Commit graph

304 commits

Author SHA1 Message Date
Alexandre Pujol
ad81c39e31
feat(aa): remove now unsused rule.Sort method. 2024-05-05 14:10:14 +01:00
Alexandre Pujol
305d06dbe0
feat(aa): rewrite variable handling. 2024-05-05 14:09:00 +01:00
Alexandre Pujol
28f4294774
feat(aa): move the all rule to its own file. 2024-05-05 13:57:15 +01:00
Alexandre Pujol
1e79d27232
feat(aa): rename identation variables. 2024-05-04 23:54:39 +01:00
Alexandre Pujol
5943e9a24d
test(aa): cleanup unit tests. 2024-05-04 23:45:36 +01:00
Alexandre Pujol
f763d31a07
feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-04 23:41:47 +01:00
Alexandre Pujol
a5c4eab0cf
feat(aa): make preamble rule classic aa rules. 2024-05-04 23:25:55 +01:00
Alexandre Pujol
b636b4b3e9
feat(aa-log): improve the journalctl filter. 2024-05-03 13:01:10 +01:00
Alexandre Pujol
9c0f4dd6a7
fix(aa-log): grep journal logs over apparmor instead of AVC for wider compatibility. 2024-05-03 12:34:08 +01:00
Alexandre Pujol
511ba6c6a9
feat(aa-log): filter journactl log 2024-05-01 18:25:11 +01:00
Alexandre Pujol
af4ee0df00
fix(ci): build tests. 2024-04-28 17:50:07 +01:00
Alexandre Pujol
aa94ce1740
build: ensure KDE Neon is in the supported dist list.
See #312
2024-04-28 17:17:29 +01:00
Alexandre Pujol
c7fb47e97a
build: remove directive text not applied on build. 2024-04-28 14:22:00 +01:00
Alexandre Pujol
d1fb9574cb
feat(aa-log): speed up log generation. 2024-04-28 12:06:40 +01:00
Alexandre Pujol
926e146dad
chore: use internal paths lib. 2024-04-28 00:36:16 +01:00
Alexandre Pujol
f66789d381
chore: include build dep go-paths-helper.
See #305
2024-04-28 00:30:59 +01:00
Alexandre Pujol
0cd0262bed
chore: update go mod deps. 2024-04-28 00:04:42 +01:00
Alexandre Pujol
068373405f
feat(aa): add some missing rule template. 2024-04-25 14:01:04 +01:00
Alexandre Pujol
8a8808194b
refractor(aa): move base rule & qualifier to their own file. 2024-04-24 13:31:22 +01:00
Alexandre Pujol
8bb6f07950
feat(prebuilt): update aa usage to the last changes. 2024-04-23 21:43:22 +01:00
Alexandre Pujol
de73c9b706
test(aa): improve some internal unit test.
Thanks to the last changes...
2024-04-23 21:38:52 +01:00
Alexandre Pujol
a0b5362589
refractor(aa): update test structure. 2024-04-23 21:35:23 +01:00
Alexandre Pujol
2923df2a73
refractor(aa): move profile specific method to the profile struct. 2024-04-23 21:32:58 +01:00
Alexandre Pujol
120db93396
feat(aa): refractor apparmor templates to the last changes. 2024-04-23 21:27:35 +01:00
Alexandre Pujol
5483668574
feat(aa): add a string method to all rule struct. 2024-04-23 21:26:09 +01:00
Alexandre Pujol
e9fa0660f8
feat(aa): add define parameter for variables. 2024-04-23 21:18:44 +01:00
Alexandre Pujol
c719a0a109
feat(aa): ensure accesses are slice of string. 2024-04-23 21:17:25 +01:00
Alexandre Pujol
a2910122d2
fix: do not use the wrong profile. 2024-04-23 19:18:42 +01:00
Alexandre Pujol
c97886d960
feat(aa): continue refractoring the aa structure. 2024-04-19 22:43:02 +01:00
Alexandre Pujol
8ef858ad35
feat(aa): refractor template to allow multiple templates. 2024-04-17 18:02:41 +01:00
Alexandre Pujol
890275fb22
feat(aa): rename the main profile struct. 2024-04-16 21:51:56 +01:00
Alexandre Pujol
4b753210e7
feat(aa): modify the apparmor struct to support multiple profiles and subprofile. 2024-04-15 14:09:04 +01:00
Alexandre Pujol
507002c660
feat(aa): rename the main file template. 2024-04-15 13:32:20 +01:00
Alexandre Pujol
ab4feda5ba
feat(aa): improve apparmor struct. 2024-04-14 23:58:34 +01:00
Alexandre Pujol
ea1736083a
chore: use slices from standard library. 2024-04-12 20:07:05 +01:00
Alexandre Pujol
8b68132f0e
fix(build): add a simple check to ensure all resolved variables are defined. 2024-04-11 00:15:08 +01:00
Alexandre Pujol
129db925ad
build(whonix): handle internal whonix conflict. 2024-04-05 23:44:43 +01:00
Alexandre Pujol
2b26dac3b9
fix(build): add local variable definition.
Note: will be really fixed later.
2024-04-05 23:34:44 +01:00
Alexandre Pujol
6810fe679e
chore: minor cosmetic. 2024-04-03 21:06:28 +01:00
Alexandre Pujol
cad0b936e5
build: make debian hide file edditable. 2024-04-03 21:05:24 +01:00
Alexandre Pujol
4490db45c9
feat(aa-log): improve log cleaning. 2024-04-02 17:50:33 +01:00
Alexandre Pujol
1915fa5175
feat(build): simplify some internal tooling. 2024-04-02 17:48:03 +01:00
Alexandre Pujol
6dd0c36e9a
feat: prefix variables that refer to a profile 2024-04-02 13:41:08 +01:00
Alexandre Pujol
334c930969
fix(profile): temporary allow environment in profile transition.
Turn out this is the actual source of issues #80 #235:
- Some programs do not start well with scrub the environment
- Not related to dbus (but dbus was affected)
- May concern a lot of profiles

As a temporary solution, we convert all Px in px while we find out a proper solution.
2024-03-30 18:17:55 +00:00
Alexandre Pujol
43ab1d064d
chore: cosmetic. 2024-03-27 21:38:18 +00:00
Alexandre Pujol
b9cfd787c8
fix(ci): minor fixes. 2024-03-27 17:17:15 +00:00
Alexandre Pujol
cf7ce9603e
fix(build): ensure tests work. 2024-03-27 16:26:01 +00:00
Alexandre Pujol
30859c8170
build: add some missing internal tests. 2024-03-26 18:08:20 +00:00
Alexandre Pujol
0f1f9ce49b
build: use new internal structure. 2024-03-26 18:07:48 +00:00
Alexandre Pujol
c8512bc2c6
test(build): better variable naming scheme. 2024-03-26 18:06:47 +00:00
Alexandre Pujol
f8d970faf0
build: new structure for internal config files. 2024-03-26 18:05:55 +00:00
Alexandre Pujol
e67a66ff94
refractor(build): remove old builder/prepare. 2024-03-25 23:38:07 +00:00
Alexandre Pujol
69f2f46c46
refractor(build): update prebuild logic to the new interface structure. 2024-03-25 23:37:13 +00:00
Alexandre Pujol
2dea78a59c
refractor(build): move prepare tasks to the prepare sub package. 2024-03-25 23:34:14 +00:00
Alexandre Pujol
16f00ebfc7
refractor(build): move builder tasks to the builder sub package. Add tests. 2024-03-25 23:16:00 +00:00
Alexandre Pujol
08d4110c2a
build: update directives with the new interface. 2024-03-25 22:40:25 +00:00
Alexandre Pujol
38e9e5f08e
build: define new build directories. 2024-03-25 22:38:01 +00:00
Alexandre Pujol
62099d325d
build: define new unified build interfaces. 2024-03-25 22:37:30 +00:00
Alexandre Pujol
b6aed5cd8d
refractor(build): move os check as an internal build pkg. 2024-03-25 22:36:31 +00:00
Alexandre Pujol
ac935ce81c
refractor: move internal build function to util. 2024-03-25 21:45:18 +00:00
Alexandre Pujol
5d40cc1166
fix(aa-log): handle owner rule even if thhe log is not complete. 2024-03-25 20:32:13 +00:00
Alexandre Pujol
88fcdd8c8e
build(directive): support both liust & map. 2024-03-23 17:41:10 +00:00
Alexandre Pujol
f81ceb9185
feat(aa-log): speed up log generation. 2024-03-23 13:41:19 +00:00
Alexandre Pujol
d5470b8404
build: exex directive: sort & cleanup generated rules. 2024-03-22 20:56:04 +00:00
Alexandre Pujol
73fe7a7475
build: exex directive: add support for transition. 2024-03-22 19:47:45 +00:00
Alexandre Pujol
492c5a37dd
refractor: move integration code to the test directory. 2024-03-22 14:08:44 +00:00
Alexandre Pujol
0d16d4fdab
build: remove old directive code. 2024-03-21 23:23:44 +00:00
Alexandre Pujol
79a3bb1ea8
fix(build): for compatibility, use slices from exp. 2024-03-21 23:19:33 +00:00
Alexandre Pujol
22fb2298d5
fix(build): for compatibility, use slices from exp. 2024-03-21 22:20:19 +00:00
Alexandre Pujol
e2ac675165
fix(build): ensure directive can be loaded. 2024-03-21 22:13:00 +00:00
Alexandre Pujol
99e386705f
feat(build): rewrite the dbus directive fot the new format. 2024-03-21 22:09:16 +00:00
Alexandre Pujol
b32ee4a5a9
feat(build): add the exec directive. 2024-03-21 22:07:41 +00:00
Alexandre Pujol
8e5f83df34
feat(build): rewrite the stack directive witht the new structure. 2024-03-21 21:09:46 +00:00
Alexandre Pujol
83691bbb1f
feat(build): add new filter directives. 2024-03-21 20:51:42 +00:00
Alexandre Pujol
2ca62215bc
build: prepare new structure for directives. 2024-03-21 20:36:41 +00:00
Alexandre Pujol
e1d1d0be3d
refractor(build): move os logic to its own module. 2024-03-21 18:58:32 +00:00
Alexandre Pujol
662dd1c6dc
chore: move internal util function. 2024-03-21 18:54:52 +00:00
Alexandre Pujol
bf613f59a5
feat(profile): replace @{md5} by @{hex32}. 2024-03-19 21:26:12 +00:00
Alexandre Pujol
c9b87efebe
chore: cosmetic. 2024-03-16 19:27:45 +00:00
Alexandre Pujol
a66ff700a2
build: split systemd drop file in function of their purpose.
default: ensure a service use a given profile
early: ensure a service start after apparmor.
2024-03-15 16:17:19 +00:00
Alexandre Pujol
b0d52d68f4
build: refractor internal tools. 2024-03-10 19:07:55 +00:00
Alexandre Pujol
df21886965
fix(fsp): fix conflicting x modifiers in abstractions 2024-03-10 18:57:05 +00:00
Alexandre Pujol
e3545cc3bb
feat(aa-log): improve the regex helper type. 2024-03-10 15:53:25 +00:00
Alexandre Pujol
70b043cdae
build: improve build tests 2024-03-10 14:48:05 +00:00
Alexandre Pujol
be373dfb80
fix(build): rename boolean. 2024-03-10 14:47:13 +00:00
Alexandre Pujol
78a96eecd2
build: add a new "stack" directive. 2024-03-10 14:46:34 +00:00
Alexandre Pujol
f5aacbd029
build(debian): use hide instead of displace to overwrite upstream profiles. 2024-03-10 14:43:43 +00:00
Alexandre Pujol
b342df689a
build: improve error handling. 2024-03-10 14:24:59 +00:00
Alexandre Pujol
d40985099c
refractor: remove dependency on pkg/errors. 2024-03-07 17:25:13 +00:00
Alexandre Pujol
86898ec673
feat(aa-log): update order of impression. 2024-02-29 23:37:50 +00:00
Alexandre Pujol
65386321c2
feat(aa-log): update shell paths. 2024-02-29 23:14:01 +00:00
Alexandre Pujol
19b27a26c0
feat(aa-log): do not filter out addresses from the log. 2024-02-29 23:13:15 +00:00
Alexandre Pujol
3d4dd5c91a
feat(aa-log): correctly handle remount rule from mount log. 2024-02-29 23:12:19 +00:00
Alexandre Pujol
717496e7df
fix: cleanup go code. 2024-02-29 00:38:29 +00:00
Alexandre Pujol
e616b9b3fc
feat(aa-log): ensure unix rule are not confused with network unix rule.
Both are technically the same, we simply prioritize `unix` to `network unix`.
2024-02-29 00:20:37 +00:00
Alexandre Pujol
e3daaf3d4c
feat(aa-log): ensure rule access is always present. 2024-02-29 00:19:26 +00:00
Alexandre Pujol
45a6e0bf21
fix(build): ensure the displace file get cleaned when not needed. 2024-02-29 00:03:39 +00:00
Alexandre Pujol
58f130fbb2
tests(aa-log): add missing tests for osrelease. 2024-02-28 23:27:57 +00:00
Alexandre Pujol
ae9f7e7442
build: add initial build support for ubuntu 24.04 2024-02-28 17:35:14 +00:00
Alexandre Pujol
fbf154b860
fix(build): ensure the build system has support for empty profile. 2024-02-24 17:02:43 +00:00
Alexandre Pujol
1bc63becaf
feat(aa-log): an empty profile now return empty string. 2024-02-24 17:01:03 +00:00
Alexandre Pujol
48b39fa816
test(aa-log): add more tests about the mount rules. 2024-02-24 17:00:07 +00:00
Alexandre Pujol
d6dc89b4f3
feat(aa-log): parse mount conditions from logs. 2024-02-24 16:58:38 +00:00
Alexandre Pujol
e02bf03cca
feat(tunable): add new system_user variable. 2024-02-14 23:58:18 +00:00
Alexandre Pujol
e28e452ba4
build(dbus): improve generated dbus rules. 2024-02-14 23:22:01 +00:00
Alexandre Pujol
2cd14aa6bb
chore: add missing and update copyright year. 2024-02-07 00:16:21 +01:00
Alexandre Pujol
46641e6cc6
chore: update links to the documentation website. 2024-01-30 15:45:03 +00:00
Alexandre Pujol
c8f37afe9a
feat(aa-log): improve profile rendering. 2024-01-21 11:58:44 +00:00
Alexandre Pujol
7cf7adc197
fix(aa-log): ensure aa-log -s return valid result.
Fix #268
2023-12-29 18:28:14 +01:00
Alexandre Pujol
4091fca3f0
fix(build): cleanup go import. 2023-12-15 22:37:37 +00:00
Alexandre Pujol
66a4a17924
build: add inital support for dbus directive. 2023-12-15 22:11:25 +00:00
Alexandre Pujol
6fa2c8ec3a
build: improve build output. 2023-12-15 19:14:32 +00:00
Alexandre Pujol
1ead127675
feat(aa-log): add indentation option to the logging function. 2023-12-13 17:39:21 +00:00
Alexandre Pujol
5cf5b74f4b
fix(build): ensure full system policy build works. 2023-12-10 14:30:47 +00:00
Alexandre Pujol
735e3529fb
feat(aa-log): add support for mqueue. 2023-12-05 20:47:32 +00:00
Alexandre Pujol
07a6f35b4e
chore(aa-log): minor template improvement. 2023-11-29 22:08:37 +00:00
Alexandre Pujol
66efedfb01
fix(aa-log): fix go linter. 2023-11-28 15:31:43 +00:00
Alexandre Pujol
d4bc07895a
feat(aa-log): add support change_profile & pivot_rule 2023-11-27 19:21:43 +00:00
Alexandre Pujol
4b61abf7ce
build: simplify full system policy generation. 2023-11-26 21:19:16 +00:00
Alexandre Pujol
0d124065b9
build: enforce the use on the default profile on full mode. 2023-11-22 20:52:25 +00:00
Alexandre Pujol
9ab0745e2d
feat(full): add default fallback profile.
See #252
2023-11-22 20:12:20 +00:00
Alexandre Pujol
7909bb1948
fix(build): tunable path. 2023-11-19 23:21:50 +00:00
Alexandre Pujol
9e04743156
build: do not use rsync to synchronise file anymore. 2023-11-19 14:47:55 +00:00
Alexandre Pujol
96ea9d17ae
feat(full): disable nnp flag on some services. 2023-11-19 14:32:57 +00:00
Alexandre Pujol
f564347580
refractor: move default systemd drop in files. 2023-11-19 14:20:14 +00:00
Alexandre Pujol
88555a12d0
feat(profiles): add initial userns rule.
Require apparmor 4 to be enabled.
2023-11-19 11:19:24 +00:00
Alexandre Pujol
6dc990ac02
feat(full): set systemd profile name on build time. 2023-11-19 11:14:31 +00:00
Alexandre Pujol
3197f52a97
feat(aa-log): improve log to rule conversion. 2023-11-19 10:59:46 +00:00
Alexandre Pujol
3b42cc0ca7
build: update full system policy setup. 2023-11-11 20:25:27 +00:00
Alexandre Pujol
46d25ed922
feat(aa-log): improve error formating on rules. 2023-10-20 23:11:11 +01:00
Alexandre Pujol
11ca694af7
feat(aa-log): more log cleanup. 2023-10-10 23:47:31 +01:00
Alexandre Pujol
a4033f7950
fix(test): aa-log unit tests. 2023-10-01 19:12:27 +01:00
Alexandre Pujol
5b74cb665f
feat(aa-log): add dummy rule struct. 2023-10-01 19:06:27 +01:00
Alexandre Pujol
68be85b5c2
test(aa-log): add some unit tests. 2023-10-01 19:05:44 +01:00
Alexandre Pujol
4798b2d04a
chore(aa-log): cleanup test data. 2023-10-01 19:04:43 +01:00
Alexandre Pujol
fd46022d5b
test(aa-log): test aa-log against real profile. 2023-10-01 19:03:12 +01:00
Alexandre Pujol
b99bb8da46
feat(aa-log): format rule before print. 2023-10-01 19:00:39 +01:00
Alexandre Pujol
4d0ccebb21
test(integration): update aa-test. 2023-09-30 23:21:26 +01:00
Alexandre Pujol
2cc7627879
test(integration): update the test suite. 2023-09-30 18:15:55 +01:00
Alexandre Pujol
0068c1b9a3
test(aa-log): add some missing unit tests. 2023-09-30 15:36:01 +01:00
Alexandre Pujol
cd80a7d919
refractor(aa-log): merge identical function together. 2023-09-30 15:34:30 +01:00
Alexandre Pujol
95c322d62a
test: add more profile sorting test. 2023-09-30 13:55:56 +01:00
Alexandre Pujol
c0bc903101
feat(aa): use profile guideline to sort file rules. 2023-09-30 13:54:04 +01:00
Alexandre Pujol
4dfc1388e3
feat(aa): add support for audit log. 2023-09-30 13:28:41 +01:00
Alexandre Pujol
e93c1bf4d8
feat(aa): support multiple comments. 2023-09-30 13:22:46 +01:00
Alexandre Pujol
1da0073120
refractor: rename comment template. 2023-09-30 13:22:04 +01:00
Alexandre Pujol
26d05f1869
feat(aa): sort local include at the end of a profile. 2023-09-29 21:24:15 +01:00
Alexandre Pujol
c249005958
fix(aa): import missing lib & improve template indentation. 2023-09-29 20:37:15 +01:00
Alexandre Pujol
09a06db803
feat(aa): add sub templates. 2023-09-29 20:28:56 +01:00
Alexandre Pujol
cb441733c0
feat(aa): ensure the template does not append useless space. 2023-09-29 20:17:38 +01:00