mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/changehat/mod_apparmor/mod_apparmor.c

362 lines
10 KiB
C
Raw Normal View History

as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
/*
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
* Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
*
* The mod_apparmor module is licensed under the terms of the GNU
* Lesser General Public License, version 2.1. Please see the file
* COPYING.LGPL.
*
* mod_apparmor - (apache 2.0.x)
* Author: Steve Beattie <sbeattie@suse.de>
*
* This currently only implements change_hat functionality, but could be
* extended for other stuff we decide to do.
*/
#include "ap_config.h"
#include "httpd.h"
#include "http_config.h"
#include "http_request.h"
#include "http_log.h"
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
#include "http_main.h"
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
#include "http_protocol.h"
#include "util_filter.h"
#include "apr.h"
#include "apr_strings.h"
#include "apr_lib.h"
mod_apparmor/pam_apparmor: fix libapparmor search path and add USE_SYSTEM support This patch adds support for the USE_SYSTEM make flag and adjusts search paths for mod_apparmor and pam_apparmor, as well as fixing up a couple of the (probably ought to be deprecated) tomcat locations where apparmor.h is included. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-01-09 11:57:13 -08:00
#include <sys/apparmor.h>
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
#include <unistd.h>
/* #define DEBUG */
#ifndef __unused
#define __unused __attribute__((unused))
#endif
/* should the following be configurable? */
#define DEFAULT_HAT "HANDLING_UNTRUSTED_INPUT"
#define DEFAULT_URI_HAT "DEFAULT_URI"
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
/* Compatibility with apache 2.2 */
#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER < 3
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
#define APLOG_TRACE1 APLOG_DEBUG
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
server_rec *ap_server_conf = NULL;
#endif
#ifdef APLOG_USE_MODULE
APLOG_USE_MODULE(apparmor);
#endif
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
module AP_MODULE_DECLARE_DATA apparmor_module;
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
static unsigned long magic_token = 0;
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
static int inside_default_hat = 0;
typedef struct {
const char * hat_name;
char * path;
} immunix_dir_cfg;
typedef struct {
const char * hat_name;
int is_initialized;
} immunix_srv_cfg;
/* immunix_init() gets invoked in the post_config stage of apache.
* Unfortunately, apache reads its config once when it starts up, then
* it re-reads it when goes into its restart loop, where it starts it's
* children. This means we cannot call change_hat here, as the modules
* memory will be wiped out, and the magic_token will be lost, so apache
* wouldn't be able to change_hat back out. */
static int
immunix_init (apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
{
apr_file_t * file;
apr_size_t size = sizeof (magic_token);
int ret;
ret = apr_file_open (&file, "/dev/urandom", APR_READ, APR_OS_DEFAULT, p);
if (!ret) {
apr_file_read (file, (void *) &magic_token, &size);
apr_file_close (file);
} else {
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "Failed to open /dev/urandom");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
}
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf, "Opened /dev/urandom successfully");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
return OK;
}
/* As each child starts up, we'll change_hat into a default hat, mostly
* to protect ourselves from bugs in parsing network input, but before
* we change_hat to the uri specific hat. */
static void
immunix_child_init (apr_pool_t *p, server_rec *s)
{
int ret;
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf, "init: calling change_hat");
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
ret = aa_change_hat(DEFAULT_HAT, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (ret < 0) {
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
aa_change_hat(NULL, magic_token);
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "Failed to change_hat to '%s'",
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
DEFAULT_HAT);
} else {
inside_default_hat = 1;
}
}
static void
Subject: mod_apparmor: convert debug_dump_uri to use trace loglevel This patch converts the debug_dump_uri() function to use the trace loglevels and enable it all the time, rather than just when DEBUG is defined at compile time. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:41:57 -08:00
debug_dump_uri(request_rec *r)
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
{
Subject: mod_apparmor: convert debug_dump_uri to use trace loglevel This patch converts the debug_dump_uri() function to use the trace loglevels and enable it all the time, rather than just when DEBUG is defined at compile time. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:41:57 -08:00
apr_uri_t *uri = &r->parsed_uri;
if (uri)
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Dumping uri info "
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
"scheme='%s' host='%s' path='%s' query='%s' fragment='%s'",
uri->scheme, uri->hostname, uri->path, uri->query,
uri->fragment);
else
Subject: mod_apparmor: convert debug_dump_uri to use trace loglevel This patch converts the debug_dump_uri() function to use the trace loglevels and enable it all the time, rather than just when DEBUG is defined at compile time. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:41:57 -08:00
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Asked to dump NULL uri");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
}
Subject: mod_apparmor: convert debug_dump_uri to use trace loglevel This patch converts the debug_dump_uri() function to use the trace loglevels and enable it all the time, rather than just when DEBUG is defined at compile time. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:41:57 -08:00
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
/*
immunix_enter_hat will attempt to change_hat in the following order:
(1) to a hatname in a location directive
(2) to the uri
(3) to a per-server default
(4) to DEFAULT_URI
(5) back to the parent profile
*/
static int
immunix_enter_hat (request_rec *r)
{
int sd_ret = -1;
immunix_dir_cfg * dcfg = (immunix_dir_cfg *)
ap_get_module_config (r->per_dir_config, &apparmor_module);
immunix_srv_cfg * scfg = (immunix_srv_cfg *)
ap_get_module_config (r->server->module_config, &apparmor_module);
Subject: mod_apparmor: convert debug_dump_uri to use trace loglevel This patch converts the debug_dump_uri() function to use the trace loglevels and enable it all the time, rather than just when DEBUG is defined at compile time. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:41:57 -08:00
debug_dump_uri(r);
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "in immunix_enter_hat (%s) n:0x%lx p:0x%lx main:0x%lx",
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
dcfg->path, (unsigned long) r->next, (unsigned long) r->prev,
(unsigned long) r->main);
/* We only call change_hat for the main request, not subrequests */
if (r->main)
return OK;
if (inside_default_hat) {
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
aa_change_hat(NULL, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
inside_default_hat = 0;
}
if (dcfg != NULL && dcfg->hat_name != NULL) {
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [dcfg] %s", dcfg->hat_name);
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
sd_ret = aa_change_hat(dcfg->hat_name, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (sd_ret < 0) {
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
aa_change_hat(NULL, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
} else {
return OK;
}
}
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [uri] %s", r->uri);
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
sd_ret = aa_change_hat(r->uri, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (sd_ret < 0) {
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
aa_change_hat(NULL, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
} else {
return OK;
}
if (scfg != NULL && scfg->hat_name != NULL) {
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [scfg] %s", scfg->hat_name);
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
sd_ret = aa_change_hat(scfg->hat_name, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (sd_ret < 0) {
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
aa_change_hat(NULL, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
} else {
return OK;
}
}
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat DEFAULT_URI");
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
sd_ret = aa_change_hat(DEFAULT_URI_HAT, magic_token);
if (sd_ret < 0) aa_change_hat(NULL, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
return OK;
}
static int
immunix_exit_hat (request_rec *r)
{
int sd_ret;
immunix_dir_cfg * dcfg = (immunix_dir_cfg *)
ap_get_module_config (r->per_dir_config, &apparmor_module);
/* immunix_srv_cfg * scfg = (immunix_srv_cfg *)
ap_get_module_config (r->server->module_config, &apparmor_module); */
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "exiting change_hat - dir hat %s path %s", dcfg->hat_name, dcfg->path);
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
aa_change_hat(NULL, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
sd_ret = aa_change_hat(DEFAULT_HAT, magic_token);
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (sd_ret < 0) {
mod_apparmor: convert change_hat to aa_change_hat() mod_apparmor never got converted to use the renamed aa_change_hat() call (there's a compatibility macro in sys/apparmor.h); this patch does that as well as converting the type of the magic_token to long from int. (This patch is somewhat mooted by a later patch in the series to convert to using aa_change_hatv(), but would be a safer candidate for e.g. the 2.8 branch.) Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:43:36 -08:00
aa_change_hat(NULL, magic_token);
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Failed to change_hat to '%s'",
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
DEFAULT_HAT);
} else {
inside_default_hat = 1;
}
return OK;
}
static const char *
aa_cmd_ch_path (cmd_parms * cmd, void * mconfig, const char * parm1)
{
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, "directory config change hat %s",
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
parm1 ? parm1 : "DEFAULT");
immunix_dir_cfg * dcfg = mconfig;
if (parm1 != NULL) {
dcfg->hat_name = parm1;
} else {
dcfg->hat_name = "DEFAULT";
}
return NULL;
}
static int path_warn_once;
static const char *
immunix_cmd_ch_path (cmd_parms * cmd, void * mconfig, const char * parm1)
{
if (path_warn_once == 0) {
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, "ImmHatName is "
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
"deprecated, please use AAHatName instead");
path_warn_once = 1;
}
return aa_cmd_ch_path(cmd, mconfig, parm1);
}
static const char *
aa_cmd_ch_srv (cmd_parms * cmd, void * mconfig, const char * parm1)
{
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, "server config change hat %s",
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
parm1 ? parm1 : "DEFAULT");
immunix_srv_cfg * scfg = mconfig;
if (parm1 != NULL) {
scfg->hat_name = parm1;
} else {
scfg->hat_name = "DEFAULT";
}
return NULL;
}
static int srv_warn_once;
static const char *
immunix_cmd_ch_srv (cmd_parms * cmd, void * mconfig, const char * parm1)
{
if (srv_warn_once == 0) {
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, "ImmDefaultHatName is "
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
"deprecated, please use AADefaultHatName instead");
srv_warn_once = 1;
}
return aa_cmd_ch_srv(cmd, mconfig, parm1);
}
static void *
immunix_create_dir_config (apr_pool_t * p, char * path)
{
immunix_dir_cfg * newcfg = (immunix_dir_cfg *) apr_pcalloc(p, sizeof(* newcfg));
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf, "in immunix_create_dir (%s)", path ? path : ":no path:");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (newcfg == NULL) {
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "immunix_create_dir: couldn't alloc dir config");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
return NULL;
}
newcfg->path = apr_pstrdup (p, path ? path : ":no path:");
return newcfg;
}
/* XXX: Should figure out an appropriate action to take here, if any
static void *
immunix_merge_dir_config (apr_pool_t * p, void * parent, void * child)
{
immunix_dir_cfg * newcfg = (immunix_dir_cfg *) apr_pcalloc(p, sizeof(* newcfg));
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf, "in immunix_merge_dir ()");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (newcfg == NULL)
return NULL;
return newcfg;
}
*/
static void *
immunix_create_srv_config (apr_pool_t * p, server_rec * srv)
{
immunix_srv_cfg * newcfg = (immunix_srv_cfg *) apr_pcalloc(p, sizeof(* newcfg));
mod_apparmor: use trace1 loglevel for developer-oriented debug messages Apache 2.4 added addition logging levels. This patch converts some of the log messages that are more intended for mod_apparmor development and debugging than for sysadmins configuring mod_apparmor to use trace1 (APLOG_TRACE1) level instead. Since apache 2.2. does not contain this level (or define), we define it back to APLOG_DEBUG. Patch history: v1: initial version v2: mark a couple of additional log messages as trace1 level Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:40:19 -08:00
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf, "in immunix_create_srv");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
if (newcfg == NULL) {
mod_apparmor: fix logging The apache2 mod_apparmor module was failing to log debugging messages when the apache loglevel was set to debug or lower (i.e. traceN). This patch fixes it by using ap_log_rerror() (for request specific messages, with the request passed for context) and ap_log_error() (more general messages outside of a request context). Also, the APLOG_USE_MODULE macro is called, to mark the log messages as belonging to the apparmor module, so that the apache 2.4 feature of enabling debug logging for just the apparmor module will work, with an apache configuration entry like: LogLevel apparmor:debug See http://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__LOG.html for specific about the ap_log_*error() and APLOG_USE_MODULE functions and macros, and http://httpd.apache.org/docs/2.4/mod/core.html.en#loglevel for the bits about module specific logging. Patch history: v1: initial version v2: - revert to using ap_log_error with (the 2.4 specific) ap_server_conf outside of a request specific context, as the pool specific ap_log_perror messages weren't being reported. - add compatibility workaround for apache 2.2 v3: keep commented out merge function's log call consistent with the others Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:38:31 -08:00
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "immunix_create_srv: couldn't alloc srv config");
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
return NULL;
}
return newcfg;
}
static const command_rec immunix_cmds[] = {
AP_INIT_TAKE1 (
"ImmHatName",
immunix_cmd_ch_path,
NULL,
ACCESS_CONF,
""
),
AP_INIT_TAKE1 (
"ImmDefaultHatName",
immunix_cmd_ch_srv,
NULL,
RSRC_CONF,
""
),
AP_INIT_TAKE1 (
"AAHatName",
aa_cmd_ch_path,
NULL,
ACCESS_CONF,
""
),
AP_INIT_TAKE1 (
"AADefaultHatName",
aa_cmd_ch_srv,
NULL,
RSRC_CONF,
""
),
{ NULL }
};
static void
register_hooks (apr_pool_t *p)
{
ap_hook_post_config (immunix_init, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init (immunix_child_init, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_access_checker(immunix_enter_hat, NULL, NULL, APR_HOOK_FIRST);
/* ap_hook_post_read_request(immunix_enter_hat, NULL, NULL, APR_HOOK_FIRST); */
ap_hook_log_transaction(immunix_exit_hat, NULL, NULL, APR_HOOK_LAST);
}
module AP_MODULE_DECLARE_DATA apparmor_module = {
STANDARD20_MODULE_STUFF,
immunix_create_dir_config, /* dir config creater */
NULL, /* dir merger --- default is to override */
/* immunix_merge_dir_config, */ /* dir merger --- default is to override */
immunix_create_srv_config, /* server config */
NULL, /* merge server config */
immunix_cmds, /* command table */
register_hooks /* register hooks */
};
Reference in a new issue Copy permalink