,0 +1,14 @@
> +#
> +#=DESCRIPTION m and [upi]x do not conflict, seperate rules
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + allow /bin/cat rm,
> + allow /bin/cat ix,
> + allow /bin/true px,
> + allow /bin/true m,
> + allow /bin/false m,
> + allow /bin/false ux,
> + allow /lib/libc.so rwl,
> + allow /lib/libc.so m,
> +}
> --
> 1.8.3.2
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130912/4ead8414/attachment.pgp>
More information about the AppArmor
mailing list