apparmor.d

mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-12-27 15:36:51 +01:00

Author	SHA1	Message	Date
Alexandre Pujol	f8d970faf0	build: new structure for internal config files.	2024-03-26 18:05:55 +00:00
Alexandre Pujol	e67a66ff94	refractor(build): remove old builder/prepare.	2024-03-25 23:38:07 +00:00
Alexandre Pujol	69f2f46c46	refractor(build): update prebuild logic to the new interface structure.	2024-03-25 23:37:13 +00:00
Alexandre Pujol	2dea78a59c	refractor(build): move prepare tasks to the prepare sub package.	2024-03-25 23:34:14 +00:00
Alexandre Pujol	16f00ebfc7	refractor(build): move builder tasks to the builder sub package. Add tests.	2024-03-25 23:16:00 +00:00
Alexandre Pujol	08d4110c2a	build: update directives with the new interface.	2024-03-25 22:40:25 +00:00
Alexandre Pujol	38e9e5f08e	build: define new build directories.	2024-03-25 22:38:01 +00:00
Alexandre Pujol	62099d325d	build: define new unified build interfaces.	2024-03-25 22:37:30 +00:00
Alexandre Pujol	b6aed5cd8d	refractor(build): move os check as an internal build pkg.	2024-03-25 22:36:31 +00:00
Alexandre Pujol	ac935ce81c	refractor: move internal build function to util.	2024-03-25 21:45:18 +00:00
Alexandre Pujol	5d40cc1166	fix(aa-log): handle owner rule even if thhe log is not complete.	2024-03-25 20:32:13 +00:00
Alexandre Pujol	88fcdd8c8e	build(directive): support both liust & map.	2024-03-23 17:41:10 +00:00
Alexandre Pujol	f81ceb9185	feat(aa-log): speed up log generation.	2024-03-23 13:41:19 +00:00
Alexandre Pujol	d5470b8404	build: exex directive: sort & cleanup generated rules.	2024-03-22 20:56:04 +00:00
Alexandre Pujol	73fe7a7475	build: exex directive: add support for transition.	2024-03-22 19:47:45 +00:00
Alexandre Pujol	492c5a37dd	refractor: move integration code to the test directory.	2024-03-22 14:08:44 +00:00
Alexandre Pujol	0d16d4fdab	build: remove old directive code.	2024-03-21 23:23:44 +00:00
Alexandre Pujol	79a3bb1ea8	fix(build): for compatibility, use slices from exp.	2024-03-21 23:19:33 +00:00
Alexandre Pujol	22fb2298d5	fix(build): for compatibility, use slices from exp.	2024-03-21 22:20:19 +00:00
Alexandre Pujol	e2ac675165	fix(build): ensure directive can be loaded.	2024-03-21 22:13:00 +00:00
Alexandre Pujol	99e386705f	feat(build): rewrite the dbus directive fot the new format.	2024-03-21 22:09:16 +00:00
Alexandre Pujol	b32ee4a5a9	feat(build): add the exec directive.	2024-03-21 22:07:41 +00:00
Alexandre Pujol	8e5f83df34	feat(build): rewrite the stack directive witht the new structure.	2024-03-21 21:09:46 +00:00
Alexandre Pujol	83691bbb1f	feat(build): add new filter directives.	2024-03-21 20:51:42 +00:00
Alexandre Pujol	2ca62215bc	build: prepare new structure for directives.	2024-03-21 20:36:41 +00:00
Alexandre Pujol	e1d1d0be3d	refractor(build): move os logic to its own module.	2024-03-21 18:58:32 +00:00
Alexandre Pujol	662dd1c6dc	chore: move internal util function.	2024-03-21 18:54:52 +00:00
Alexandre Pujol	bf613f59a5	feat(profile): replace @{md5} by @{hex32}.	2024-03-19 21:26:12 +00:00
Alexandre Pujol	c9b87efebe	chore: cosmetic.	2024-03-16 19:27:45 +00:00
Alexandre Pujol	a66ff700a2	build: split systemd drop file in function of their purpose. default: ensure a service use a given profile early: ensure a service start after apparmor.	2024-03-15 16:17:19 +00:00
Alexandre Pujol	b0d52d68f4	build: refractor internal tools.	2024-03-10 19:07:55 +00:00
Alexandre Pujol	df21886965	fix(fsp): fix conflicting x modifiers in abstractions	2024-03-10 18:57:05 +00:00
Alexandre Pujol	e3545cc3bb	feat(aa-log): improve the regex helper type.	2024-03-10 15:53:25 +00:00
Alexandre Pujol	70b043cdae	build: improve build tests	2024-03-10 14:48:05 +00:00
Alexandre Pujol	be373dfb80	fix(build): rename boolean.	2024-03-10 14:47:13 +00:00
Alexandre Pujol	78a96eecd2	build: add a new "stack" directive.	2024-03-10 14:46:34 +00:00
Alexandre Pujol	f5aacbd029	build(debian): use hide instead of displace to overwrite upstream profiles.	2024-03-10 14:43:43 +00:00
Alexandre Pujol	b342df689a	build: improve error handling.	2024-03-10 14:24:59 +00:00
Alexandre Pujol	d40985099c	refractor: remove dependency on pkg/errors.	2024-03-07 17:25:13 +00:00
Alexandre Pujol	86898ec673	feat(aa-log): update order of impression.	2024-02-29 23:37:50 +00:00
Alexandre Pujol	65386321c2	feat(aa-log): update shell paths.	2024-02-29 23:14:01 +00:00
Alexandre Pujol	19b27a26c0	feat(aa-log): do not filter out addresses from the log.	2024-02-29 23:13:15 +00:00
Alexandre Pujol	3d4dd5c91a	feat(aa-log): correctly handle remount rule from mount log.	2024-02-29 23:12:19 +00:00
Alexandre Pujol	717496e7df	fix: cleanup go code.	2024-02-29 00:38:29 +00:00
Alexandre Pujol	e616b9b3fc	feat(aa-log): ensure unix rule are not confused with network unix rule. Both are technically the same, we simply prioritize `unix` to `network unix`.	2024-02-29 00:20:37 +00:00
Alexandre Pujol	e3daaf3d4c	feat(aa-log): ensure rule access is always present.	2024-02-29 00:19:26 +00:00
Alexandre Pujol	45a6e0bf21	fix(build): ensure the displace file get cleaned when not needed.	2024-02-29 00:03:39 +00:00
Alexandre Pujol	58f130fbb2	tests(aa-log): add missing tests for osrelease.	2024-02-28 23:27:57 +00:00
Alexandre Pujol	ae9f7e7442	build: add initial build support for ubuntu 24.04	2024-02-28 17:35:14 +00:00
Alexandre Pujol	fbf154b860	fix(build): ensure the build system has support for empty profile.	2024-02-24 17:02:43 +00:00
Alexandre Pujol	1bc63becaf	feat(aa-log): an empty profile now return empty string.	2024-02-24 17:01:03 +00:00
Alexandre Pujol	48b39fa816	test(aa-log): add more tests about the mount rules.	2024-02-24 17:00:07 +00:00
Alexandre Pujol	d6dc89b4f3	feat(aa-log): parse mount conditions from logs.	2024-02-24 16:58:38 +00:00
Alexandre Pujol	e02bf03cca	feat(tunable): add new system_user variable.	2024-02-14 23:58:18 +00:00
Alexandre Pujol	e28e452ba4	build(dbus): improve generated dbus rules.	2024-02-14 23:22:01 +00:00
Alexandre Pujol	2cd14aa6bb	chore: add missing and update copyright year.	2024-02-07 00:16:21 +01:00
Alexandre Pujol	46641e6cc6	chore: update links to the documentation website.	2024-01-30 15:45:03 +00:00
Alexandre Pujol	c8f37afe9a	feat(aa-log): improve profile rendering.	2024-01-21 11:58:44 +00:00
Alexandre Pujol	7cf7adc197	fix(aa-log): ensure aa-log -s return valid result. Fix #268	2023-12-29 18:28:14 +01:00
Alexandre Pujol	4091fca3f0	fix(build): cleanup go import.	2023-12-15 22:37:37 +00:00
Alexandre Pujol	66a4a17924	build: add inital support for dbus directive.	2023-12-15 22:11:25 +00:00
Alexandre Pujol	6fa2c8ec3a	build: improve build output.	2023-12-15 19:14:32 +00:00
Alexandre Pujol	1ead127675	feat(aa-log): add indentation option to the logging function.	2023-12-13 17:39:21 +00:00
Alexandre Pujol	5cf5b74f4b	fix(build): ensure full system policy build works.	2023-12-10 14:30:47 +00:00
Alexandre Pujol	735e3529fb	feat(aa-log): add support for mqueue.	2023-12-05 20:47:32 +00:00
Alexandre Pujol	07a6f35b4e	chore(aa-log): minor template improvement.	2023-11-29 22:08:37 +00:00
Alexandre Pujol	66efedfb01	fix(aa-log): fix go linter.	2023-11-28 15:31:43 +00:00
Alexandre Pujol	d4bc07895a	feat(aa-log): add support change_profile & pivot_rule	2023-11-27 19:21:43 +00:00
Alexandre Pujol	4b61abf7ce	build: simplify full system policy generation.	2023-11-26 21:19:16 +00:00
Alexandre Pujol	0d124065b9	build: enforce the use on the default profile on full mode.	2023-11-22 20:52:25 +00:00
Alexandre Pujol	9ab0745e2d	feat(full): add default fallback profile. See #252	2023-11-22 20:12:20 +00:00
Alexandre Pujol	7909bb1948	fix(build): tunable path.	2023-11-19 23:21:50 +00:00
Alexandre Pujol	9e04743156	build: do not use rsync to synchronise file anymore.	2023-11-19 14:47:55 +00:00
Alexandre Pujol	96ea9d17ae	feat(full): disable nnp flag on some services.	2023-11-19 14:32:57 +00:00
Alexandre Pujol	f564347580	refractor: move default systemd drop in files.	2023-11-19 14:20:14 +00:00
Alexandre Pujol	88555a12d0	feat(profiles): add initial userns rule. Require apparmor 4 to be enabled.	2023-11-19 11:19:24 +00:00
Alexandre Pujol	6dc990ac02	feat(full): set systemd profile name on build time.	2023-11-19 11:14:31 +00:00
Alexandre Pujol	3197f52a97	feat(aa-log): improve log to rule conversion.	2023-11-19 10:59:46 +00:00
Alexandre Pujol	3b42cc0ca7	build: update full system policy setup.	2023-11-11 20:25:27 +00:00
Alexandre Pujol	46d25ed922	feat(aa-log): improve error formating on rules.	2023-10-20 23:11:11 +01:00
Alexandre Pujol	11ca694af7	feat(aa-log): more log cleanup.	2023-10-10 23:47:31 +01:00
Alexandre Pujol	a4033f7950	fix(test): aa-log unit tests.	2023-10-01 19:12:27 +01:00
Alexandre Pujol	5b74cb665f	feat(aa-log): add dummy rule struct.	2023-10-01 19:06:27 +01:00
Alexandre Pujol	68be85b5c2	test(aa-log): add some unit tests.	2023-10-01 19:05:44 +01:00
Alexandre Pujol	4798b2d04a	chore(aa-log): cleanup test data.	2023-10-01 19:04:43 +01:00
Alexandre Pujol	fd46022d5b	test(aa-log): test aa-log against real profile.	2023-10-01 19:03:12 +01:00
Alexandre Pujol	b99bb8da46	feat(aa-log): format rule before print.	2023-10-01 19:00:39 +01:00
Alexandre Pujol	4d0ccebb21	test(integration): update aa-test.	2023-09-30 23:21:26 +01:00
Alexandre Pujol	2cc7627879	test(integration): update the test suite.	2023-09-30 18:15:55 +01:00
Alexandre Pujol	0068c1b9a3	test(aa-log): add some missing unit tests.	2023-09-30 15:36:01 +01:00
Alexandre Pujol	cd80a7d919	refractor(aa-log): merge identical function together.	2023-09-30 15:34:30 +01:00
Alexandre Pujol	95c322d62a	test: add more profile sorting test.	2023-09-30 13:55:56 +01:00
Alexandre Pujol	c0bc903101	feat(aa): use profile guideline to sort file rules.	2023-09-30 13:54:04 +01:00
Alexandre Pujol	4dfc1388e3	feat(aa): add support for audit log.	2023-09-30 13:28:41 +01:00
Alexandre Pujol	e93c1bf4d8	feat(aa): support multiple comments.	2023-09-30 13:22:46 +01:00
Alexandre Pujol	1da0073120	refractor: rename comment template.	2023-09-30 13:22:04 +01:00
Alexandre Pujol	26d05f1869	feat(aa): sort local include at the end of a profile.	2023-09-29 21:24:15 +01:00
Alexandre Pujol	c249005958	fix(aa): import missing lib & improve template indentation.	2023-09-29 20:37:15 +01:00
Alexandre Pujol	09a06db803	feat(aa): add sub templates.	2023-09-29 20:28:56 +01:00
Alexandre Pujol	cb441733c0	feat(aa): ensure the template does not append useless space.	2023-09-29 20:17:38 +01:00
Alexandre Pujol	eb98d2b49f	build: initial preparation for apparmor 4.	2023-09-29 20:12:00 +01:00
Alexandre Pujol	d810acd58f	chore: cleanup test data.	2023-09-29 20:10:38 +01:00
Alexandre Pujol	c7485326e8	feat(aa): improve rule creation from log.	2023-09-29 20:07:29 +01:00
Alexandre Pujol	13de4182c8	fix(aa-log): ensure unix logs generate unix rule. It may break some rule generation on old apparmor version (<3.1). But I don't have the time to support all apparmor version anyway... fix #225	2023-09-29 20:01:30 +01:00
Alexandre Pujol	5b180bfeb2	refractor: move profile template in its own directory.	2023-09-28 19:42:17 +01:00
Alexandre Pujol	6cbc076ba4	test(aa-log): add unit tests for profile printing.	2023-09-25 00:28:28 +01:00
Alexandre Pujol	a5b6373b02	test(aa-log): add unit tests for profile rules.	2023-09-25 00:22:41 +01:00
Alexandre Pujol	43981517b2	feat(aa-log): add profile sort & merge methods.	2023-09-25 00:17:41 +01:00
Alexandre Pujol	88f275ef43	feat(aa-log): rewrite the profile template.	2023-09-25 00:15:51 +01:00
Alexandre Pujol	422418e0e2	test(aa-log): add & update some variabe parsing test	2023-09-25 00:13:18 +01:00
Alexandre Pujol	73109bb09c	feat(aa-log): update addrule method to new structure.	2023-09-25 00:10:12 +01:00
Alexandre Pujol	e23e10d7b7	feat(aa-log): add less & equals rule methods.	2023-09-25 00:09:11 +01:00
Alexandre Pujol	923bb66eba	feat(aa-log): new structure for apparmor rules.	2023-09-25 00:06:07 +01:00
Alexandre Pujol	99d1a4e302	feat(aa-log): add --raw option.	2023-09-24 19:50:15 +01:00
Alexandre Pujol	edd0e6ff55	fix(build): fix unit test build.	2023-09-18 17:35:32 +01:00
Alexandre Pujol	dc2971da1b	fix(build): ensure int is resolved during prebuild. See: #222	2023-09-18 13:10:22 +01:00
Alexandre Pujol	e71fc00d8e	test: refractor integration tests.	2023-09-10 12:21:55 +01:00
Alexandre Pujol	cad27a3f78	build: add the ability to set enforce all profiles. Do not do that!!! It forces ALL profiles in enforce mode.	2023-09-05 19:44:36 +01:00
Alexandre Pujol	aea0034fcc	chore: various cosmetic changes.	2023-09-01 19:26:52 +01:00
Alexandre Pujol	256d4abde8	feat(aa-log): improve log cleaning.	2023-09-01 19:19:19 +01:00
Alexandre Pujol	393f7001dc	fix(aa-log): profile template. See #182	2023-08-26 11:32:56 +01:00
Alexandre Pujol	7273bde534	feat(aa-log): update default tunables according to guideline.	2023-08-22 23:09:34 +01:00
Alexandre Pujol	5516eef952	fix(aa-log): profile template.	2023-08-22 22:59:12 +01:00
Alexandre Pujol	f4ba16861f	feat(aa-log): minor apparmor profile struct tweak.	2023-08-22 22:58:35 +01:00
Alexandre Pujol	a3f21425e5	fix: remove unused go import.	2023-08-17 23:36:46 +01:00
Alexandre Pujol	d06a474b0c	feat(aa-log): parse log file to AA object to allow easy print.	2023-08-17 23:12:46 +01:00
Alexandre Pujol	574891d445	feat(aa-log): add AppArmorProfile.String using a template.	2023-08-17 23:11:11 +01:00
Alexandre Pujol	4f40cb6d78	feat(aa-log): add a new constructors for aa rules.	2023-08-17 23:05:07 +01:00
Alexandre Pujol	a8470dfa38	feat(aa-log): add a new apparmor profile struct Also rewrite variables resolution to this new struct.	2023-08-17 23:00:52 +01:00
Alexandre Pujol	e0f79b9c9a	feat(aa-log): resolve all main apparmor vars in log. This also deprecate the anonymize option	2023-08-17 19:12:02 +01:00
Alexandre Pujol	fe0238250a	fix: ubuntu build.	2023-07-25 23:06:14 +01:00
Alexandre Pujol	c36801700c	chore: fix go linter.	2023-07-25 22:07:38 +01:00
Alexandre Pujol	f2e755b77b	build: allow a larger set of distribution. See #180	2023-07-25 22:02:18 +01:00
Alexandre Pujol	6ea2df19eb	build: simplify profile struct.	2023-07-25 22:01:07 +01:00
Alexandre Pujol	c6a048c9ca	build: add FlagDir variable in prebuild code.	2023-07-23 20:36:48 +01:00
Alexandre Pujol	6325314825	feat(aa-log): minor structure improvments.	2023-07-23 17:00:52 +01:00
Alexandre Pujol	98c701f33d	feat(aa-log): show target in log, show access as owner too.	2023-07-20 23:45:14 +01:00
Alexandre Pujol	1eda41dbc6	build: fix tests.	2023-07-09 15:32:39 +01:00
Alexandre Pujol	1f75dc9956	build: update build for new bin & lib variables	2023-07-09 15:09:32 +01:00
Alexandre Pujol	dec5a29e19	fix: go linter	2023-06-18 12:07:45 +01:00
Alexandre Pujol	a1946aa171	feat: support for debian 12, drop support for debian 11.	2023-06-18 11:44:56 +01:00
Alexandre Pujol	b83569f393	chore: fix go linter	2023-05-06 13:29:55 +01:00
Alexandre Pujol	298360fff1	test(integration): initial version of integration tests manager	2023-05-06 13:23:16 +01:00
Alexandre Pujol	913ac3131c	feat(prebuild): make prebuild available as an external package. Usefull for downstream repo.	2023-05-06 13:01:07 +01:00
Alexandre Pujol	538da05696	feat(aa-log): add -a option to anonymize the logs.	2023-05-06 12:18:20 +01:00
Alexandre Pujol	26bd9350f2	chore(aa-log): make some resource internal only.	2023-05-01 22:21:30 +01:00
Alexandre Pujol	c53049293b	feat(aa-log): use os.ReadFile instead of ioutil.ReadFile	2023-04-25 23:23:09 +01:00
Alexandre Pujol	7a70252e26	build: improve attachments resolution.	2023-04-24 12:51:16 +01:00
Alexandre Pujol	d2c1aa72ff	fix(build): ensure attachment nesting return value even on non valid string.	2023-04-19 21:48:53 +01:00
Alexandre Pujol	fdbf58abfb	feat(aa-log): move useless global variables.	2023-04-19 19:03:47 +01:00
Alexandre Pujol	458db2601a	build(prebuild): add new prebuild command. Fix #146, #136	2023-04-19 17:40:40 +01:00
Alexandre Pujol	22b12fade0	fix: remove unused import, add missing InSlice.	2023-04-16 23:42:15 +01:00
Alexandre Pujol	400ecc52f5	refractor: add logs internal pkg module.	2023-04-16 23:31:05 +01:00
Alexandre Pujol	049b939349	refractor: add initial go internall pkg module.	2023-04-16 23:26:46 +01:00

... 2 3 4 5 6 ...

304 commits