mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1185 commits 23 branches 109 tags 32 MiB
Commit graph

210 commits

Author SHA1 Message Date
John Johansen
052c58403d fix init script dependency to use $null on stop 2008-11-07 14:11:34 +00:00
John Johansen
5b97455878 Improve dfa generation. 
Apply tree factoring and simplification techniques to reduce the number of
states used in computing the dfa.  This can have an exponential impact
on both space and time for dfa generation.
 2008-11-07 13:00:05 +00:00
John Johansen
8db35802f9 allow external hats to begin with ^ 2008-11-07 12:54:52 +00:00
John Johansen
6c39288cec fix init script functions so that they don't make use of utilities from 
/usr/bin, which will break /usr if they are on a remote filesystem
 2008-11-07 12:53:37 +00:00
John Johansen
ecf9412623 Update translation files 2008-11-07 12:01:08 +00:00
John Johansen
7d6b94b4c2 fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
John Johansen
6911dfd7d6 Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
John Johansen
42c43bb520 fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:33:57 +00:00
John Johansen
6b6c57887c Reverting previous commit. 2008-11-07 01:31:19 +00:00
John Johansen
1b0dd32cca fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:19:55 +00:00
John Johansen
fe07cb1e6c fix miss spell word transtion bnc383310 2008-09-12 06:52:39 +00:00
John Johansen
c149ae6097 Finish adding support to allow the parser to loaded dumped profiles 
generated using
  apparmor_parser profile -S >binary_profile

can now be loaded using
  apparmor_parser -B binary_profile
 2008-09-10 08:44:53 +00:00
John Johansen
ac88f71c63 Allow the parser to load opensuse 11.0 style hats and newer 2.3 style hats 2008-09-10 08:42:49 +00:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
John Johansen
2781d88abc update help message 2008-06-09 22:15:28 +00:00
John Johansen
58b8a58e86 Patch from zbyniu to allow parser to build on glibc (<2.4) 2008-06-09 21:17:41 +00:00
John Johansen
f670eaf464 output the names only list before post processing the policy 2008-06-09 21:15:17 +00:00
John Johansen
100ff7cabb Update to allow external hats by specifying the hat keyword in front of 
the profile name.
 2008-06-09 12:00:42 +00:00
John Johansen
d8df8830f1 add hat flag and add it automatically for embedded hats 
remove hat rules
 2008-06-09 11:48:13 +00:00
John Johansen
8f13e0d60d - fix rcapparmor stop. Have it dump the loaded profile list to a file before 
removing profiles, as the list is unstable after additions or removals.
- Add the ability to loaded precompiled policy by specifying the -B
  option, which can be combined with --add or --replace
 2008-06-09 10:00:28 +00:00
John Johansen
0c95606e03 let the parser add the change_hat rule 2008-06-08 09:32:12 +00:00
John Johansen
3b11aa9050 Remove hat rules. In large policies the number of hat rules becomes 
problematic, hat rules can be replaced with simple hat flag on a profile.
 2008-06-08 09:02:27 +00:00
John Johansen
b2f4863231 Fix to stop leaking the dfa ruleset. On large policies containing lots of 
hats this will result in a marked improvement on memory usage.
 2008-06-08 08:56:37 +00:00
John Johansen
be495f2125 fix 
- rc.apparmor.functions were not correctly removing profiles on replace and
  reload, also convert to using the module interface directly bypassing the
  parser.
- fix cx ->  named transitions
- fix apparmor_parser -N so that it emits hats as profiles under new kernel
  modules.  This is the correct behavior as hats are promoted to profiles.
 2008-06-04 07:24:38 +00:00
John Johansen
787cb39f81 fix profile unloading, and make it faster by skipping the parser and going 
directly to the unload interface.  This means that the init script will no
longer run on very old versions of AppArmor (pre 2.0)
 2008-05-29 23:10:27 +00:00
John Johansen
934e00a1de commit patch provided by arekm 
- remove bashism from initscript
- fix segfault in apparmor_parser on x86-64
 2008-05-29 18:58:18 +00:00
John Johansen
8c47189e19 update names output so that profile reload works correctly with hats and local profiles 2008-05-29 06:09:34 +00:00
John Johansen
84cd045d53 exclude AF_CAN for now 2008-05-26 10:22:56 +00:00
John Johansen
4dd8db05b8 fix previous patch to allow for white space seperating profile keyword and profile name 2008-05-22 20:11:03 +00:00
John Johansen
44e22c56f9 update translations 2008-05-22 09:26:15 +00:00
John Johansen
c207df96bb allow profile name following profile keyword to be any valid name. NOTE: this breaks namespaces currently 2008-05-22 09:16:46 +00:00
John Johansen
10a2b621f4 fix initscript removal of profiles without attachment specification 2008-04-24 18:34:21 +00:00
John Johansen
3efb4ea353 allow bare x in named transitions 2008-04-18 00:40:40 +00:00
Steve Beattie
c0275d06eb Fix up some dependencies in parser_misc.c's unit test build. 2008-04-16 16:27:23 +00:00
Steve Beattie
e41a326ef5 Add a flag so that 'make check V=1' will turn on verbose output. 2008-04-16 16:09:36 +00:00
John Johansen
ee03760c1d disable named transition conversion to cx. Needs to be reworked 2008-04-16 08:48:06 +00:00
John Johansen
11f925abba fix named transition, enable cx to imply transition to local profile, without having to specify name 2008-04-16 06:54:51 +00:00
John Johansen
015df061e3 Named transition - but disabled due to a bug 2008-04-16 04:45:02 +00:00
John Johansen
db34aac811 Basis for named transitions 2008-04-16 04:44:21 +00:00
John Johansen
051a3f8c01 add missing parser_alias.c + fix parameter bug in parser.h 2008-04-11 17:43:22 +00:00
Steve Beattie
666a8ec51b Fix up prototype error. 2008-04-10 22:24:35 +00:00
John Johansen
16b5a26306 update for ptrace rules 2008-04-09 23:56:31 +00:00
John Johansen
4dd0e8ead8 allow for ptrace rules 2008-04-09 09:04:08 +00:00
John Johansen
78590d1823 allow for simpe alias rules 2008-04-09 09:03:17 +00:00
John Johansen
b742da7751 allow <= to be used instead of subset in link rules 2008-04-09 09:02:51 +00:00
John Johansen
add2b93657 update interface version 2008-04-08 20:30:06 +00:00
John Johansen
aba82ff427 reject rlimit cpu in the parser 2008-04-07 04:26:02 +00:00
John Johansen
831f2e252c add missing tests 2008-04-06 18:57:05 +00:00
John Johansen
ecf6b55baf let a profile control a tasks rlimits 2008-04-06 18:55:46 +00:00
John Johansen
34f2c96700 let a profile set a tasks caps, similar to fscaps 2008-04-06 18:55:27 +00:00