mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1652 commits 23 branches 109 tags 32 MiB
Commit graph

109 commits

Author SHA1 Message Date
Steve Beattie
0cfa2b2cf8 From: Jeff Mahoney <jeffm@suse.com> 
Rip out a little bit of crufty old compatibility code with immunix.h and
support directly building with in-tree libapparmor.
 2011-02-08 08:18:36 -08:00
Steve Beattie
37ac8ede4f From: Jeff Mahoney <jeffm@suse.com> 
Subject: adjust includes for pam_apparmor to point at the intree version
of libapparmor, rather than depend on an external version to be
installed.
 2011-02-08 07:21:20 -08:00
Kees Cook
723a20ba7d as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
Jamie Strandboge
49f27414e0 update the man pages to: 
* add Canonical to the headers of the pod files touched
  * use aa_change_hat() instead of change_hat() (LP: #692216)
  * use http://wiki.apparmor.net in the SEE ALSO
  * use http://https://bugs.launchpad.net/apparmor/+filebug for bugs
  * prefix 'aa-' in SEE ALSO section for utilities (eg, 'aa-complain' for
    'complain')
 2010-12-20 13:47:09 -06:00
Jamie Strandboge
77b864527a changehat/mod_apparmor/mod_apparmor.pod: make several clarifications and 
add a summary for the order of operations
 2010-12-20 13:45:56 -06:00
Jamie Strandboge
7296af3f39 mod_apparmor.pod: adjust for Canonical, launchpad and Ubuntu binaries and tools 2010-12-20 08:35:00 -06:00
Steve Beattie
6c31d0d894 This commit teaches pam_apparmor about the current errno returned by the 
kernel when the hat that was passed does not exist in the profile (but
other hats exist). It also removes the very old EPERM case, which hasn't
been accurate for a while. (LP: #619521)
 2010-08-19 08:24:41 -07:00
Kees Cook
da6c9246f5 clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
John Johansen
7d30be5087 move libapparmor into the libraries directory 2008-05-19 22:48:31 +00:00
John Johansen
4016ae5fb3 bump version to 2.3 2008-04-07 18:37:57 +00:00
John Johansen
6eb48919ee Add test cases for user::other perms, error_code, namespaces, fsuid that got left out of previous commit 2008-03-13 10:57:46 +00:00
John Johansen
fe2502ed2d - Add support for fsuid & error_code. 
- Fix leak in not freeing namespace.
- Add tests
  - old style link
  - log with namespace, user::other perms, fsuid, error_code
 2008-03-11 14:37:40 +00:00
John Johansen
aec1d504fe Update library to support messages fed a dispatcher from audit. Audit 
sends messages to dispatcheres without the type=X string prepended.
So update the library so the dbus dispatcher doesn't have to prepend
the audit type information before trying to parse the message.
 2008-03-02 12:57:39 +00:00
John Johansen
a0cafba8c5 This patch modifies the logparsing portion of libapparmor to reverse map 
ip protocol numbers to their names (e.g. 6 -> "tcp").
 2008-02-26 12:30:48 +00:00
John Johansen
1f8ac9108b Update libapparmor to parse the new 2.3 logs. Specifically 
- u::other permissions
- namespace
- bug fix to parse missing lock (k) and append (a) permissions
 2008-02-26 04:39:31 +00:00
John Johansen
67f130c66c Move deprecated code into the deprecated branch 2007-11-13 08:33:09 +00:00
Steve Beattie
de9a6dea63 Stop emitting anything from non-apparmor messages to stdout, and parse 
the messages enough to report the audit type in the operation field, the audit
message id|timestamp, and the rest of the message in the info field.
 2007-09-20 08:25:43 +00:00
Steve Beattie
ee5f978570 the lexer allocates strings for everything it identifies, therefore it's 
safe for the grammer to just use the strings where they don't need to be
modified, reducing the number of strdup()/free() pairs that need to be
invoked.
 2007-09-19 21:49:23 +00:00
Steve Beattie
403b124bf1 Add support for old-style link rejections. 
Add testcase for new-style link rejection for comparison.
 2007-09-19 21:06:08 +00:00
Steve Beattie
95949a069a Add support for old-style syscall rejections. 2007-09-19 20:44:19 +00:00
Steve Beattie
34040a4d83 Clean up the grammar file somewhat; more work needed. 2007-09-19 20:30:26 +00:00
Steve Beattie
8e909ad869 Add support for old-style AUDIT messages. 2007-09-18 17:47:11 +00:00
Steve Beattie
b9342d0963 logparsing library: fix up interpreting the protocol to handle both 
digits and strings returned (though it's entirely possible the kernel
will only ever return the protocol number).

Things should probably be fixed up to convert back to the name of the
protocol.
 2007-09-18 02:01:42 +00:00
Steve Beattie
4d505d643e Add correctly generated testcase for parent=pid_t from Kenny Graunke 
<kgraunke@novell.com>, as well as fixing the code to properly parse
messages containing them.

Alas, this resulted in a change in the returned structure.
 2007-09-17 22:38:22 +00:00
Steve Beattie
7489640b82 Fix the logparsing library to parse correctly the task field passed back 
by apparmor; the new syntax passes back the task as unquoted digits,
whereas the logparser expected a quoted string.
 2007-09-17 21:54:49 +00:00
Steve Beattie
c075a9db45 Add testcase for "task=NNNN" apparmor hint message. 2007-09-17 21:24:35 +00:00
Steve Beattie
cf76182f2c Add a testcase for network protocols that the log parsing library can't 
parse.
 2007-09-17 21:20:24 +00:00
Steve Beattie
9ad53af32b Add testcase for old-style mandatory missing profile exec rejection. 2007-09-17 20:55:05 +00:00
Steve Beattie
cd498230c7 Fix aa logparsing library to parse messages where the strings in the 
name, name2, or profile fields have been safely (hex) encoded.
 2007-09-17 05:22:40 +00:00
Steve Beattie
2640f42273 Add a basic inode_permission testcase. 2007-09-15 06:02:13 +00:00
Steve Beattie
ee5391c6a4 Remove the magic token from the aa_change_profile() interface, as 
change_profile transitions ought to be uni-directional. If you want
bi-directional transitions, use aa_change_hat() instead.
 2007-09-15 05:41:44 +00:00
Steve Beattie
95625c6a39 Bump release version (+date) in specfile, and bump library minor 
version.
 2007-09-15 03:46:56 +00:00
Steve Beattie
793afcd06c Add support for an old style message hint "changing_profile" which 
indicates that the pid referenced is being placed in the null-complain
profile.
 2007-09-14 21:38:46 +00:00
Steve Beattie
fa6dce4c65 This patch fixes up the support for parsing old style messages generated 
on systems where auditd has not been compiled with --with-apparmor (i.e.
events are reported with an unknown type).
 2007-09-14 14:36:01 +00:00
Steve Beattie
6700630539 This patch fixes the parsing of old-style apparmor log messages that 
occur within a hat that's name does not begin with a '/'. New style
message parsing was not affected by this bug.
 2007-09-14 14:33:05 +00:00
Steve Beattie
2228421afd Stop printing "Error: syntax error" to stdout when the library has a 
problem parsing the log message.
 2007-09-14 14:29:07 +00:00
Steve Beattie
7f9a058d9c This patch adds support for parsing apparmor messages that come through 
syslog, along with testcases. This should work for both old and new
style log messages, as well as with dmesg timestamps enabled in the
kernel ("echo 1 > /sys/module/printk/parameters/printk_time").

This patch applies on top of the previous patch sent to support the
type=15xx messages.
 2007-09-14 14:26:21 +00:00
Steve Beattie
a6a88a4dd7 This patch adds support to the logparsing library for the type=15xx 
flags when events come through the audit subsystem. It also fixes the
case where the audit daemon has not been configured with apparmor
support and the events are reported as type=UNKNOWN[15xx].

It also fixes the testsuite dependencies so that they will get relinked
when the library changes.
 2007-09-14 14:00:48 +00:00
Steve Beattie
aa94fc1d08 - Add configure check for the existence of asprint(3). 
- Add -Wall to compilation (is there a way to only define this in the
  toplevel Makefile.am and have it propogate down?)
- fix warnings once -Wall was enabled:
  - no asprintf prototype due to _GNU_SOURCE not being defined
  - possible uninitialezed use in scanner.l
  - printf's that expected ints but were passed longs in the testsuite
 2007-08-21 17:28:34 +00:00
Steve Beattie
e756eec7c1 Ugh, fix broken symlink for the change_hat manpage. 2007-08-17 16:21:11 +00:00
Steve Beattie
156476d738 Rename change_hat.2 to aa_change_hat.2, with backwards compatability 
symlink generated by the rpm specfile.
Don't create libimmunix.so, nothing new should ever link against it.
 2007-08-16 05:15:03 +00:00
Steve Beattie
45b5373b39 Add support for aa_change_profile(2) to both the library and to the swig 
interfaces. A manpage still needs to be added.
 2007-08-16 04:35:56 +00:00
Steve Beattie
adf6076d85 Rename change_hat(2) to aa_change_hat(2) (a backwards compatibility 
macro is in place) and support 64 bit magic tokens.
 2007-08-16 04:26:19 +00:00
Steve Beattie
bda571d643 Fix braindead symbol versioning issue where applications that linked 
against libapparmor::change_hat would be linking against
change_hat@IMMUNIX_1.0 rather than change_hat@APPARMOR_1.0 (the
preferred version).

Remove -module to prevent linking portability warning when building
mod_apparmor.

Use RPM_OPT_FLAGS for CFLAGS when building rpms.
 2007-08-16 04:19:54 +00:00
Matt Barringer
7d3a95c797 - Added the timestamp from the audit ID ('epoch') 
to aa_log_record.
- Added the integer that follows the colon in the 
  audit ID ('audit_sub_id') to aa_log_record.
- Modified the testsuite to deal with the two new
  numbers.
 2007-08-15 20:07:48 +00:00
Seth Arnold
64ea5e3944 patch from Mathias Gug to correct change_hat manpage section 2007-08-15 00:14:39 +00:00
Steve Beattie
b608f2643b This patch is from Mathias Gug <mathiaz@ubuntu.com> of Ubuntu 
[Message-ID: <20070813195328.GB11381@mathias.mathiaz.net>]

Ubuntu installs apxs, the apache module building binary in /usr/bin
rather than /usr/sbin, so search there as well.
 2007-08-14 19:09:03 +00:00
Steve Beattie
cd73259db4 Patch from Mathias Gug <mathiaz@ubuntu.com> of Ubuntu [Message-ID: 
<20070813195328.GB11381@mathias.mathiaz.net>].

This fixes the make install target of pam_apparmor so that it depends on
the library already being built.
 2007-08-14 19:06:19 +00:00
Matt Barringer
ad4685c196 - Patched to remove annoying build error when the python module 
is not enabled.
 2007-08-08 22:56:16 +00:00
Steve Beattie
6de4ff8971 Make pam_apparmor dependencies correct for opensuse 10.2 and earlier. 2007-08-08 19:09:01 +00:00