apparmor: add package #15643
Merged
apparmor: add package #15643
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Sorry. While refreshing tree to current, I managed to break my commits and was not able to undo the damage, so that's why another pr.... This is same as before, except this is v3.0.1 when old was 3.0.0 |
CodeFetch
suggested changes
Jun 1, 2021
|
I'll provide update after I have tested this against new python readline module. Still takes sometime to build. Should be all done by tomorrow evening.. (of local time in Finland) |
|
@CodeFetch and @PolynomialDivision Review changes please. |
CodeFetch
reviewed
Jun 2, 2021
oskarirauta
commented
Jun 3, 2021
|
looks good to me. @CodeFetch ? |
|
@oskarirauta Build fails with clean OpenWrt master with your patches... |
|
Here it is: |
python3-readline should be satisfied. It's here: and it's merged. |
|
@oskarirauta I've used your branch for building. It needs a rebase. |
It is already re-based. swig/host dependancy added. Try again. |
|
@oskarirauta Can you please rebase so that I do not need to fork and rebase first? |
|
@oskarirauta Github says |
You also need to use packages master branch.. python3-readline is in master.. |
|
@oskarirauta I know, but if I change it in feeds I'd get a conflict. Thus I'd need to make a fork of your branch and rebase it. It's easier when you rebase it. |
Sorry, I don't know how to successfully do that. Last time I tried, I ended up messing it so badly that I had re-create my PR from fresh- and now it's already 164 commits behind.. But nevermind my tree, just use the patch.. Or you can guide me to re-base my build branch successfully.. |
|
@CodeFetch you can also just do in |
|
I think you can just click fetch upstream in Github or https://gist.github.com/CristinaSolana/1885435... |
That's what I did last time and suddenly my PR contained all the changes since original checkout used when I created my branch, so that definitely is not it.. |
|
You typically do something lilke |
|
Let's take a look if I broke it.. |
|
@oskarirauta That looks good! Thanks! |
Now it looks even better, thanks to assist by @PolynomialDivision |
|
Just ping me then you finished testing. |
|
@PolynomialDivision, @CodeFetch Try now, should be fixed. Seems that for some reason, python3.9-config's location has changed. |
|
Great, builds now! |
|
Yes, I also started fresh and have a verified "fresh" build new. Confirmed. |
|
@PolynomialDivision patch refreshed. Tabs replaced back to spaces. |
Thanks. That makes the patch and ongoing development easier. Let me also compile it again and then I will merge. I think @CodeFetch also approved. |
|
Nope, does not compile for me. xD |
|
|
Argh! Your build host lacks pod2man, mine is archlinux, so it's included by default with development packages, so I missed this one.. Back to drawing table.. |
|
@PolynomialDivision - try now. I patched makefiles to skip docs. I also added another patch which patches profile for dnsmasq to work "out-of-the-box" in openwrt. Profile as default was suitable for Ubuntu and such... |
|
Usage testing in production environment works nicely. After patching that dnsmasq profile, everything that belongs to standard install (and even some more) works without issues or confinement that would block normal use. Ofcourse there are packages that require creation of profile, but this wouldn't be useful at all, if it would allow everything. Crucial security parts of system, including firewall for example, work in unconfined state which is of course desired way. Firewall wouldn't be very good intrusion stopper, if it would had been blocked.. |
Signed-off-by: Oskari Rauta <[email protected]>
Compiles! :) I will merge. Thanks for your contribution! :) |
|
@oskarirauta Maybe you now also update the wikipedia entry ;) |
@PolynomialDivision You mean by adding openwrt as apparmor supported os? We are not quite there yet. On the openwrt's core tree, there is another pr of mine, that needs to be merged as well, since this package only has support and management software which isn't really useful unless kernel has this enabled. PR is available here: openwrt/openwrt#4101 |
|
I have also thought about another project that more or less, links to AppArmor.. Idea similar to acme vs. uacme (where one listed last is of course my personal favourite solution). |
Could you maybe give me a quick howto? I compile openwrt with enabled flags and this packages and then? ;) I'm not used to apparmor. |
|
This package doesn't even install properly. How did this pass CI? |
I compiled an image with it? Sxtsq 5 AC ipq40xx. |
|
Me too... Works on x86-64. Maybe the problem is a specific target like MIPS? I think MIPS is not supported. |
|
Indeed... Strangely it is even missing in my rootfs if I remove the BUILDONLY flag, but it doesn't show me an error. Maybe my tree is in a dirty state. I think there is something missing for opkg to do a proper clean. Maybe this also affects CI?! Will try to start building from scratch. |
|
@neheb @oskarirauta I've tested it with a clean build. The BUILDONLY definitely needs to be removed, but I can't reproduce the error from neheb on x86-64 and I think there might be some packaging statement for clean missing. |
Fancy interface, is there a patch pending as well? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Oskari Rauta [email protected]
Maintainer: Oskari Rauta / @oskarirauta
Compile tested: x86_64, server, recent snapshot
Run tested: x86_64, server, recent snapshot, tested, works
Description:
AppArmor userland libraries and utilities.
Replaces #15481