Page MenuHomeSolus
Differential D1378

Enabled and tested AppArmor support.
ClosedPublic
Actions

Authored by As4fN1v on Nov 14 2017, 5:17 PM.
Tags
None
Referenced Files
F11020636: D1378.id5775.diff
Mon, Aug 7, 7:30 AM
F10996243: D1378.id6269.diff
Wed, Jul 26, 1:49 PM
F10991546: D1378.id3368.diff
Tue, Jul 25, 2:19 AM
F10991544: D1378.id.diff
Tue, Jul 25, 2:19 AM
F10990089: D1378.id5811.diff
Mon, Jul 24, 7:03 PM
F10990088: D1378.id5775.diff
Mon, Jul 24, 7:03 PM
F10990087: D1378.id5160.diff
Mon, Jul 24, 7:03 PM
F10989681: D1378.id5932.diff
Mon, Jul 24, 4:49 PM
View All 39 Files
Subscribers
DataDrake
kyrios123
mati865

Details

Reviewers
DataDrake
Group Reviewers
Triage Team
Commits
R756:7e7dc284fab2: Enabled and tested AppArmor support.
Summary

Signed-off by: Asaf Niv <asafniv511@gmail.com>

Test Plan

Tested if the AppArmor profile is actually enforced, which it is.

Diff Detail

Repository
R756 firejail
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

As4fN1v created this revision.Nov 14 2017, 5:17 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptNov 14 2017, 5:17 PM
As4fN1v edited the summary of this revision. (Show Details)Jan 12 2018, 6:50 PM
As4fN1v updated this revision to Diff 5159.Jan 31 2018, 5:00 PM
  • Fixed email in pspec
As4fN1v updated this revision to Diff 5160.Jan 31 2018, 5:08 PM

Somehow the previous patch went nuts.

DataDrake requested changes to this revision.Feb 24 2018, 9:50 PM
DataDrake added a subscriber: DataDrake.

See inline comments.

package.yml
10

This is unnecessary since it is linking against apparmor. See abi_used_libs.

12

This has a pkgconfig and you should be using it.

This revision now requires changes to proceed.Feb 24 2018, 9:50 PM
As4fN1v updated this revision to Diff 5775.Feb 27 2018, 8:05 AM

Fixed.

kyrios123 added a subscriber: kyrios123.Feb 27 2018, 9:21 AM

For info version 0.9.52 is the current version.

As4fN1v marked 2 inline comments as done.Feb 27 2018, 4:16 PM
In D1378#36543, @kyrios123 wrote:

For info version 0.9.52 is the current version.

Someone needs to make a new patch for it since I don't know C.

mati865 added a subscriber: mati865.EditedFeb 27 2018, 10:09 PM

0.9.52 builds and works fine with updated patch

0001-Support-a-stateless-configuration.patch6 KBDownload

Not related to this diff but there is minor flaw in this stateless approach: *.local files (ones the user modifies) should be in /etc/firejail instead of /usr/share/defaults/firejail.
They are included via hardcoded paths like:

# Persistent local customizations
include /usr/share/defaults/firejail/tar.local
# Persistent global definitions
include /usr/share/defaults/firejail/globals.local
As4fN1v updated this revision to Diff 5811.EditedMar 1 2018, 1:50 PM
DataDrake requested changes to this revision.Mar 3 2018, 3:11 PM

All of the file-modes should be 00644 not 00755.

files/0001-Support-a-stateless-configuration.patch
77

Can't we get the additional CFLAGS from the Environment variable?

This revision now requires changes to proceed.Mar 3 2018, 3:11 PM
mati865 added inline comments.Mar 3 2018, 3:32 PM
files/0001-Support-a-stateless-configuration.patch
77

CFLAGS += takes OS flags and adds own.

As4fN1v updated this revision to Diff 5932.Mar 7 2018, 12:56 PM

Fixed file modes

DataDrake requested changes to this revision.Mar 11 2018, 12:58 PM

I need a test plan for this in the description that documents how you tested this. Sorry, I should have noticed that earlier.

This revision now requires changes to proceed.Mar 11 2018, 12:58 PM
As4fN1v edited the test plan for this revision. (Show Details)Mar 11 2018, 9:01 PM
In D1378#38300, @DataDrake wrote:

I need a test plan for this in the description that documents how you tested this. Sorry, I should have noticed that earlier.

Fixed

As4fN1v requested review of this revision.Mar 12 2018, 1:40 PM
DataDrake accepted this revision.Mar 17 2018, 1:46 PM

LGTM. Thanks!

This revision is now accepted and ready to land.Mar 17 2018, 1:46 PM
Closed by commit R756:7e7dc284fab2: Enabled and tested AppArmor support. (authored by As4fN1v, committed by DataDrake). · Explain WhyMar 18 2018, 3:02 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 6269

View Options

abi_used_libs

Loading...
View Options

files/0001-Support-a-stateless-configuration.patch

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.