mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1503 commits 23 branches 109 tags 32 MiB
Commit graph

1503 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kees Cook
3c43ce869c have "enforce" command clear out symlink directories, from Ubuntu 2009-11-11 11:38:26 -08:00
Kees Cook
190329745d handle new null profile logs, handle new include directories. from ubuntu branch 2009-11-11 11:37:30 -08:00
Kees Cook
b4c355e17e actually add caching tests 2009-11-11 11:07:50 -08:00
Kees Cook
4173f0a558 deal with socket types to ignore, handle backward compat for earlier AF_MAX value 2009-11-11 10:58:57 -08:00
Kees Cook
0d2518551f provide kernel version caching, along with ability to test caching subsystem 2009-11-11 10:56:04 -08:00
Kees Cook
6fa3406b0e update more documentation, update Debian start-up script for LSB, flip logprof repo 2009-11-11 10:51:05 -08:00
Kees Cook
da6c9246f5 clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
Jamie Strandboge
84565d5407 abstractions/gnome: add /etc/gnome/defaults.list 2009-11-10 14:04:26 -06:00
Jamie Strandboge
b0ae3243d5 use bits/socket.h rather than linux/socket.h, fixing FTBFS with newer 
kernels (ie >= 2.6.32)
 2009-11-04 17:40:20 -06:00
Jamie Strandboge
6e42e18191 have dnsmasq in enforce mode 2009-11-04 14:30:43 -06:00
Jamie Strandboge
694c9916b9 pull in Ubuntu updates to profiles/apparmor.d 2009-11-04 14:25:42 -06:00
Steve Beattie
4265cecdfa From: Marc Deslauriers <marc.deslauriers@ubuntu.com> 
Acked-By: Steve Beattie <steve@ubuntu.com>
Ref: https://bugs.launchpad.net/bugs/431929

Parse log entries containing an ouid.

(I added a testcase to Marc's fix.)
 2009-09-18 21:13:04 +00:00
Kees Cook
317a3a0ad2 load test profiles from commandline instead of stdin 2009-08-25 00:26:57 +00:00
John Johansen
0018491c1e Add basic changeprofile re test and enable changeprofile tests by default 2009-08-21 20:39:45 +00:00
John Johansen
aced280818 Make cache warning respect the quiet flag 2009-08-20 23:48:32 +00:00
John Johansen
0320e0e849 Update changeprofile tests 
Have the parser skip the caches
 2009-08-20 23:46:48 +00:00
John Johansen
e43065cfe0 Add user side support for pux exec mode 2009-08-20 15:41:10 +00:00
John Johansen
6998f6fc3d Add 64bit capabilities 2009-08-20 15:27:12 +00:00
John Johansen
747d7da402 Revert broken 64bit capabilities patch 2009-08-20 15:26:12 +00:00
John Johansen
c80b2c9766 Fix library resolution when linux-vdso.so.1 is used instead of 
linux-vdso32.so.1 or linux-vdso64.so.1
 2009-08-20 12:33:29 +00:00
John Johansen
ed8530d9b6 start of some changeprofile tests 2009-08-20 04:13:08 +00:00
Kees Cook
7e962a409c expand short-option list to include -T 2009-08-19 15:07:53 +00:00
Kees Cook
bf7c9c8567 document missing options in the apparmor_parser man page 2009-08-19 14:45:05 +00:00
Kees Cook
07d3b17eb4 add --skip-read-cache to allow for --write-cache when -r should happen without reading the old cached profiles 2009-08-19 14:44:40 +00:00
John Johansen
9e27a95b8e Enable profile names with regular expressions. This requires a newer 
kernel.
 2009-07-30 06:09:19 +00:00
John Johansen
4f3e6daae9 Fix the clone regression test so that the correct end of the stack is 
used.
 2009-07-28 02:17:10 +00:00
John Johansen
9c532c444b Add a couple capability tests 2009-07-25 03:57:22 +00:00
John Johansen
22d883b4d3 cleanup asprintf return value being ignored warnings 2009-07-24 23:47:46 +00:00
John Johansen
c8fa7815a6 Update capabilities to support 64 bit caps 2009-07-24 23:37:03 +00:00
Steve Beattie
b8cde97ab7 Bah, the whole using linux/socket.h get AF_* tokens versus sys/socket.h 
thing again. Fix to use the kernel's definition of AF_MAX in
linux/socket.h if it's larger than glibc's AF_MAX definition in
sys/socket.h and add a wrapper function so that we don't have include
af_names.h everywhere.

Also, fix memory leaks around the handling of network entries of
policies.
 2009-07-24 17:24:41 +00:00
Kees Cook
098598c98d update short-option list to match the long-option list 2009-07-24 14:57:10 +00:00
Steve Beattie
f9c5756b4d * fix a few more memory leaks 
* undocumented symbol table dumping short options weren't actually
   accepted by the parser.
 2009-07-24 13:24:53 +00:00
Steve Beattie
1b069745b3 * fix another small memory leak in #include handling 
* more code formatting changes because I'm a jerk whose mental lexer
   needs whitespace to properly tokenize code.
 2009-07-24 12:18:12 +00:00
Steve Beattie
5a8a692628 Bah, revert in-progress change that accidentally got committed in rev 
1421.
 2009-07-24 12:06:17 +00:00
Steve Beattie
da52731c75 * fix small memory leak in parser_main.c 
* fixup instances of my inability to spell separator
  * minor code formatting cleanup in parser_lex.l
 2009-07-24 11:56:07 +00:00
Steve Beattie
ed86641695 Fixup testcase description. 2009-07-24 11:34:30 +00:00
Steve Beattie
f579d5efe6 Add a couple more situations around include suffix ignoring. 2009-07-24 11:11:39 +00:00
John Johansen
a7a1cb3827 test for ignored suffixes 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:38:10 +00:00
John Johansen
ab3d7edcdc add loading from and writing to cache options 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:36:09 +00:00
John Johansen
33d01a980a allow multiple profiles to be parsed from the command line 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:39 +00:00
John Johansen
af902dddf1 during policy load, return errors instead of exiting 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:19 +00:00
John Johansen
1fd75ff4f4 actually use -q when loading 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:54 +00:00
John Johansen
c4c430dcd0 fix comments to be non-recursive 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:30 +00:00
John Johansen
627c044e4d add parser subsystem reset functions 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:11 +00:00
John Johansen
0137b992b4 move -D_GNU_SOURCE to Makefile for parser_lex.l to gain it 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:39 +00:00
John Johansen
397ead10af add aare_reset_matchflags() to reset match flags 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:09 +00:00
John Johansen
6afe6185be Fix change_profile so that it works with regular expressions (lpn390810) 
Change_profile was broken so that it couldn't parse expressions that
weren't path based or started with a variable.  Furthermore if the name
held any expressions it was not hanlded correctly, as it was being passed
directly to dfa conversion without going through glob -> pcre conversion.
 2009-07-23 21:18:37 +00:00
Steve Beattie
298b32e82e Fix up another include test that was failing for the wrong reason. 2009-07-23 20:38:59 +00:00
Steve Beattie
f67f92652a Fix up a couple of testcase includes that got broken in the reorg. 2009-07-23 20:27:54 +00:00
John Johansen
8a780d6f6d Rearrange tests into subdirectories, so that it is easier to see what tests 
are currently present.
 2009-07-23 07:42:57 +00:00