[apparmor] [patch] [6/7] Add support for handling ptrace rules everywhere
Christian Boltz
apparmor at cboltz.de
Tue Dec 8 19:38:31 UTC 2015
Hello,
$subject ;-)
"Everywhere" means aa-mergeprof and aa-cleanprof. In theory also
aa-logprof, but that needs some code that parses ptrace log events ;-)
[ 33-enable-ptrace-everywhere.diff ]
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-12-03 22:04:36.782275414 +0100
+++ utils/apparmor/aa.py 2015-12-03 22:05:13.362019693 +0100
@@ -61,7 +61,7 @@
from apparmor.rule.signal import SignalRuleset, SignalRule
from apparmor.rule import parse_modifiers, quote_if_needed
-ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
+ruletypes = ['capability', 'change_profile', 'network', 'ptrace', 'rlimit', 'signal']
from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast
Regards,
Christian Boltz
--
No, you are wrong here. Typical user does not even know how to start
command line, and of course is not aware of "zypper" or how to
understand "zypper ps" output. Subscribers to -devel lists are in no
way typical users. [Andrey Borzenkov in opensuse-factory]
More information about the AppArmor
mailing list