[apparmor] [PATCH 0/2] Add JSON ability for changes
Goldwyn Rodrigues
rgoldwyn at suse.de
Mon Oct 23 10:38:32 UTC 2017
This series adds JSON for communicating the temporary diff file
between the old and new profiles.
I had to move code from aa.py to ui.py so that we don't have
circular dependency in imports. Performed some cleanup there.
In order to write a profile, I had to use the following
patch for mount, pivot_root and unix on my 4.14.0-rc5 kernel.
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 86ec1859..47fd3aa1 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -2997,11 +2997,11 @@ def serialize_profile_from_old_profile(profile_data, name, options):
'capability': False,
'network': False,
'dbus': False,
- 'mount': True, # not handled otherwise yet
+ 'mount': False,
'signal': True, # not handled otherwise yet
'ptrace': True, # not handled otherwise yet
- 'pivot_root': True, # not handled otherwise yet
- 'unix': True, # not handled otherwise yet
+ 'pivot_root': False,
+ 'unix': False,
'link': False,
'file': False,
'change_profile': False,
More information about the AppArmor
mailing list