mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge [2.13] fix build with make 4.3

Browse source 
his MR backports the patches for make 4.3 compability to the 2.13 branch.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/74
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1167953
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2020-03-31 22:05:47 +00:00
commit 92f6679da9
7 changed files with 44 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
common/Make.rules
View file

@ -74,40 +74,6 @@ endif
pod_clean: pod_clean:
-rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp -rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
# =====================
# generate list of capabilities based on
# /usr/include/linux/capabilities.h for use in multiple locations in
# the source tree
# =====================
# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LC_ALL=C sort)
.PHONY: list_capabilities
list_capabilities: /usr/include/linux/capability.h
@echo "$(CAPABILITIES)"
# =====================
# generate list of network protocols based on
# sys/socket.h for use in multiple locations in
# the source tree
# =====================
# These are the families that it doesn't make sense for apparmor
# to mediate. We use PF_ here since that is what is required in
# bits/socket.h, but we will rewrite these as AF_.
FILTER_FAMILIES=PF_UNIX
__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
# emits the AF names in a "AF_NAME NUMBER," pattern
AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e '/$(__FILTER)/d' -e 's/PF_LOCAL/PF_UNIX/' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
.PHONY: list_af_names
list_af_names:
@echo "$(AF_NAMES)"
# ===================== # =====================
# manpages # manpages
# ===================== # =====================

19
common/list_af_names.sh Executable file
View file

@ -0,0 +1,19 @@
#!/bin/bash -e
# =====================
# generate list of network protocols based on
# sys/socket.h for use in multiple locations in
# the source tree
# =====================
# It doesn't make sence for AppArmor to mediate PF_UNIX, filter it out. Search
# for "PF_" constants since that is what is required in bits/socket.h, but
# rewrite as "AF_".
echo "#include <sys/socket.h>" | \
cpp -dM | \
LC_ALL=C sed -n \
-e '/PF_UNIX/d' \
-e 's/PF_LOCAL/PF_UNIX/' \
-e 's/^#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$/AF_\1 \2,/p' | \
sort -n -k2

14
common/list_capabilities.sh Executable file
View file

@ -0,0 +1,14 @@
#!/bin/bash -e
# =====================
# generate list of capabilities based on
# /usr/include/linux/capabilities.h for use in multiple locations in
# the source tree
# =====================
echo "#include <linux/capability.h>" | \
cpp -dM | \
LC_ALL=C sed -n \
-e '/CAP_EMPTY_SET/d' \
-e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$/CAP_\1/p' | \
LC_ALL=C sort

15
parser/Makefile
View file

@ -281,14 +281,13 @@ parser_version.h: Makefile
# as well as the filtering that occurs for network protocols that # as well as the filtering that occurs for network protocols that
# apparmor should not mediate. # apparmor should not mediate.
.PHONY: af_names.h af_names.h: ../common/list_af_names.sh
af_names.h: ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n/pg' > $@
echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n\n/pg' > $@ ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/AF_MAX[ \t]\+\([0-9]\+\),\?.*/\n#define AA_AF_MAX \1\n/p' >> $@
echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/.*,[ \t]\+AF_MAX[ \t]\+\([0-9]\+\),\?.*/#define AA_AF_MAX \1\n/p' >> $@
# cat $@ # cat $@
cap_names.h: /usr/include/linux/capability.h cap_names.h: /usr/include/linux/capability.h
echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@ ../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS}) tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS})
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS) $(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
@ -304,10 +303,7 @@ tests: apparmor_parser ${TESTS}
sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test}; done' sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test}; done'
$(Q)$(MAKE) -s -C tst tests $(Q)$(MAKE) -s -C tst tests
# always need to rebuild. $(AAREOBJECT): FORCE
.SILENT: $(AAREOBJECT)
.PHONY: $(AAREOBJECT)
$(AAREOBJECT):
$(MAKE) -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)" $(MAKE) -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)"
.PHONY: install-rhel4 .PHONY: install-rhel4
@ -408,3 +404,4 @@ clean: pod_clean
$(MAKE) -s -C po clean $(MAKE) -s -C po clean
$(MAKE) -s -C tst clean $(MAKE) -s -C tst clean
FORCE:

2
utils/Makefile
View file

@ -80,7 +80,7 @@ clean: pod_clean
.SILENT: check_severity_db .SILENT: check_severity_db
check_severity_db: /usr/include/linux/capability.h severity.db check_severity_db: /usr/include/linux/capability.h severity.db
# The sed statement is based on the one in the parser's makefile # The sed statement is based on the one in the parser's makefile
RC=0 ; for cap in ${CAPABILITIES} ; do \ RC=0 ; for cap in $(shell ../common/list_capabilities.sh) ; do \
if ! grep -q -w $${cap} severity.db ; then \ if ! grep -q -w $${cap} severity.db ; then \
echo "Warning! capability $${cap} not found in severity.db" ; \ echo "Warning! capability $${cap} not found in severity.db" ; \
RC=1 ; \ RC=1 ; \

2
utils/test/test-network.py
View file

@ -31,7 +31,7 @@ exp = namedtuple('exp', ['audit', 'allow_keyword', 'deny', 'comment',
class NetworkKeywordsTest(AATest): class NetworkKeywordsTest(AATest):
def test_network_keyword_list(self): def test_network_keyword_list(self):
rc, output = cmd(['make', '-s', '--no-print-directory', 'list_af_names']) rc, output = cmd('../../common/list_af_names.sh')
self.assertEqual(rc, 0) self.assertEqual(rc, 0)
af_names = [] af_names = []

6
utils/vim/create-apparmor.vim.py
View file

@ -45,19 +45,19 @@ def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, s
return [sp.returncode, out + outerr] return [sp.returncode, out + outerr]
# get capabilities list # get capabilities list
(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities']) (rc, output) = cmd(['../../common/list_capabilities.sh'])
if rc != 0: if rc != 0:
sys.stderr.write("make list_capabilities failed: " + output) sys.stderr.write("make list_capabilities failed: " + output)
exit(rc) exit(rc)
capabilities = re.sub('CAP_', '', output.strip()).lower().split(" ") capabilities = re.sub('CAP_', '', output.strip()).lower().split('\n')
benign_caps = [] benign_caps = []
for cap in capabilities: for cap in capabilities:
if cap not in danger_caps: if cap not in danger_caps:
benign_caps.append(cap) benign_caps.append(cap)
# get network protos list # get network protos list
(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_af_names']) (rc, output) = cmd(['../../common/list_af_names.sh'])
if rc != 0: if rc != 0:
sys.stderr.write("make list_af_names failed: " + output) sys.stderr.write("make list_af_names failed: " + output)
exit(rc) exit(rc)