mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
7777 commits 23 branches 109 tags 32 MiB
Commit graph

156 commits

Author SHA1 Message Date
Steve Beattie
5dc2a8a487 Use libimmunix on suse 10.0 (and earlier) 2007-08-08 06:28:22 +00:00
Matt Barringer
d1640ad894 - Removing config.h.in 2007-08-07 19:09:48 +00:00
Matt Barringer
e04d4a309f - Added "protocol", "family" and "sock_type" to the parser to 
support the initial network support.
 2007-08-06 02:38:30 +00:00
Matt Barringer
ab87fbfb94 - Was previously under the belief that pid="1234" and 
magic_token="1245353" were correct syntax from the kernel.
  It turns out this is not the case.
 2007-08-05 22:54:41 +00:00
Steve Beattie
e654adf876 Fix up a couple of issues that were preventing things from building. 2007-07-31 05:35:07 +00:00
Matt Barringer
5ee0d57d60 - Updated extconf.rb to reflect the library merging 2007-07-31 03:20:12 +00:00
Steve Beattie
9eb8b7459f Fixup dependency on libapparmor-devel for non-suse dists. 2007-07-30 19:05:21 +00:00
Steve Beattie
bf0d391818 Fix dependencies for older versions of opensuse. 2007-07-30 18:48:00 +00:00
Steve Beattie
68c51fa152 From aj@suse.de: Fix permissions of README file. 2007-07-30 07:30:24 +00:00
Steve Beattie
09e0b627fa Convert builddep on libapparmor to libapparmor-devel 2007-07-30 07:18:07 +00:00
Steve Beattie
4150a569a7 Get rid of crufty crap that causes autobuild to fail. 2007-07-30 05:36:23 +00:00
Steve Beattie
01be9c93e3 Convert libapparmor build dependency to libapparmor-devel. 2007-07-30 05:18:39 +00:00
Steve Beattie
84db5d71e3 Convert build dependency on libapparmor to libapapparmor-devel 2007-07-30 05:05:42 +00:00
Matt Barringer
1b80dff02d - Using asprintf instead of snprintf 2007-07-29 06:05:41 +00:00
Matt Barringer
85eecb0dae - I'm not sure why scanner.l thought it should be generating 
lex.yy.c instead of scanner.c, but that just isn't right.
- There was an unpleasant bug in the audit id recreation 
  part of grammar.y that was causing memory corruption.
  It is now fixed.
 2007-07-29 04:37:22 +00:00
Matt Barringer
4bea1da54c - Merged the library previously known as "libaalogparse" with 
libapparmor.
- Moved the old libapparmor library to libapparmor-deprecated.
 2007-07-28 15:41:04 +00:00
Matt Barringer
65f4025e15 2007-07-28 15:38:27 +00:00
Dominic Reynolds
c7fbd14641 Changes to work with tomcat5.5: changed apis to the logging framework 
and request pipeline.
 2007-05-21 20:39:41 +00:00
Dominic Reynolds
74b2bfae95 Add directory for tomcat_5_5 plugin (used in openSUSE 10.3) 2007-05-21 19:58:58 +00:00
Steve Beattie
feb167c51a Move some common manpage cleanup to common/Make.rules (and clean up 
pod2html tmpfiles). Also mark manpages to be ignored by svn.
 2007-04-03 20:12:16 +00:00
Steve Beattie
83eee1b4c6 Subject: Add mod_apparmor(8) to apache2-mod_apparmor package 
Move the mod_apparmor(8) manpage to the apache2-mod_apparmor package.
 2007-04-03 19:17:20 +00:00
Steve Beattie
38f4817876 Subject: Add change_hat(2) to libapparmor package 
Move change_hat(2) manpage to libapparmor package.
 2007-04-03 19:08:50 +00:00
Steve Beattie
5ec36e6c2b I cretanily maek lost fo tyops, smoetimes. 2007-03-21 02:01:49 +00:00
Seth Arnold
263843da4b typo fix; usernmae --> username 2007-03-20 22:04:21 +00:00
Jesse Michael
1de5bdbacc fix missing include to silence compiler warnings 2007-03-13 16:52:28 +00:00
Jesse Michael
505155a48e use the appropriate pam_modutil_* wrapper functions if possible 2007-03-13 16:29:03 +00:00
Steve Beattie
51d047ba35 Set %distro macro correctly when building against fedora core on 
opensuse's buildservice (http:://build.opensuse.org)
 2007-01-18 07:33:09 +00:00
Steve Beattie
c72cf57b65 Add a %clean stage to remove the buildroot when done building; this was messing up subsequent builds that used the same buildroot. 2007-01-18 06:11:00 +00:00
Dominic Reynolds
967d5a4f87 Fix for BZ# 230011 (https://bugzilla.novell.com/show_bug.cgi?id=230011) - add checks for passing "" or NULL as hatname in the ChangeHatValve and JNI changehat wrapper function 2006-12-20 18:00:14 +00:00
Steve Beattie
e3503227d5 Fixup changelog, in specfile and changes file. 2006-11-07 22:08:48 +00:00
Steve Beattie
af33afe8f7 Convert the rest of the packages to symlinking in the common directory 
so that 'make dist' will work.
 2006-11-04 21:34:47 +00:00
Steve Beattie
34119ab329 Get rid of older Make.rules hardlink. 2006-11-04 19:16:36 +00:00
Steve Beattie
3949b95110 Baby step to making 'make dist' actually work. this will mean common/ 
will be a symlink in the directory.
 2006-11-03 10:19:42 +00:00
Steve Beattie
4766dc8db0 'make' and 'make all' should probably just build the apache module and 
not the rpm. 'make rpm' should still work.
 2006-10-31 17:00:55 +00:00
Steve Beattie
a3a6238378 Complete renaming of apache2-mod-apparmor to apache2-mod_apparmor. 
(part two of two)
 2006-10-31 16:58:13 +00:00
Steve Beattie
9105494945 Rename apache2-mod-apparmor to apache2-mod_apparmor to conform to SUSE 
style (even if it means a consistent name can't be used on debian :-/).
(part one of two).
 2006-10-31 16:56:11 +00:00
Steve Beattie
53f1a9cdc5 (from jmichael@suse.de) 
This patch adds support for a 'debug' flag to the pam_apparmor pam
module, which will cause it to report more of its attempted operations
to syslog.
 2006-10-31 16:33:02 +00:00
Steve Beattie
8cf0339798 Set svn:keywords proprty on added files from last commit. 2006-10-31 16:02:07 +00:00
Steve Beattie
36523dc023 This (updated) patch provides some limited configurability for 
pam_apparmor pam module. The default behavior is to use the user's
primary groupname, and to fall back to the DEFAULT hat. You can change
this behavior by appending order=type1[,type2,type3] to the pam_apparmor
session line in the pam config for the application you're applying
pam_apparmor to. The available types are 'user' for username, 'group'
for groupname, and 'default' for DEFAULT. Thus, adding a configuration
entry like:

  session  optional       pam_apparmor.so order=group,default

is equivalent to the default behavior for pam_apparmor.

The parse_option code got a little more complicated than I'd hoped
it would be; I could have just had types by space delimited options to
module, but I thought I'd leave open the possibility of adding additional
options to the module ('debug' immediately comes to mind).

I disabled the short-circuit that occurs if EPERM is returned by
change_hat, as we can't detect that this is because there's no hats or
that the application is entirely undefined; if ECHILD makes it in then
we can re-enable this.

I am less convinced now that pam_apparmor needs to be 'optional' than
'required'; killing the session if none of the change_hats succeeds is
starting to feel like reasonable behavior.

---
 changehat/pam_apparmor/Makefile             |   11 +
 changehat/pam_apparmor/README               |   74 +++++++++++++
 changehat/pam_apparmor/get_options.c        |  157 ++++++++++++++++++++++++++++
 changehat/pam_apparmor/pam_apparmor.c       |  155 +++++++++++++++++++--------
 changehat/pam_apparmor/pam_apparmor.h       |   56 +++++++++
 changehat/pam_apparmor/pam_apparmor.spec.in |    2 
 6 files changed, 406 insertions(+), 49 deletions(-)
 2006-10-31 15:54:47 +00:00
Steve Beattie
36b6bb11bf Add license/COPYING file. We use the same license as Linux PAM here as 
(according to the comments) the code started out based on the pam_motd
module (included with that package).
 2006-10-25 20:28:40 +00:00
Steve Beattie
2a67f47bce Remove automatic editing of pam's session-common files. 
Use RPM_OPT_FLAGS for CFLAGS when building with rpm.
Cleanup older tarballs during make clean.
 2006-10-25 20:13:48 +00:00
Jesse Michael
648cbe970c - change pam_apparmor to try to change to a hat based on the name of the 
user's primary group instead of one based on their username.
- add new calls to pam_syslog() to aid in diagnosing problems.
 2006-10-23 18:12:39 +00:00
Dominic Reynolds
8098087993 Moved definition of variables to top of spec file. The previous 
placement (between %description and %prep) caused a problem with the
build system.
 2006-10-17 17:00:15 +00:00
Dominic Reynolds
54591d5804 Remove whitepace indent on %define of CATALINA_HOME in the spec file - as it was not getting expanded with the indent by the build system. 2006-10-17 14:55:53 +00:00
Steve Beattie
415de7ba8e Add a configurable setting for the location of ldconfig; convert 
libapparmor to using ldconfig to generate its so-version library
symlink.
 2006-10-16 21:08:58 +00:00
Dominic Reynolds
b4abae7ebc Packaging changes for build system, added check for EPERM to detect 
errors when process is not confined (or other error).
 2006-10-16 20:48:28 +00:00
Steve Beattie
d25c6c8fcd Convert pam_apparmor package to just use the svn repo version for its 
minor revision number.
 2006-10-11 17:59:44 +00:00
Steve Beattie
5b3efd982f Unfortunately, the forge website(s) don't provide information on how to 
use the change_hat(2) function; point them at the manpage for usage
information.
 2006-09-28 06:45:55 +00:00
Jesse Michael
4f4a56859e Thorsten Kukuk (kukuk@suse.de) pointed out a couple problems with 
pam_apparmor and here's a patch to address most of them--

 * header comment was incorrect
 * use pam_get_user() instead of pam_get_item()
 * return an error if we're unable to change to the DEFAULT hat

In addition, this has a fix to make sure that the magic token we read
from /dev/urandom is not null (which would cause the hat probing to fail 
if we need to fall back to the DEFAULT hat).
 2006-09-14 12:44:01 +00:00
Dominic Reynolds
704e1e4d36 Initial checkin 2006-08-16 16:32:49 +00:00