Hello, on Donnerstag, 15. September 2011, Peter Czanik wrote:
On 09/15/2011 09:25 AM, Peter Czanik wrote:
On 09/14/2011 11:46 PM, Christian Boltz wrote:
AppArmor 2.7 (beta1) is in Factory since some hours.
Short version: please test it and report any problems you notice.
The first problem I noticed, that it does not seem to be in the default selection any more.
Unfortunately yes - there was a discussion about this about a month ago. I won't object if you can convince Coolo to re-add AppArmor to the default installation.
I did not enable capabilities support in the syslog-ng package, as it was enforced by AppArmor anyway. But I have to reconsider it, if AppArmor is not installed by default...
Even with AppArmor installed, making your package more secure is always a good idea. Or you just add a Requires: apparmor-profiles apparmor-utils ;-)
I have never seen the "/sys/devices/system/cpu/online" message before.
Reading this file doesn't look harmful at least.
The "/var/run/syslog-ng/additional-socets.conf" is something
This one had a slightly broken rule starting with - "/{var,/}" instead of "/{var/,}". I just commited both upstream. The fix will be in 2.7 beta2, which will be released in the next days. If you want to test the fixed profile now, you can download it from http://bazaar.launchpad.net/~apparmor- dev/apparmor/master/view/head:/profiles/apparmor.d/sbin.syslog-ng
I added to /etc/apparmor.d/sbin.syslog-ng long time ago, when introduced syslog-ng 3.X to openSUSE. It's SuSE specific, and adds additional log sockets from chroot-s to syslog-ng.conf
Did you see my talk about "the golden rules of bad programming" at the conference? You are following rule 6: Never submit your patches upstream. Keeping the patches in your package is fun: - you look like a professional if you can handle 50 patches in a package - you save upstream some work on reviewing and integrating the patches - you always have some fun when updating the package and your patches to the next version - you make the openSUSE package something exclusive that nobody else has ;-)) Seriously: Is there a special reason to keep the additional-sockets.conf patch specific to openSUSE? Otherwise please submit it upstream. Regards, Christian Boltz -- Insgesamt denke ich, dass es einfacher ist, sich eine Pistole anzuschaffen und sich in den Fuß zu schiessen. Das Ergebnis ist das gleiche, aber wenigstens belästigst du nicht andere dabei. (^-^) [Sandy Drobic in postfixbuch-users über a-s-k.sourceforge.net] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org