lp://staging/~intrigeri/apparmor/audio-OpenAL
- Get this branch:
- bzr branch lp://staging/~intrigeri/apparmor/audio-OpenAL
Branch merges
- Steve Beattie: Approve
-
Diff: 12 lines (+2/-0)1 file modifiedprofiles/apparmor.d/abstractions/audio (+2/-0)
Recent revisions
- 3706. By intrigeri
-
abstractions/audio: allow read-only access to OpenAL's "head-related transfer function" data sets.
These files are used by OpenAL for better spatialization of sounds
when headphones are detected.Bug and patch by Simon McVittie <email address hidden>:
https://bugs.debian. org/874665 - 3705. By John Johansen
-
Document the use of the features_X and requires() functions
Signed-off-by: John Johansen <email address hidden>
Acked-by: Tyler Hicks <email address hidden> - 3704. By John Johansen
-
regression_test: Clarify message about skipping pivot root transitions
Signed-off-by: John Johansen <email address hidden>
Acked-by: Christian Boltz <email address hidden> - 3703. By John Johansen
-
regression tests: fix long path failure when path_max can not be written
Not all kernels support writing the path_max kernel parameter after
boot. Detect if it can be written and run the long_path tests only
if it can be.Signed-off-by: Seth Forshee <email address hidden>
Signed-off-by: John Johansen <email address hidden> - 3702. By John Johansen
-
regression test: update query label tests to reflect, fixed xpass cases
newer versions of apparmor that support multi-transaction have this xpass
case fixedSigned-off-by: John Johansen <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3701. By John Johansen
-
regression test: conditionaly run pivot_root domain, transitions
Update the tests to test whether the kernel and parser support domain
transitions on pivot_root.Signed-off-by: John Johansen <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3700. By John Johansen
-
with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix ruleshowever this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.Signed-off-by: John Johansen <email address hidden>
Acked-by: timeout - 3699. By Christian Boltz
-
Add network 'smc' keyword in NetworkRule and apparmor.d manpage
'smc' seems to be new in kernel 4.12.
Note that the 2.10 apparmor.d manpage also misses the 'kcm' keyword, so
the patch also adds it there.Acked-by: Seth Arnold <email address hidden> for trunk, 2.11 and 2.10.
- 3698. By Jamie Strandboge
-
Update parser/
policy_ cache.c to consistently use defines in
valid_cached_file_version( ) Signed-Off-By: Jamie Strandboge <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3697. By Christian Boltz
-
Samba profile updates for ActiveDirectory / Kerberos
The Samba package used by the INVIS server (based on openSUSE) needs
some additional Samba permissions for the added ActiveDirectory /
Kerberos support.As discussed with Seth, add /var/lib/
sss/mc/ initgroups read permissions
to abstractions/nameservice instead of only to the smbd profile because
it's probably needed by more than just Samba if someone uses sss.Acked-by: Seth Arnold <email address hidden> for 2.9, 2.10, 2.11 and trunk.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/apparmor/2.12