Debian 13 Trixie with apparmor 4.1.0 has this bug not fixed, and aa-genprof does not undrestand the output generated by journalctl -k -e -f.

IOW, aa-genprof is still unusable on contenporary Debian w/o writing some kind of parser which would convert the output of journalctl into a format understood by aa-genprof.

This is the first of many conversion patches for making rules use C++ strings instead of C strings. It contains one support patch for variable alteration expansion int variable::expand_by_alternation(std::string &name).

Signed-off-by: Zygmunt Krynicki [email protected]

Maxime Bélair (f742748f) at 16 Mar 14:23

... and 1 more commit

Fixes a small number of links that were referring to pages that have been moved.

Signed-off-by: Maxime Bélair [email protected]

Fixes a small number of links that were referring to pages that have been moved.

Signed-off-by: Maxime Bélair [email protected]

@rlee287 this needs a rebase

Yana Hontyk (86d8ad8f) at 16 Mar 13:35

Yana Hontyk (c586e1d7) at 16 Mar 13:35

I was considering the idea of having tailored paths that @emixam16 has created.

I am thinking of keeping the paths recommendations on a high level:

• tutorials for developers, sysadmins, etc are in the Getting started index file and provide recommendations and overview of what tutorials cover
• tutorials were renamed to better reflect what they actually try to teach about -- I tried to keep the naming consistent, previously, we hat "Confining an application" and "Creating a profile" which are functionally the same thing but it might be confusing for a beginner
• removed role-specific intros from the tutorials
• for now, I have removed the tiles in the Getting started index file, I think the frontend and even the site builder itself is subject to change so I suggest we keep it simple and add eyecandy as the last step

I think this approach is a little more user-friendly as we provide meaningful recommendation, we can mix and match the tutorials in different paths -- I am sure that sysadmins could benefit from know how to create profiles too, but we are not too opinionated about users' needs, interests or context of their work.

I have also updated Create a comprehensive profile manually draft with an example of a supported app instead of a deprecated one.

Yana Hontyk (cc0dd9a0) at 16 Mar 13:31

... and 1 more commit

Yana Hontyk (c586e1d7) at 16 Mar 13:30

Both types are unused

I'd like to do a pass over i18n infra and make it actually work. Right I would not touch i18n unless someone wants to do a proper wider cleanup.

I'll open a change with a smaller scope.

This does away with naked ints as both rule type (easy) and mediation class (more involved). The mediation class is defined in system-wide header as a number of defines. Use slightly different names for the enum to avoid clashes (AA_CLASS_ID_...).

Signed-off-by: Zygmunt Krynicki [email protected]