[apparmor] WTF changed in latest aa-enforce?!
Aaron Lewis
the.warl0ck.1989 at gmail.com
Wed Aug 13 07:32:52 UTC 2014
Hi Seth,
Thanks for reply.
So, is this invalid now?
/var/lib/nginx/fastcgi/{**,} mrw,
I need to grant permission both to /var/lib/nginx/fastcgi/ and
everything in it.
Does /var/lib/nginx/fastcgi/** imply them both?
On Wed, Aug 13, 2014 at 2:04 PM, Seth Arnold <seth.arnold at canonical.com> wrote:
> On Wed, Aug 13, 2014 at 12:51:18PM +0800, Aaron Lewis wrote:
>> I just upgraded to Ubuntu 14.04 and every profile I write is invalid now, WTF?
>> Did you guys complete rewritten all script with python? That's really FUNNY
>
> I'm sorry this failed you.
>
> Our Perl-based utilities were more fragile than the new Python
> replacements. Because they were in Perl, fixing even minor issues
> required significant time investments and new features were outright
> impossible. Perl programs of this size require someone to keep the
> whole thing in their head constantly, and none of us could do that.
>
> The Python versions of the utilities need work, there's no denying
> that, but because they are written in Python the barrier to entry is
> significantly lower for us and newcomers alike. (One of our goals is to
> change the Python tools to be more Pythonic and be less Perlic. Once
> they're more 'normal' we'll be able to find and fix bugs faster and add
> new features more reliably.)
>
> We ran our new tools through extensive testing before deciding to ship
> them with Ubuntu 14.04:
> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611
>
> We didn't have your profile in the tests, obviously. We can fix that.
>
> Thanks
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the AppArmor
mailing list