diff --git a/changehat/mod_apparmor/mod_apparmor.c b/changehat/mod_apparmor/mod_apparmor.c index 71b2f3c91..5fb7af009 100644 --- a/changehat/mod_apparmor/mod_apparmor.c +++ b/changehat/mod_apparmor/mod_apparmor.c @@ -412,7 +412,7 @@ register_hooks(unused_ apr_pool_t *p) module AP_MODULE_DECLARE_DATA apparmor_module = { STANDARD20_MODULE_STUFF, - aa_create_dir_config, /* dir config creater */ + aa_create_dir_config, /* dir config creator */ NULL, /* dir merger --- default is to override */ /* immunix_merge_dir_config, */ /* dir merger --- default is to override */ aa_create_srv_config, /* server config */ diff --git a/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor b/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor index d32ca697d..dabef00bf 100644 --- a/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor +++ b/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor @@ -66,8 +66,8 @@ under src/jni_src. cp dist/libJNIChangeHat.so /usr/lib [Note: you must ensure that the target directory is passed to tomcat via the - java.library.path propert. This can be accomplished by setting the JAVA_OPTS - enviroment variable, export JAVA_OPTS=-Djava.library.path, or set via the + java.library.path property. This can be accomplished by setting the JAVA_OPTS + environment variable, export JAVA_OPTS=-Djava.library.path, or set via the env variable LD_LIBRARY_PATH to include this directory so that tomcat can find this library at startup] @@ -108,13 +108,13 @@ under src/jni_src. Once the installation steps above have been started you are ready to begin creating a profile for your application. The profile creation tool genprof will guide you through generating a profile and its support for change_hat will -prompt you create discrete hats as requested byt the changeHatValve during +prompt you create discrete hats as requested by the changeHatValve during tomcat execution. 1. Create a basic profile for the tomcat server. - Run the command "genprof PATH_TO_CATALINA.SH" - - In a seperate window start tomcat and then stop tomcat + - In a separate window start tomcat and then stop tomcat - In the genprof window press "S" to scan for events - Answer the questions about the initial profile for tomcat @@ -124,7 +124,7 @@ tomcat execution. - Stop the tomcat server - Deploy your WAR file or equivalent files under the container. - execute "genprof PATH_TO_CATALINA.SH" - - In a seperate window start tomcat and then exercise your web application + - In a separate window start tomcat and then exercise your web application - In the genprof window press "S" to scan for events During the prompting you will be asked questions similar to: @@ -180,7 +180,7 @@ all subsequent resource requests will be mediated in this hew hat (or security context). If you choose to use the default hat: genprof will mediate all resource requests in the default hat for the duration of processing this request. -When the request processng is complete the valve will change_hat back to the +When the request processing is complete the valve will change_hat back to the parent context. diff --git a/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor b/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor index d32ca697d..dabef00bf 100644 --- a/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor +++ b/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor @@ -66,8 +66,8 @@ under src/jni_src. cp dist/libJNIChangeHat.so /usr/lib [Note: you must ensure that the target directory is passed to tomcat via the - java.library.path propert. This can be accomplished by setting the JAVA_OPTS - enviroment variable, export JAVA_OPTS=-Djava.library.path, or set via the + java.library.path property. This can be accomplished by setting the JAVA_OPTS + environment variable, export JAVA_OPTS=-Djava.library.path, or set via the env variable LD_LIBRARY_PATH to include this directory so that tomcat can find this library at startup] @@ -108,13 +108,13 @@ under src/jni_src. Once the installation steps above have been started you are ready to begin creating a profile for your application. The profile creation tool genprof will guide you through generating a profile and its support for change_hat will -prompt you create discrete hats as requested byt the changeHatValve during +prompt you create discrete hats as requested by the changeHatValve during tomcat execution. 1. Create a basic profile for the tomcat server. - Run the command "genprof PATH_TO_CATALINA.SH" - - In a seperate window start tomcat and then stop tomcat + - In a separate window start tomcat and then stop tomcat - In the genprof window press "S" to scan for events - Answer the questions about the initial profile for tomcat @@ -124,7 +124,7 @@ tomcat execution. - Stop the tomcat server - Deploy your WAR file or equivalent files under the container. - execute "genprof PATH_TO_CATALINA.SH" - - In a seperate window start tomcat and then exercise your web application + - In a separate window start tomcat and then exercise your web application - In the genprof window press "S" to scan for events During the prompting you will be asked questions similar to: @@ -180,7 +180,7 @@ all subsequent resource requests will be mediated in this hew hat (or security context). If you choose to use the default hat: genprof will mediate all resource requests in the default hat for the duration of processing this request. -When the request processng is complete the valve will change_hat back to the +When the request processing is complete the valve will change_hat back to the parent context. diff --git a/common/list_af_names.sh b/common/list_af_names.sh index d7987537a..a6f794ce3 100755 --- a/common/list_af_names.sh +++ b/common/list_af_names.sh @@ -6,7 +6,7 @@ # the source tree # ===================== -# It doesn't make sence for AppArmor to mediate PF_UNIX, filter it out. Search +# It doesn't make sense for AppArmor to mediate PF_UNIX, filter it out. Search # for "PF_" constants since that is what is required in bits/socket.h, but # rewrite as "AF_". diff --git a/libraries/libapparmor/doc/aa_policy_cache.pod b/libraries/libapparmor/doc/aa_policy_cache.pod index 592dcd2da..1c7de3692 100644 --- a/libraries/libapparmor/doc/aa_policy_cache.pod +++ b/libraries/libapparmor/doc/aa_policy_cache.pod @@ -125,7 +125,7 @@ layer. Binary policy cache files will be located in the directory returned by this function. The aa_policy_cache_dir_levels() function provides access to the number -of directories that are being overlayed to create the policy cache. +of directories that are being overlaid to create the policy cache. =head1 RETURN VALUE diff --git a/libraries/libapparmor/src/grammar.y b/libraries/libapparmor/src/grammar.y index 5ced2bcdc..5095b037f 100644 --- a/libraries/libapparmor/src/grammar.y +++ b/libraries/libapparmor/src/grammar.y @@ -373,7 +373,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING | TOK_KEY_CAPABILITY TOK_EQUALS TOK_DIGITS { /* need to reverse map number to string, need to figure out * how to get auto generation of reverse mapping table into - * autotools Makefile. For now just drop assumming capname is + * autotools Makefile. For now just drop assuming capname is * present which it should be with current kernels */ } | TOK_KEY_CAPNAME TOK_EQUALS TOK_QUOTED_STRING @@ -381,7 +381,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING ret_record->name = $3; } | TOK_KEY_OFFSET TOK_EQUALS TOK_DIGITS - { /* offset is used for reporting where an error occured unpacking + { /* offset is used for reporting where an error occurred unpacking * loaded policy. We can just drop this currently */ } diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c index 9ac4449f4..475c6ce03 100644 --- a/libraries/libapparmor/src/kernel.c +++ b/libraries/libapparmor/src/kernel.c @@ -1101,9 +1101,9 @@ int aa_query_link_path_len(const char *label, size_t label_len, query[pos] = 0; query[++pos] = AA_CLASS_FILE; memcpy(query + pos + 1, link, link_len); - /* The kernel does the query in two parts we could similate this + /* The kernel does the query in two parts; we could simulate this * doing the following, however as long as policy is compiled - * correctly this isn't requied, and it requires and extra round + * correctly this isn't required, and it requires an extra round * trip to the kernel and adds a race on policy replacement between * the two queries. * diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c index 5942ddd27..a0235254d 100644 --- a/libraries/libapparmor/src/kernel_interface.c +++ b/libraries/libapparmor/src/kernel_interface.c @@ -90,7 +90,7 @@ static int write_buffer(int fd, const char *buffer, int size) /** * write_policy_buffer - load compiled policy into the kernel - * @fd: kernel iterface to write to + * @fd: kernel interface to write to * @atomic: whether to load all policy in buffer atomically (true) * @buffer: buffer of policy to load * @size: the size of the data in the buffer @@ -205,7 +205,7 @@ static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface, * @apparmorfs: path to the apparmor directory of the mounted securityfs (can * be NULL and the path will be auto discovered) * - * Returns: 0 on success, -1 on error with errnot set and *@kernel_interface + * Returns: 0 on success, -1 on error with errno set and *@kernel_interface * pointing to NULL */ int aa_kernel_interface_new(aa_kernel_interface **kernel_interface, diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c index 69e87eb1a..cf7e1c9f1 100644 --- a/libraries/libapparmor/src/private.c +++ b/libraries/libapparmor/src/private.c @@ -63,7 +63,7 @@ struct ignored_suffix_t { }; static struct ignored_suffix_t ignored_suffixes[] = { - /* Debian packging files, which are in flux during install + /* Debian packaging files, which are in flux during install should be silently ignored. */ { ".dpkg-new", 9, 1 }, { ".dpkg-old", 9, 1 }, @@ -147,7 +147,7 @@ int _aa_is_blacklisted(const char *name) return 0; } -/* automaticly free allocated variables tagged with autofree on fn exit */ +/* automatically free allocated variables tagged with autofree on fn exit */ void _aa_autofree(void *p) { void **_p = (void**)p; diff --git a/libraries/libapparmor/testsuite/libaalogparse.test/multi_test.exp b/libraries/libapparmor/testsuite/libaalogparse.test/multi_test.exp index 8dc626b87..b09fda2ac 100644 --- a/libraries/libapparmor/testsuite/libaalogparse.test/multi_test.exp +++ b/libraries/libapparmor/testsuite/libaalogparse.test/multi_test.exp @@ -1,5 +1,5 @@ -# Runs all tests with the extention "multi" for several times. -# Each testprogram .multi has an own subdirectory +# Runs all tests with the extension "multi" for several times. +# Each test program .multi has its own subdirectory # in which several testcases are defined for this program # Each testcase has 3 files: # diff --git a/parser/af_rule.cc b/parser/af_rule.cc index c617c609d..dc86c590b 100644 --- a/parser/af_rule.cc +++ b/parser/af_rule.cc @@ -37,7 +37,7 @@ static struct supported_cond supported_conds[] = { { "type", true, false, false, local_cond }, { "protocol", false, false, false, local_cond }, { "label", true, false, false, peer_cond }, - { NULL, false, false, false, local_cond }, /* eol sentinal */ + { NULL, false, false, false, local_cond }, /* eol sentinel */ }; bool af_rule::cond_check(struct supported_cond *conds, struct cond_entry *ent, diff --git a/parser/af_unix.cc b/parser/af_unix.cc index 064de6c42..d4644b804 100644 --- a/parser/af_unix.cc +++ b/parser/af_unix.cc @@ -29,7 +29,7 @@ #include "profile.h" #include "af_unix.h" -/* See unix(7) for autobind address definiation */ +/* See unix(7) for autobind address definition */ #define autobind_address_pattern "\\x00[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]"; int parse_unix_mode(const char *str_mode, int *mode, int fail) @@ -40,7 +40,7 @@ int parse_unix_mode(const char *str_mode, int *mode, int fail) static struct supported_cond supported_conds[] = { { "addr", true, false, false, either_cond }, - { NULL, false, false, false, local_cond }, /* sentinal */ + { NULL, false, false, false, local_cond }, /* sentinel */ }; void unix_rule::move_conditionals(struct cond_entry *conds) @@ -351,7 +351,7 @@ int unix_rule::gen_policy_re(Profile &prof) /* local label option */ if (!write_label(tmp, label)) goto fail; - /* seperator */ + /* separator */ tmp << "\\x00"; buf = tmp.str(); @@ -372,7 +372,7 @@ int unix_rule::gen_policy_re(Profile &prof) /* local label option */ if (!write_label(buffer, label)) goto fail; - /* seperator */ + /* separator */ buffer << "\\x00"; /* create already masked off */ diff --git a/parser/libapparmor_re/README b/parser/libapparmor_re/README index 41d02281c..a08ba9b44 100644 --- a/parser/libapparmor_re/README +++ b/parser/libapparmor_re/README @@ -8,7 +8,7 @@ chfa.{h,cc} - code to build a highly compressed runtime readonly version of an hfa. aare_rules.{h,cc} - code to that binds parse -> expr-tree -> hfa generation -> chfa generation into a basic interface for converting - rules to a runtime ready statemachine. + rules to a runtime ready state machine. Regular Expression Scanner Generator ==================================== @@ -19,12 +19,12 @@ Notes in the scanner File Format The file format used is based on the GNU flex table file format (--tables-file option; see Table File Format in the flex info pages and the flex sources for documentation). The magic number used in the header -is set to 0x1B5E783D insted of 0xF13C57B1 though, which is meant to +is set to 0x1B5E783D instead of 0xF13C57B1 though, which is meant to indicate that the file format logically is not the same: the YY_ID_CHK (check) and YY_ID_DEF (default) tables are used differently. Flex uses state compression to store only the differences between states -for states that are similar. The amount of compresion influences the parse +for states that are similar. The amount of compression influences the parse speed. The following two states could be stored as in the tables outlined diff --git a/parser/libapparmor_re/expr-tree.cc b/parser/libapparmor_re/expr-tree.cc index b3005f6fd..28aa35000 100644 --- a/parser/libapparmor_re/expr-tree.cc +++ b/parser/libapparmor_re/expr-tree.cc @@ -23,7 +23,7 @@ * it can be factored so that the set of important nodes is smaller. * Having a reduced set of important nodes generally results in a dfa that * is closer to minimum (fewer redundant states are created). It also - * results in fewer important nodes in a the state set during subset + * results in fewer important nodes in the state set during subset * construction resulting in less memory used to create a dfa. * * Generally it is worth doing expression tree simplification before dfa @@ -150,7 +150,7 @@ void Node::dump_syntax_tree(ostream &os) } /* - * Normalize the regex parse tree for factoring and cancelations. Normalization + * Normalize the regex parse tree for factoring and cancellations. Normalization * reorganizes internal (alt and cat) nodes into a fixed "normalized" form that * simplifies factoring code, in that it produces a canonicalized form for * the direction being normalized so that the factoring code does not have @@ -172,10 +172,10 @@ void Node::dump_syntax_tree(ostream &os) * dir to !dir. Until no dir direction node meets the criterial. * Then recurse to the children (which will have a different node type) * to make sure they are normalized. - * Normalization of a child node is guarenteed to not affect the + * Normalization of a child node is guaranteed to not affect the * normalization of the parent. * - * For cat nodes the depth first traverse order is guarenteed to be + * For cat nodes the depth first traverse order is guaranteed to be * maintained. This is not necessary for altnodes. * * Eg. For left normalization diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc index 6b0109133..9cea4c3fc 100644 --- a/parser/libapparmor_re/hfa.cc +++ b/parser/libapparmor_re/hfa.cc @@ -651,13 +651,13 @@ void DFA::minimize(dfaflags_t flags) list partitions; /* Set up the initial partitions - * minimium of - 1 non accepting, and 1 accepting + * minimum of - 1 non accepting, and 1 accepting * if trans hashing is used the accepting and non-accepting partitions * can be further split based on the number and type of transitions * a state makes. * If permission hashing is enabled the accepting partitions can * be further divided by permissions. This can result in not - * obtaining a truely minimized dfa but comes close, and can speedup + * obtaining a truly minimized dfa but comes close, and can speedup * minimization. */ int accept_count = 0; @@ -753,7 +753,7 @@ void DFA::minimize(dfaflags_t flags) /* Remap the dfa so it uses the representative states * Use the first state of a partition as the representative state - * At this point all states with in a partion have transitions + * At this point all states with in a partition have transitions * to states within the same partitions, however this can slow * down compressed dfa compression as there are more states, */ @@ -813,7 +813,7 @@ void DFA::minimize(dfaflags_t flags) } /* Now that the states have been remapped, remove all states - * that are not the representive states for their partition, they + * that are not the representative states for their partition, they * will have a label == -1 */ for (Partition::iterator i = states.begin(); i != states.end();) { @@ -875,7 +875,7 @@ static int diff_partition(State *state, Partition &part, int max_range, int uppe /** * diff_encode - compress dfa by differentially encoding state transitions - * @dfa_flags: flags controling dfa creation + * @dfa_flags: flags controlling dfa creation * * This function reduces the number of transitions that need to be stored * by encoding transitions as the difference between the state and a @@ -889,7 +889,7 @@ static int diff_partition(State *state, Partition &part, int max_range, int uppe * - The number of state transitions needed to match an input of length * m will be 2m * - * To guarentee this the ordering and distance calculation is done in the + * To guarantee this the ordering and distance calculation is done in the * following manner. * - A DAG of the DFA is created starting with the start state(s). * - A state can only be relative (have a differential encoding) to diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h index 3ad7aaaa4..451d74659 100644 --- a/parser/libapparmor_re/hfa.h +++ b/parser/libapparmor_re/hfa.h @@ -189,7 +189,7 @@ struct DiffDag { * accept: the accept permissions for the state * trans: set of transitions from this state * otherwise: the default state for transitions not in @trans - * parition: Is a temporary work variable used during dfa minimization. + * partition: Is a temporary work variable used during dfa minimization. * it can be replaced with a map, but that is slower and uses more * memory. * proto: Is a temporary work variable used during dfa creation. It can diff --git a/parser/libapparmor_re/parse.y b/parser/libapparmor_re/parse.y index 843a5090c..3006880b6 100644 --- a/parser/libapparmor_re/parse.y +++ b/parser/libapparmor_re/parse.y @@ -76,7 +76,7 @@ static inline Chars* insert_char_range(Chars* cset, transchar a, transchar b) %% /* FIXME: Does not parse "[--]", "[---]", "[^^-x]". I don't actually know - which precise grammer Perl regexs use, and rediscovering that + which precise grammar Perl regexs use, and rediscovering that is proving to be painful. */ regex : /* empty */ { *root = $$ = &epsnode; } diff --git a/parser/mount.cc b/parser/mount.cc index 6fdb213be..237b844f4 100644 --- a/parser/mount.cc +++ b/parser/mount.cc @@ -206,7 +206,7 @@ * AppArmor mount rule encoding * * TODO: - * add semantic checking of options against specified filesytem types + * add semantic checking of options against specified filesystem types * to catch mount options that can't be covered. * * diff --git a/parser/parser.conf b/parser/parser.conf index 1d1c0da21..3909aee49 100644 --- a/parser/parser.conf +++ b/parser/parser.conf @@ -1,7 +1,7 @@ # parser.conf is a global AppArmor config file for the apparmor_parser # # It can be used to specify the default options for the parser, which -# can then be overriden by options passed on the command line. +# can then be overridden by options passed on the command line. # # Leading whitespace is ignored and lines that begin with # are treated # as comments. @@ -43,7 +43,7 @@ #skip-read-cache -#### Set Optimizaions. Multiple Optimizations can be set, one per line #### +#### Set Optimizations. Multiple Optimizations can be set, one per line #### # For supported optimizations see # apparmor_parser --help=O diff --git a/parser/parser_include.c b/parser/parser_include.c index 5b14fa4a8..69812333f 100644 --- a/parser/parser_include.c +++ b/parser/parser_include.c @@ -23,7 +23,7 @@ We support 2 types of includes -#include which searches for the first occurance of name in the +#include which searches for the first occurrence of name in the apparmor directory path. #include "name" which will search for a relative or absolute pathed @@ -60,7 +60,7 @@ static char *path[MAX_PATH] = { NULL }; static int npath = 0; -/* default base directory is /etc/apparmor.d, it can be overriden +/* default base directory is /etc/apparmor.d, it can be overridden with the -b option. */ const char *basedir; diff --git a/parser/parser_interface.c b/parser/parser_interface.c index ab1077b4f..8ad3e840e 100644 --- a/parser/parser_interface.c +++ b/parser/parser_interface.c @@ -359,7 +359,7 @@ void sd_serialize_xtable(std::ostringstream &buf, char **table) int len = strlen(table[i]) + 1; /* if its a namespace make sure the second : is overwritten - * with 0, so that the namespace and name are \0 seperated + * with 0, so that the namespace and name are \0 separated */ if (*table[i] == ':') { char *tmp = table[i] + 1; diff --git a/parser/parser_main.c b/parser/parser_main.c index 224bebabc..f4ff689a6 100644 --- a/parser/parser_main.c +++ b/parser/parser_main.c @@ -433,7 +433,7 @@ int arg_pass(int c) { return LATE_ARG; } -/* process a single argment from getopt_long +/* process a single argument from getopt_long * Returns: 1 if an action arg, else 0 */ #define DUMP_HEADER " variables \tDump variables\n" \ @@ -1258,7 +1258,7 @@ do { \ * from work_spawn and work_sync. We could throw a C++ exception, is it * worth doing it to avoid the exit here. * - * atm not all resources maybe cleanedup at exit + * atm not all resources may be cleaned up at exit */ int last_error = 0; void handle_work_result(int retval) @@ -1288,7 +1288,7 @@ static long compute_jobs(long n, long j) static void setup_parallel_compile(void) { - /* jobs and paralell_max set by default, config or args */ + /* jobs and parallel_max set by default, config or args */ long n = sysconf(_SC_NPROCESSORS_ONLN); long maxn = sysconf(_SC_NPROCESSORS_CONF); if (n == -1) diff --git a/parser/parser_regex.c b/parser/parser_regex.c index fe8a63905..8b4a4866a 100644 --- a/parser/parser_regex.c +++ b/parser/parser_regex.c @@ -534,7 +534,7 @@ static int process_profile_name_xmatch(Profile *prof) int len; tbuf.clear(); /* prepend \x00 to every value. This is - * done to separate the existance of the + * done to separate the existence of the * xattr from a null value match. * * if an xattr exists, a single \x00 will diff --git a/parser/signal.cc b/parser/signal.cc index a91ff23b6..c80dab6fb 100644 --- a/parser/signal.cc +++ b/parser/signal.cc @@ -112,7 +112,7 @@ static const char *const sig_names[MAXMAPPED_SIG + 1] = { "lost", "unused", - "exists", /* always last existance test mapped to MAXMAPPED_SIG */ + "exists", /* always last existence test mapped to MAXMAPPED_SIG */ }; diff --git a/parser/techdoc.tex b/parser/techdoc.tex index 024e898e6..d7116450f 100644 --- a/parser/techdoc.tex +++ b/parser/techdoc.tex @@ -240,7 +240,7 @@ and may grant confined processes specific mount operations. The security model of the various versions of NFS is that files are looked up by name as usual, but after that lookup, each file is only -identified by a file handle in successive acesses. The file handle at a +identified by a file handle in successive accesses. The file handle at a minimum includes some sort of filesystem identifier and the file's inode number. In Linux, the file handles used by most filesystems also include the inode number of the parent directory; this may change in the @@ -816,7 +816,7 @@ one (this option may be used even if no profile by that name exists): \subsection{Anatomy of a Profile} -AppArmor profiles use a simple declaritive language, fully described in +AppArmor profiles use a simple declarative language, fully described in the apparmor.d(5) manual page. By convention, profiles are stored in /etc/{\H}apparmor.d/. The AppArmor parser supports a simple cpp-style include mechanism to allow sharing pieces of policy. A simple profile diff --git a/parser/tst/README b/parser/tst/README index 782b8fa91..0d9ff128a 100644 --- a/parser/tst/README +++ b/parser/tst/README @@ -10,7 +10,7 @@ against a different parser, or use a different set of profiles for the simple.pl test, you can change those settings in 'uservars.conf'. You can also override which parser is used through make by specifying -the PARSER veriable. For example, to run the tests on the system parser, +the PARSER variable. For example, to run the tests on the system parser, run 'make PARSER=/sbin/apparmor_parser'. Adding to the testsuite @@ -61,7 +61,7 @@ The simple script looks for a few special comments in the profile, expected parse result of PASS. - #=TODO -- marks the test as being for a future item to implement and - thus are expected testsuite failures and hsould be ignored. + thus are expected testsuite failures and should be ignored. - #=DISABLED -- skips the test, and marks it as a failed TODO task. Useful if the particular testcase causes the parser to infinite diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh index dc13bc266..147432603 100755 --- a/parser/tst/equality.sh +++ b/parser/tst/equality.sh @@ -568,7 +568,7 @@ verify_binary_equality "set rlimit memlock <= 2GB" \ # Unfortunately we can not just compare an empty profile and hat to a # ie. "/t { ^test { /f r, }}" # to the second profile with the equivalent rule inserted manually -# because policy write permission "w" actually expands to mutiple permissions +# because policy write permission "w" actually expands to multiple permissions # under the hood, and the parser is not adding those permissions # to the rules it auto generates # So we insert the rule with "append" permissions, and rely on the parser diff --git a/parser/tst/minimize.sh b/parser/tst/minimize.sh index b653be38e..3c71d9189 100755 --- a/parser/tst/minimize.sh +++ b/parser/tst/minimize.sh @@ -5,7 +5,7 @@ APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}" # Format of -D dfa-states # dfa-states output is split into 2 parts: -# the accept state infomation +# the accept state information # {state} (allow deny audit XXX) ignore XXX for now # followed by the transition table information # {Y} -> {Z}: 0xXX Char #0xXX is the hex dump of Char @@ -43,7 +43,7 @@ APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}" # These tests currently only look at the accept state permissions # # To view any of these DFAs as graphs replace --D dfa-states with -D dfa-graph -# strip of the test stuff around the parser command and use the the dot +# strip of the test stuff around the parser command and use the dot # command to convert # Eg. # echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, deny /** w, }" | ./apparmor_parser -QT -O minimize -D dfa-graph --quiet 2>min.graph @@ -100,7 +100,7 @@ fi echo "ok" # same test as above except with deny 'w' perm added to /**, this does not -# elimnates the states with 'w' and 'a' because the quiet information is +# eliminates the states with 'w' and 'a' because the quiet information is # being carried # # {1} <== (allow/deny/audit/quiet) @@ -119,7 +119,7 @@ fi echo "ok" # same test as above except with audit deny 'w' perm added to /**, with the -# parameter this elimnates the states with 'w' and 'a' because +# parameter this eliminates the states with 'w' and 'a' because # the quiet information is NOT being carried # # {1} <== (allow/deny/audit/quiet) @@ -139,7 +139,7 @@ echo "ok" # The x transition test profile is setup so that there are 3 conflicting x # permissions, two are on paths that won't collide during dfa creation. The -# 3rd is a generic permission that should be overriden during dfa creation. +# 3rd is a generic permission that should be overridden during dfa creation. # # This should result in a dfa that specifies transitions on 'a' and 'b' to # unique states that store the alternate accept information. However @@ -190,7 +190,7 @@ fi echo "ok" # now try audit + denying x and make sure perms are cleared -# notice that the deny info is being carried, by an artifical trap state +# notice that the deny info is being carried, by an artificial trap state # {1} <== (allow/deny/audit/quiet) # {3} (0x 0/fe17f85/0/0) diff --git a/parser/tst/simple_tests/capability/ok1.sd b/parser/tst/simple_tests/capability/ok1.sd index 080c15c16..3bafb79d2 100644 --- a/parser/tst/simple_tests/capability/ok1.sd +++ b/parser/tst/simple_tests/capability/ok1.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION validate some uses of capabilties. +#=DESCRIPTION validate some uses of capabilities. #=EXRESULT PASS # vim:syntax=subdomain # Last Modified: Sun Apr 17 19:44:44 2005 diff --git a/parser/tst/simple_tests/capability/ok2.sd b/parser/tst/simple_tests/capability/ok2.sd index 2bbb1607d..70a3a42fe 100644 --- a/parser/tst/simple_tests/capability/ok2.sd +++ b/parser/tst/simple_tests/capability/ok2.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION validate some uses of capabilties. +#=DESCRIPTION validate some uses of capabilities. #=EXRESULT PASS # vim:syntax=subdomain # Last Modified: Sun Apr 17 19:44:44 2005 diff --git a/parser/tst/simple_tests/capability/ok3.sd b/parser/tst/simple_tests/capability/ok3.sd index 454b96cb0..e62b50566 100644 --- a/parser/tst/simple_tests/capability/ok3.sd +++ b/parser/tst/simple_tests/capability/ok3.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION validate some uses of capabilties. +#=DESCRIPTION validate some uses of capabilities. #=EXRESULT PASS # vim:syntax=subdomain # Last Modified: Sun Apr 17 19:44:44 2005 diff --git a/parser/tst/simple_tests/capability/set/ok1.sd b/parser/tst/simple_tests/capability/set/ok1.sd index eed247080..9354fcb33 100644 --- a/parser/tst/simple_tests/capability/set/ok1.sd +++ b/parser/tst/simple_tests/capability/set/ok1.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION validate some uses of capabilties. +#=DESCRIPTION validate some uses of capabilities. #=EXRESULT FAIL # vim:syntax=subdomain # Last Modified: Sun Apr 17 19:44:44 2005 diff --git a/parser/tst/simple_tests/conditional/else_if_4.sd b/parser/tst/simple_tests/conditional/else_if_4.sd index b655667bc..04e7cee0d 100644 --- a/parser/tst/simple_tests/conditional/else_if_4.sd +++ b/parser/tst/simple_tests/conditional/else_if_4.sd @@ -1,4 +1,4 @@ -#=DESCRIPTION conditional else in invlaid locations +#=DESCRIPTION conditional else in invalid locations #=EXRESULT FAIL $BAR = false diff --git a/parser/tst/simple_tests/file/allow/ok_mmap_2.sd b/parser/tst/simple_tests/file/allow/ok_mmap_2.sd index bbcc62acf..49ffa25ca 100644 --- a/parser/tst/simple_tests/file/allow/ok_mmap_2.sd +++ b/parser/tst/simple_tests/file/allow/ok_mmap_2.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION m and [upi]x do not conflict, seperate rules +#=DESCRIPTION m and [upi]x do not conflict, separate rules #=EXRESULT PASS # vim:syntax=apparmor # diff --git a/parser/tst/simple_tests/file/file/ok_mmap_2.sd b/parser/tst/simple_tests/file/file/ok_mmap_2.sd index eef6f5cb2..1c07a3c64 100644 --- a/parser/tst/simple_tests/file/file/ok_mmap_2.sd +++ b/parser/tst/simple_tests/file/file/ok_mmap_2.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION m and [upi]x do not conflict, seperate rules +#=DESCRIPTION m and [upi]x do not conflict, separate rules #=EXRESULT PASS # /usr/bin/foo { diff --git a/parser/tst/simple_tests/file/ok_mmap_2.sd b/parser/tst/simple_tests/file/ok_mmap_2.sd index 711d42d02..f357df343 100644 --- a/parser/tst/simple_tests/file/ok_mmap_2.sd +++ b/parser/tst/simple_tests/file/ok_mmap_2.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION m and [upi]x do not conflict, seperate rules +#=DESCRIPTION m and [upi]x do not conflict, separate rules #=EXRESULT PASS # /usr/bin/foo { diff --git a/parser/tst/simple_tests/network/tcp_client_error2.sd b/parser/tst/simple_tests/network/tcp_client_error2.sd index 1624e68e3..32fecb1d2 100644 --- a/parser/tst/simple_tests/network/tcp_client_error2.sd +++ b/parser/tst/simple_tests/network/tcp_client_error2.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION netdomain tcp connect w/multiple from statments +#=DESCRIPTION netdomain tcp connect w/multiple from statements #=EXRESULT FAIL /tmp/tcp/tcp_client { tcp_connect from 10.0.0.17/16:50-100 from 127.0.0.1 via eth1, diff --git a/parser/tst/simple_tests/profile/profile_ns_named_ok1.sd b/parser/tst/simple_tests/profile/profile_ns_named_ok1.sd index 0a21e7e52..2330d0fa7 100644 --- a/parser/tst/simple_tests/profile/profile_ns_named_ok1.sd +++ b/parser/tst/simple_tests/profile/profile_ns_named_ok1.sd @@ -1,6 +1,6 @@ # # $Id$ -#=DESCRIPTION Basic namespace test wit named profile, duplicate mode bits +#=DESCRIPTION Basic namespace test with named profile, duplicate mode bits #=EXRESULT PASS # vim:syntax=subdomain # Last Modified: Sun Apr 17 19:44:44 2005 diff --git a/parser/tst/simple_tests/rlimits/ok_rlimit_10.sd b/parser/tst/simple_tests/rlimits/ok_rlimit_10.sd index f6f0c0e5d..7ab6f4ea0 100644 --- a/parser/tst/simple_tests/rlimits/ok_rlimit_10.sd +++ b/parser/tst/simple_tests/rlimits/ok_rlimit_10.sd @@ -1,5 +1,5 @@ # -#=DESCRIPTION simple max virtual memory szie rlimit test +#=DESCRIPTION simple max virtual memory size rlimit test #=EXRESULT PASS profile rlimit { diff --git a/profiles/Makefile b/profiles/Makefile index 852791971..b487e9763 100644 --- a/profiles/Makefile +++ b/profiles/Makefile @@ -50,7 +50,7 @@ else LOGPROF?=LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) PYTHONPATH=$(PYTHONPATH) $(PYTHON) ../utils/aa-logprof --configdir ../utils/test/ endif -# $(PWD) is wrong when using "make -C profiles" - explicitely set it here to get the right value +# $(PWD) is wrong when using "make -C profiles" - explicitly set it here to get the right value PWD=$(shell pwd) .PHONY: test-dependencies diff --git a/profiles/apparmor.d/abstractions/exo-open b/profiles/apparmor.d/abstractions/exo-open index 5717e4d79..72360f34d 100644 --- a/profiles/apparmor.d/abstractions/exo-open +++ b/profiles/apparmor.d/abstractions/exo-open @@ -29,8 +29,8 @@ # include # include # -# # Add if accesibility access is considered as required -# # (for message boxe in case exo-open fails) +# # Add if accessibility access is considered as required +# # (for message box in case exo-open fails) # include # # # < add additional allowed applications here > diff --git a/profiles/apparmor.d/abstractions/kde-open5 b/profiles/apparmor.d/abstractions/kde-open5 index 5f4e0f753..d3adae298 100644 --- a/profiles/apparmor.d/abstractions/kde-open5 +++ b/profiles/apparmor.d/abstractions/kde-open5 @@ -29,8 +29,8 @@ # include # include # -# # Add if accesibility access is considered as required -# # (for message boxe in case exo-open fails) +# # Add if accessibility access is considered as required +# # (for message box in case exo-open fails) # include # # # Add if audio support for message box is diff --git a/profiles/apparmor.d/abstractions/svn-repositories b/profiles/apparmor.d/abstractions/svn-repositories index d518f1d0b..ca9f990c2 100644 --- a/profiles/apparmor.d/abstractions/svn-repositories +++ b/profiles/apparmor.d/abstractions/svn-repositories @@ -14,7 +14,7 @@ # it is intended to be included in profiles for svnserve/apache2 and maybe # some repository viewers like trac/viewvc - # no hooks exec by default; please define whatever you need explicitely. + # no hooks exec by default; please define whatever you need explicitly. /srv/svn/**/conf/* r, /srv/svn/**/format r, diff --git a/profiles/apparmor.d/abstractions/xdg-open b/profiles/apparmor.d/abstractions/xdg-open index aed207104..11cf41053 100644 --- a/profiles/apparmor.d/abstractions/xdg-open +++ b/profiles/apparmor.d/abstractions/xdg-open @@ -41,7 +41,7 @@ include - # for openin with `exo-open` + # for opening with `exo-open` include # for opening with `gio open ` diff --git a/tests/regression/apparmor/README b/tests/regression/apparmor/README index d6f285ad3..5d2670251 100644 --- a/tests/regression/apparmor/README +++ b/tests/regression/apparmor/README @@ -112,8 +112,8 @@ argument or the end of the argument list will be included within this hat. Support for multiple profiles within a single load (for example for test that want to domain tansition to another profile) is supported by -the "image' argument to genprofile. This keyword preceeded by a '--' -seperator terminates the previous profile and creates a new profile for +the "image' argument to genprofile. This keyword preceded by a '--' +separator terminates the previous profile and creates a new profile for the specified executable image. Together, 'image' and 'hat:' allow complex profiles including subhats and @@ -184,7 +184,7 @@ requiring signal passing) runchecktest "EXEC no x" fail $file - + Supporting files ================ diff --git a/tests/regression/apparmor/at_secure.sh b/tests/regression/apparmor/at_secure.sh index 77fe0a701..452114e8c 100755 --- a/tests/regression/apparmor/at_secure.sh +++ b/tests/regression/apparmor/at_secure.sh @@ -8,7 +8,7 @@ #=NAME at_secure #=DESCRIPTION -# Verifies the AT_SECURE flag in the auxillary vector after an exec transition +# Verifies the AT_SECURE flag in the auxiliary vector after an exec transition #=END pwd=`dirname $0` diff --git a/tests/regression/apparmor/capabilities.sh b/tests/regression/apparmor/capabilities.sh index 74a3c9024..85bb63d1e 100644 --- a/tests/regression/apparmor/capabilities.sh +++ b/tests/regression/apparmor/capabilities.sh @@ -13,7 +13,7 @@ # capability processing for confined processes) and no others allows successful # access. For every syscall in the test, we iterate over each capability # individually (plus no capabilities) in order to verify that only the expected -# capability grants access to the priviledged operation. The same is repeated +# capability grants access to the privileged operation. The same is repeated # for capabilities within hats. #=END diff --git a/tests/regression/apparmor/changehat_fork.sh b/tests/regression/apparmor/changehat_fork.sh index 27376e7a4..ecf0151de 100755 --- a/tests/regression/apparmor/changehat_fork.sh +++ b/tests/regression/apparmor/changehat_fork.sh @@ -61,7 +61,7 @@ echo -n "${testexec}//${subtest3}" >/sys/kernel/security/apparmor/.remove # Should put us into a null-profile # NOTE: As of AppArmor 2.1 (opensuse 10.3) this test now passes as -# the change_hat failes but it no longer entires the null profile +# the change_hat fails but it no longer enters the null profile genprofile $file:$okperm hat:$subtest $subfile:$okperm hat:$subtest2 $subfile:$okperm runchecktest "CHANGEHAT (access parent file 3)" pass $subtest3 $file diff --git a/tests/regression/apparmor/clone.sh b/tests/regression/apparmor/clone.sh index 5d924de0f..feec8a154 100644 --- a/tests/regression/apparmor/clone.sh +++ b/tests/regression/apparmor/clone.sh @@ -9,7 +9,7 @@ #=NAME clone #=DESCRIPTION # Verifies that clone is allowed under AppArmor, but that CLONE_NEWNS is -# restriced. +# restricted. #=END pwd=`dirname $0` diff --git a/tests/regression/apparmor/deleted.c b/tests/regression/apparmor/deleted.c index b866f29e6..be22342d1 100644 --- a/tests/regression/apparmor/deleted.c +++ b/tests/regression/apparmor/deleted.c @@ -21,7 +21,7 @@ /* A test to validate that we are properly handling the kernel appending * (deleted) in d_path lookup. - * To acheive this the file is opened (the read/write of the file is just to + * To achieve this the file is opened (the read/write of the file is just to * make sure everything is working as expected), deleted without closing the * file reference, and doing a changehat. * The file is then used inside of the changehat. This forces the file diff --git a/tests/regression/apparmor/exec.c b/tests/regression/apparmor/exec.c index 9bdca5484..0676f3b6e 100644 --- a/tests/regression/apparmor/exec.c +++ b/tests/regression/apparmor/exec.c @@ -42,7 +42,7 @@ extern char **environ; (void)execve(argv[1], &argv[1], environ); - /* exec failed, kill outselves to flag parent */ + /* exec failed, kill ourselves to flag parent */ (void)kill(getpid(), SIGKILL); } diff --git a/tests/regression/apparmor/exec_qual.sh b/tests/regression/apparmor/exec_qual.sh index f64ac5c70..ddeda98ad 100755 --- a/tests/regression/apparmor/exec_qual.sh +++ b/tests/regression/apparmor/exec_qual.sh @@ -119,7 +119,7 @@ genprofile $test2:rix signal:receive:peer=unconfined -- image=$test2 $file:$file local_runchecktest "enforce ix case3" fail $test1 $test2 $file # case 4: parent profile grants access -# missing child profile (irrelvant) +# missing child profile (irrelevant) # expected behaviour: child should be able to access resource genprofile $test2:rix $file:$fileperm signal:receive:peer=unconfined @@ -139,7 +139,7 @@ genprofile $test2:ux signal:receive:peer=unconfined local_runchecktest "enforce ux case1" pass "unconfined" $test2 $file # confined parent, exec child with conflicting exec qualifiers -# that overlap in such away that px is prefered (ix is glob, px is exact +# that overlap in such away that px is preferred (ix is glob, px is exact # match). Other overlap tests should be in the parser. # case 1: # expected behaviour: exec of child passes diff --git a/tests/regression/apparmor/link_subset.c b/tests/regression/apparmor/link_subset.c index e908487cb..40951650d 100644 --- a/tests/regression/apparmor/link_subset.c +++ b/tests/regression/apparmor/link_subset.c @@ -50,7 +50,7 @@ #define MAX_PERM_LEN 10 -/* Set up permission subset test as a seperate binary to reduce the time +/* Set up permission subset test as a separate binary to reduce the time * as the shell based versions takes for ever */ diff --git a/tests/regression/apparmor/mount.sh b/tests/regression/apparmor/mount.sh index bfd2905b5..f51af8210 100755 --- a/tests/regression/apparmor/mount.sh +++ b/tests/regression/apparmor/mount.sh @@ -12,7 +12,7 @@ # processes. #=END -# I made this a seperate test script because of the need to make a +# I made this a separate test script because of the need to make a # loopfile before the tests run. pwd=`dirname $0` diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh index 72bc7361f..cf514fb80 100755 --- a/tests/regression/apparmor/named_pipe.sh +++ b/tests/regression/apparmor/named_pipe.sh @@ -10,7 +10,7 @@ #=DESCRIPTION # This test verifies that subdomain file access checks function correctly # for named piped (nodes in the filesystem created with mknod). The test -# creates a parent/child process relationship which attempt to rendevous via +# creates a parent/child process relationship which attempt to rendezvous via # the named pipe. The tests are attempted for unconfined and confined # processes and also for subhats. #=END diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc index c3ed1ad62..1a2275006 100755 --- a/tests/regression/apparmor/prologue.inc +++ b/tests/regression/apparmor/prologue.inc @@ -11,17 +11,17 @@ # # This file should be included by each test case # It does a lot of hidden 'magic', Downside is that -# this magic makes debugging fauling tests more difficult. +# this magic makes debugging failing tests more difficult. # Running the test with the '-r' option can help. # -# Userchangeable variables (tmpdir etc) should be specified in +# User changeable variables (tmpdir etc) should be specified in # uservars.inc # # Cleanup is automatically performed by epilogue.inc # # For this file, functions are first, entry point code is at end, see "MAIN" -#use $() to retreive the failure message or "true" if success +#use $() to retrieve the failure message or "true" if success # kernel_features_istrue() - test whether boolean files are true # $@: path(s) to test if true diff --git a/tests/regression/apparmor/query_label.c b/tests/regression/apparmor/query_label.c index e84d7f2a0..e2281ae0d 100644 --- a/tests/regression/apparmor/query_label.c +++ b/tests/regression/apparmor/query_label.c @@ -87,7 +87,7 @@ #define AA_MAY_LINK 0x40000 #endif -#ifndef AA_LINK_SUBSET /* overlayed perm in pair */ +#ifndef AA_LINK_SUBSET /* overlaid perm in pair */ #define AA_LINK_SUBSET AA_MAY_LOCK #endif diff --git a/tests/regression/apparmor/socketpair.c b/tests/regression/apparmor/socketpair.c index 491907f2a..0c12da9f5 100644 --- a/tests/regression/apparmor/socketpair.c +++ b/tests/regression/apparmor/socketpair.c @@ -111,7 +111,7 @@ static int reexec(int pair[2], int argc, char **argv) return 0; /** - * Save off the first arg and then shift all preceeding + * Save off the first arg and then shift all preceding * args by one to effectively pop off the first */ new_profile = argv[3]; diff --git a/tests/regression/apparmor/swap.sh b/tests/regression/apparmor/swap.sh index 9078d26e0..43fcabc91 100755 --- a/tests/regression/apparmor/swap.sh +++ b/tests/regression/apparmor/swap.sh @@ -13,7 +13,7 @@ # unconfined processes can call these syscalls but confined processes cannot. #=END -# I made this a seperate test script because of the need to make a +# I made this a separate test script because of the need to make a # swapfile before the tests run. pwd=`dirname $0` diff --git a/tests/regression/apparmor/syscall_sysctl.sh b/tests/regression/apparmor/syscall_sysctl.sh index 5f8569847..647df403f 100644 --- a/tests/regression/apparmor/syscall_sysctl.sh +++ b/tests/regression/apparmor/syscall_sysctl.sh @@ -148,7 +148,7 @@ test_sysctl_proc() # check if the kernel supports CONFIG_SYSCTL_SYSCALL # generally we want to encourage kernels to disable it, but if it's # enabled we want to test against it -# In addition test that sysctl exists in the kernel headers, if it does't +# In addition test that sysctl exists in the kernel headers, if it doesn't # then we can't even built the syscall_sysctl test if echo "#include " | cpp -dM >/dev/null 2>/dev/null ; then settest syscall_sysctl diff --git a/tests/regression/apparmor/unix_socket.inc b/tests/regression/apparmor/unix_socket.inc index a8bacb667..905c99c6f 100644 --- a/tests/regression/apparmor/unix_socket.inc +++ b/tests/regression/apparmor/unix_socket.inc @@ -33,7 +33,7 @@ do_test() local bad_p_addr="${13}" # optional local desc="AF_UNIX $addr_type socket ($type);" - local l_access # combind local perms: local bound and local unbound + local l_access # combined local perms: local bound and local unbound local c_access # combined perms: local bound, local unbound, and peer local access # used as an iterator local u_rule # rule for pre-bind accesses diff --git a/tests/regression/apparmor/xattrs.sh b/tests/regression/apparmor/xattrs.sh index f61fde87d..341695aa3 100755 --- a/tests/regression/apparmor/xattrs.sh +++ b/tests/regression/apparmor/xattrs.sh @@ -14,8 +14,8 @@ # security: get r, set w + CAP_SYS_ADMIN # system: (acl's etc.) fs and kernel dependent (CAP_SYS_ADMIN) # trusted: CAP_SYS_ADMIN -# user: for subdomain the relevent file must be in the profile, with r perm -# to get xattr, w perm to set or remove xattr. The appriate cap must be +# user: for subdomain the relevant file must be in the profile, with r perm +# to get xattr, w perm to set or remove xattr. The appropriate cap must be # present in the profile as well #=END @@ -58,7 +58,7 @@ mkdir $dir add_attrs() { - #set the xattr for thos that passed above again so we can test removing it + #set the xattr for those that passed above again so we can test removing it setfattr -h -n security.sdtest -v hello "$1" setfattr -h -n trusted.sdtest -v hello "$1" if [ "$1" != $link ] ; then diff --git a/utils/aa-logprof.pod b/utils/aa-logprof.pod index d5ef64356..4398acd45 100644 --- a/utils/aa-logprof.pod +++ b/utils/aa-logprof.pod @@ -67,7 +67,7 @@ those processes are set to run under their proper profiles. =head2 Responding to AppArmor Events B will generate a list of suggested profile changes that -the user can choose from, or they can create their own, to modifiy the +the user can choose from, or they can create their own, to modify the permission set of the profile so that the generated access violation will not re-occur. diff --git a/utils/aa-notify b/utils/aa-notify index 160e2650b..585766763 100755 --- a/utils/aa-notify +++ b/utils/aa-notify @@ -253,7 +253,7 @@ def reopen_logfile_if_needed(logfile, logdata, log_inode, log_size): while retry: try: - # Reopen file if inode has chaneged, e.g. rename by logrotate + # Reopen file if inode has changed, e.g. rename by logrotate if os.stat(logfile).st_ino != log_inode: debug_logger.debug('Logfile was renamed, reload to read the new file.') logdata = open(logfile, 'r') @@ -572,7 +572,7 @@ def main(): n.show() # When notification is sent, raise privileged back to root if the - # original effective user id was zero (to be ableo to read AppArmor logs) + # original effective user id was zero (to be able to read AppArmor logs) raise_privileges() elif args.since_last: diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index b02293a96..4cbc46350 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -70,7 +70,7 @@ from apparmor.rule import quote_if_needed from apparmor.translations import init_translation _ = init_translation() -# Setup logging incase of debugging is enabled +# Setup logging in case debugging is enabled debug_logger = DebugLogger('aa') # The database for severity @@ -568,7 +568,7 @@ def autodep(bin_name, pname=''): # bin_full = bin_name #if not bin_full.startswith('/'): #return None - # Return if exectuable path not found + # Return if executable path not found if not bin_full: return None else: @@ -881,7 +881,7 @@ def ask_exec(hashlog): q.headers += [_('Profile'), combine_name(profile, hat)] - # to_name should not exist here since, transitioning is already handeled + # to_name should not exist here since, transitioning is already handled q.headers += [_('Execute'), exec_target] q.headers += [_('Severity'), severity] @@ -1087,7 +1087,7 @@ def ask_the_questions(log_dict): if not aa[profile].get(hat, {}).get('file'): if aamode != 'merge': - # Ignore log events for a non-existing profile or child profile. Such events can occour + # Ignore log events for a non-existing profile or child profile. Such events can occur # after deleting a profile or hat manually, or when processing a foreign log. # (Checking for 'file' is a simplified way to check if it's a ProfileStorage.) debug_logger.debug("Ignoring events for non-existing profile %s" % combine_name(profile, hat)) @@ -1583,14 +1583,14 @@ def collapse_log(hashlog, ignore_null_profiles=True): if '//null-' in hashlog[aamode][full_profile]['final_name'] and ignore_null_profiles: # ignore null-* profiles (probably nested childs) - # otherwise we'd accidently create a null-* hat in the profile which is worse + # otherwise we'd accidentally create a null-* hat in the profile which is worse # XXX drop this once we support nested childs continue profile, hat = split_name(hashlog[aamode][full_profile]['final_name']) # XXX limited to two levels to avoid an Exception on nested child profiles or nested null-* # TODO: support nested child profiles - # used to avoid to accidently initialize aa[profile][hat] or calling is_known_rule() on events for a non-existing profile + # used to avoid to accidentally initialize aa[profile][hat] or calling is_known_rule() on events for a non-existing profile hat_exists = False if aa.get(profile) and aa[profile].get(hat): hat_exists = True @@ -2112,7 +2112,7 @@ def parse_profile_data(data, file, do_include): if lastline: # lastline gets merged into line (and reset to None) when reading the next line. - # If it isn't empty, this means there's something unparseable at the end of the profile + # If it isn't empty, this means there's something unparsable at the end of the profile raise AppArmorException(_('Syntax Error: Unknown line found in file %(file)s line %(lineno)s:\n %(line)s') % { 'file': file, 'lineno': lineno + 1, 'line': lastline }) # Below is not required I'd say diff --git a/utils/apparmor/cleanprofile.py b/utils/apparmor/cleanprofile.py index af2380bef..120df3acc 100644 --- a/utils/apparmor/cleanprofile.py +++ b/utils/apparmor/cleanprofile.py @@ -55,13 +55,13 @@ class CleanProf(object): for inc in includes: if not self.profile.include.get(inc, {}).get(inc, False): apparmor.load_include(inc) - if self.other.aa[program].get(hat): # carefully avoid to accidently initialize self.other.aa[program][hat] + if self.other.aa[program].get(hat): # carefully avoid to accidentally initialize self.other.aa[program][hat] deleted += apparmor.delete_all_duplicates(self.other.aa[program][hat], inc, apparmor.ruletypes) #Clean duplicate rules in other profile for ruletype in apparmor.ruletypes: if not self.same_file: - if self.other.aa[program].get(hat): # carefully avoid to accidently initialize self.other.aa[program][hat] + if self.other.aa[program].get(hat): # carefully avoid to accidentally initialize self.other.aa[program][hat] deleted += self.other.aa[program][hat][ruletype].delete_duplicates(self.profile.aa[program][hat][ruletype]) else: deleted += self.other.aa[program][hat][ruletype].delete_duplicates(None) diff --git a/utils/apparmor/common.py b/utils/apparmor/common.py index bbe28343b..af530454b 100644 --- a/utils/apparmor/common.py +++ b/utils/apparmor/common.py @@ -251,7 +251,7 @@ def convert_regexp(regexp): new_reg = new_reg.replace('**', multi_glob) #print(new_reg) - # Match atleast one character if * or ** after / + # Match at least one character if * or ** after / # ?< is the negative lookback operator new_reg = new_reg.replace('*', '(((?<=/)[^/\000]+)|((? #include if exists diff --git a/utils/test/logprof.conf b/utils/test/logprof.conf index be0648319..cfa4cd8a6 100644 --- a/utils/test/logprof.conf +++ b/utils/test/logprof.conf @@ -52,7 +52,7 @@ /usr/lib/YaST2/servers_non_y2/ag_genprof = u /usr/lib/YaST2/servers_non_y2/ag_logprof = u - # these ones shouln't have their own profiles + # these ones shouldn't have their own profiles /bin/awk = icn /bin/cat = icn /bin/chmod = icn diff --git a/utils/test/test-file.py b/utils/test/test-file.py index 3e285cfef..8db7f7a42 100644 --- a/utils/test/test-file.py +++ b/utils/test/test-file.py @@ -1085,7 +1085,7 @@ class FileGetPermsForPath_2(AATest): (('/foo/bar', False, True ), {'allow': {'all': set(), 'owner': set() }, 'deny': {'all': FileRule.ALL, 'owner': set() }, 'paths': set() }), (('/etc/foo/dovecot-deny.conf', False, True ), {'allow': {'all': set(), 'owner': set() }, 'deny': {'all': FileRule.ALL, 'owner': set() }, 'paths': {'/etc/foo/dovecot-deny.conf' } }), (('/etc/foo/foo.conf', False, True ), {'allow': {'all': set(), 'owner': set() }, 'deny': {'all': FileRule.ALL, 'owner': set() }, 'paths': set() }), - # (('/etc/foo/owner.conf', False, True ), {'allow': {'all': set(), 'owner': {'w'} }, 'deny': {'all': FileRule.ALL, 'owner': set() }, 'paths': {'/etc/foo/owner.conf' } }), # XXX doen't work yet + # (('/etc/foo/owner.conf', False, True ), {'allow': {'all': set(), 'owner': {'w'} }, 'deny': {'all': FileRule.ALL, 'owner': set() }, 'paths': {'/etc/foo/owner.conf' } }), # XXX doesn't work yet ] def _run_test(self, params, expected): diff --git a/utils/test/test-libapparmor-test_multi.py b/utils/test/test-libapparmor-test_multi.py index 1c61eef9e..1ae8f6f2f 100644 --- a/utils/test/test-libapparmor-test_multi.py +++ b/utils/test/test-libapparmor-test_multi.py @@ -296,7 +296,7 @@ def find_test_multi(log_dir): return tests -# if a logfile is given as parameter, print the resulting profile and exit (with $? = 42 to make sure tests break if the caller accidently hands over a parameter) +# if a logfile is given as parameter, print the resulting profile and exit (with $? = 42 to make sure tests break if the caller accidentally hands over a parameter) if __name__ == '__main__' and len(sys.argv) == 2: print(logfile_to_profile(sys.argv[1])[1]) exit(42) diff --git a/utils/vim/apparmor.vim.in b/utils/vim/apparmor.vim.in index e2677d83f..98d18c458 100644 --- a/utils/vim/apparmor.vim.in +++ b/utils/vim/apparmor.vim.in @@ -109,7 +109,7 @@ syn match sdError /^.*$/ contains=sdComment "highlight all non-valid lines as er " TODO: the sdGlob pattern is not anchored with ^ and $, so it matches all lines matching ^@{...}.* " This allows incorrect lines also and should be checked better. -" This also (accidently ;-) includes variable definitions (@{FOO}=/bar) +" This also (accidentally ;-) includes variable definitions (@{FOO}=/bar) " TODO: make a separate pattern for variable definitions, then mark sdGlob as contained syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z][a-zA-Z0-9_]*\}/ @@ -121,7 +121,7 @@ syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntr " TODO: support audit and deny keywords for all rules (not only for files) -" TODO: higlight audit and deny keywords everywhere +" TODO: highlight audit and deny keywords everywhere " Capability line