file that prevented it from working correctly on systems where /bin/sh
isn't bash, and is probably more readable to boot. It still will parse
things properly when confined binaries or thier corresponding profiles
contain spaces in their names.
Fix based on feedback and patches from Arkadiusz Miskiewicz
<arekm@maven.pl>/PLD and Kees Cook/Ubuntu.
This causes the dfa engine to not strip trailing /
and to handle /*/ /**/ and /* and /** cases specially so that directories
don't get matched unintentionally
aare pcre
/foo/* -> /foo/[^/][^/]* so the dir /foo/ will not match the rule
/foo/** -> /foo/[^/].*
/*/foo -> /[^/][^/]*/foo so the rule won't match //foo
/**/foo -> /[^/].*/foo
rules that contain more than a * or ** between dir / elements do not
get converted, ie.
/foo*
/foo**
/foo*/
/foo**/
/*foo
/**foo
/*foo/
/**foo/
there is a known case where this patch is incomplete. When there
exists an alternation that can be empty and * or ** ie.
/{foo,}*
/{foo,*}
bashisms which were in place to get around PWD not getting set
correctly. Instead, fix the simple.pl script to call pwd directly.
Based on feedback from PLD/Arkadiusz Miskiewicz <arekm@maven.pl>.
the former isn't supported on glibc before glibc 2.4 (SL10.0 and prior,
Annvix, etc.). I dislike the change because fdopendir() does exactly
what I want, and converting to straight opendir() introduces a small
race window, though paths in question should be under administrator
control anyway.
automatically added to the set of languages to be built and installed
unless they are explicitly added to the set of disabled translations.
This eliminates the need to manually add a lang to the Makefile when a
new translation is submitted (svn add will still be necessary).
uses the linux kernel definitions of them.
(It also adds to the simple capbilities regression tests verifying the
parser can parse the new audit capiability names.)
Also add some history to the changelog in the specfile, clean up some
whitespace issues, eliminate no longer needed bogus LC_MESSAGES dir to
work around SUSE autobuild, seems to have been addressed.
by naming the directory (e.g. #include </etc/apparmor.d/abstractions>).
It will skip over dotfiles and as well as subdirectories. It is intended
to make scripting and packaging easier, as the including profile will
not need to know explicitly all of the names to include.
Long term, rather than hardcode that dotfiles will be skipped, it should
be configurable via /etc/apparmor.d/subdomain what patterns of files
should be skipped; genprof/logprof should also honor this setting. The
code could be reused as I'd like to make the parser just take a directory
on the command line rather than being fed profiles one at a time; again
it would skip files based on these same patterns.
This patch also eliminates some dead code in the include processing, as
well as replaces a couple of undersized fixed-size buffer (PATH_MAX is
4095 on linux, buffer is not overflowable due to use of strncpy/snprintf)
with dynamically allocated ones.
