[apparmor] [patch 0/8] Ubuntu apparmor package patches not yet in trunk

Wed Feb 12 20:16:47 UTC 2014

On 02/11/2014 05:53 PM, Seth Arnold wrote:
> Hello, these are some patches from Ubuntu's apparmor package that are not
> yet applied to upstream trunk. I have compile tested and 'make check'
> tested both the library and parser after each patch with successful
> results.
> 
Thanks for taking care of this! :)

> I had trouble getting the first one of these two to apply to trunk, I
> don't know how important it is to have in upstream apparmor anyway.
> Thoughts?
> 0030-easyprof-sdk.patch
> 0037-easyprof-sdk-pt2.patch

We want these. Others may not be using them, but there is no need to have them
as an Ubuntu delta.

0030-easyprof-sdk.patch didn't apply because some of python3 conversion that
happened in trunk hadn't happened at the time the patch was made. Specifically,
utils/aa-easyprof has two failed hunks. 0030-easyprof-sdk.patch has:
@@ -11,7 +11,6 @@

 import apparmor.easyprof
 from apparmor.easyprof import AppArmorException, error
-import optparse
 import os
 import sys


but that is already removed from trunk. Furthermore, the other hunk that failed is:
-        sys.exit(0)
-    elif binary == None:
-        error("Must specify full path to binary\n%s" % m)

vs

-        sys.exit(0)
-    elif binary is None:
-        error("Must specify full path to binary\n%s" % m)

(there was also a single whitespace difference). Attached is an updated
0030-easyprof-sdk_v2.patch. With this patch, 0037-easyprof-sdk-pt2.patch applies
and aa-easyprof and apparmor/easyprof.py match what we ship in Ubuntu today.

Acked-By: Jamie Strandboge <jamie at canonical.com>
(for the attached 0030-easyprof-sdk_v2.patch and 0037-easyprof-sdk-pt2.patch)

> These were labelled in the patch as being relatively specific to Debian
> and Ubuntu; the aa-status-is-bilingual to change the shebang line of
> Python scripts might be worth including upstream all the same.
> Thoughts?
> 0002-add-debian-integration-to-lighttpd.patch

I didn't submit this initially because I thought upstream's profile should be
stricter than what we have in Ubuntu (ie, not allow perl by default). I'm happy
for it to be in upstream, but I'm fine either way.

+-0

> 0003-ubuntu-manpage-updates.patch

Ubuntu's policy load is so different than other distros (and about to change)
that I don't think this should be upstream.

-1

> 0008-libapparmor-layout-deb.patch

Adds '--install-layout=deb' to setup.py when installing python. I don't think
that is distro agnostic.

-1

> 0021-webapps_abstraction.patch

+1 (this is in the Ubuntu namespace, so feel free to commit)

> 0070-etc-writable.patch

-1 (non-standard Ubuntu-specific path)

> 0076_sanitized_helper_dbus_access.patch

+1 (this is in the Ubuntu namespace, so feel free to commit)

> 0077_aa-status-is-bilingual.patch
> 
I'm ok with specifying python3 here, but I'm not sure if other distros have that
by default.

+-0

...

> Integrated but probably needs updating:
> 0081-python-abstraction-updates.patch
> 
> (The patch adds some lines for Python 3.3 that aren't generic enough for 
> Python 3.4:
> +  /usr/lib{,32,64}/python3.3/lib-dynload/*.so           mr,
> There's nothing wrong with the patch now, but it'll need to be updated 
> eventually.)
> 

I'll send an update momentarily.


-- 
Jamie Strandboge                 http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0030-easyprof-sdk_v2.patch
Type: text/x-patch
Size: 93388 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140212/dae8c763/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140212/dae8c763/attachment-0001.pgp>
