mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-07 01:41:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1400 commits 23 branches 109 tags 32 MiB
Commit graph

1400 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steve Beattie
e1a2c27cfd Update documentation on how many entries the 3rd stress test generates. 2008-11-20 17:38:38 +00:00
John Johansen
de3ed997a7 Add a test for dfa tree optimization. The test is a profile that could 
OOM a machine without dfa tree optimization.
 2008-11-20 17:27:32 +00:00
Steve Beattie
a8fea9babc With jjohansen@suse.de's latest optimisation commits, this test case is 
now feasible once again.
 2008-11-20 17:27:01 +00:00
John Johansen
b017899f12 Fix a bug in tree normalization, where it could get stuck in an infinite loop 
when doing Epsnode move, when cating or alting two epsnodes.
 2008-11-20 16:19:51 +00:00
John Johansen
0491e8d707 Add char node, and char node set merging. This does not have a substantive 
impact on performance but makes tree debugging nicer.
 2008-11-20 13:23:13 +00:00
John Johansen
c0533b390b Reintroduce calling back into tree simplification when any modifications have 
been made but only from the top level.  This allows us to get the
optimizations that were missed, while not causing the massive recursive call
explosion we had before.
 2008-11-20 13:21:23 +00:00
John Johansen
1855fde331 Reduce the use of simplify recursion, repeating the recursion of single 
changes is a waste especially as we get to larger subtrees.

Unfortunately this also means that a fair bit of optimization is lost.
 2008-11-20 13:18:30 +00:00
John Johansen
91eb71e9fa Improve tree normalization 
- reduce the amount it is called, and the amount of recursion it does
- fix a bug that would prevent trees from being fully normalized
 2008-11-19 16:54:26 +00:00
John Johansen
77eb67b5a0 Fix problem where named execute transitions were not being applied, for hats 
and local profiles.  bnc#446574
 2008-11-19 14:00:06 +00:00
Steve Beattie
6cfcb1a823 Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Description: fix compile on build

Patch from Gentoo community:
  - fix up a couple of missing semicolons in syntax (bison compensates
    by emitting it's own)
  - Fix yet another variable tyop in rc.apparmor.functions
  - dump stderr of ls in rc.apparmor.functions to /dev/null
  - add an install-unknown make target
 2008-11-18 17:33:38 +00:00
Steve Beattie
aed481debe Add simple testcase for alias duplicate detection. 2008-11-16 00:49:43 +00:00
Steve Beattie
96e124bf8d Bah, the last commit message was wrong; it added support for mixing 
alias rules and variable declarations within the preamble of a profile.

This commit adds another testcase for alias rules; one in which there is
an overlapping pair of aliases. The parser parses it, but based on -dd
output, I don't believe it's treating it properly.
 2008-11-14 16:46:16 +00:00
Steve Beattie
cc923edf3c - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-14 16:25:44 +00:00
Steve Beattie
6b793b1a8b Add a testcase for the alias handling 2008-11-13 23:48:11 +00:00
Steve Beattie
b07ec7d81b - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-13 23:28:38 +00:00
John Johansen
052c58403d fix init script dependency to use $null on stop 2008-11-07 14:11:34 +00:00
John Johansen
5b97455878 Improve dfa generation. 
Apply tree factoring and simplification techniques to reduce the number of
states used in computing the dfa.  This can have an exponential impact
on both space and time for dfa generation.
 2008-11-07 13:00:05 +00:00
John Johansen
8db35802f9 allow external hats to begin with ^ 2008-11-07 12:54:52 +00:00
John Johansen
6c39288cec fix init script functions so that they don't make use of utilities from 
/usr/bin, which will break /usr if they are on a remote filesystem
 2008-11-07 12:53:37 +00:00
John Johansen
528b1435da Update translation files 2008-11-07 12:04:00 +00:00
John Johansen
4f2821bce0 Update translation files 2008-11-07 12:02:32 +00:00
John Johansen
ecf9412623 Update translation files 2008-11-07 12:01:08 +00:00
John Johansen
f6d502017d Allow introspection in avahi bnc#431222 2008-11-07 05:52:01 +00:00
John Johansen
7d6b94b4c2 fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
John Johansen
6911dfd7d6 Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
John Johansen
42c43bb520 fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:33:57 +00:00
John Johansen
6b6c57887c Reverting previous commit. 2008-11-07 01:31:19 +00:00
John Johansen
1b0dd32cca fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:19:55 +00:00
Steve Beattie
32696e32bc Things will also be painfully broken if there's a profile for /bin/dash, 
which serves as /bin/sh on ubuntu.
 2008-11-06 22:48:32 +00:00
John Johansen
7d8f597c86 Update firefox profile as base for firefox 3 2008-11-05 16:00:39 +00:00
John Johansen
a77734a600 add reject for Novell bnc#425041 2008-11-05 14:53:00 +00:00
John Johansen
7e49a0004b Update ntpd to contain rejects for bnc#433368 and bnc#402693 2008-11-05 14:23:25 +00:00
John Johansen
aab94f31c0 Allow ntp to have capability dac_override 2008-11-05 14:10:08 +00:00
John Johansen
434bbfc409 Fix ntp chroot rejects Novell bnc#256291 2008-11-05 14:08:43 +00:00
John Johansen
148ed13b5e Fix reject for opensuse 11.1 listed in Novell bugzilla bnc#405317 2008-11-05 12:03:29 +00:00
John Johansen
f772109c4d Fix rejects reported in Novell bnc#436849 2008-11-05 11:57:34 +00:00
Steve Beattie
288aed8886 Fix uninitialized variable warning if /etc/apparmor/repository.conf does 
not exist.
 2008-11-04 20:37:57 +00:00
Steve Beattie
e56ed9a68a From: Jesse Michael <jesse.michael@comcast.net> 
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

The format of audit messages that are redirected to syslog because
auditd isn't running changed between Hardy and Intrepid and now have
the type=NNNN field before the audit tag like--

Nov 1 22:24:43 box kernel: [ 158.113592] type=1503
audit(1225603483.635:5): operation="inode_permission" requested_mask="r::"
denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034
profile="/usr/sbin/cupsd"

I believe this patch will address the moved type=NNNN field as well as
capturing non-matching logfile input instead of printing it to stdout.

Patch modified by Steve Beattie <sbeattie@ubuntu.com> to take into
account a couple of different situations.

https://bugs.launchpad.net/bugs/271252
https://bugzilla.novell.com/show_bug.cgi?id=441381
 2008-11-04 20:19:59 +00:00
Steve Beattie
e6e3447c19 More testcases around syslog parsing. 2008-11-04 17:42:25 +00:00
Steve Beattie
023fe19c6d Add a testcase for the passthrough of unparsed input to stdout as 
reported in https://bugs.launchpad.net/bugs/271252
 2008-11-03 19:39:34 +00:00
Steve Beattie
449abea6b5 Add a testcase for the syslog format change documented in LP#271252 2008-11-03 19:34:29 +00:00
Steve Beattie
f1de0575d1 Removing old-style log message testcase; sadly, it's unlikely that will 
ever support this message type in the log parsing library, given that
there shouldn't be much out there generating old style audit messages
anymore.
 2008-11-03 17:48:43 +00:00
Steve Beattie
5c9177fa81 Fixing missing testcase error file 2008-11-03 17:38:08 +00:00
Steve Beattie
6c526f081f Fix compiler warning in the test_multi test program. 2008-11-03 17:17:48 +00:00
Steve Beattie
0ebee05092 Fix a compilation error on ubuntu; wondering if there's older distros 
where glibc doesn't provide /usr/include/dirent.h.
Also fixed a compilation warning around fprintf sizes.
 2008-10-08 19:43:28 +00:00
John Johansen
93f22b7fd6 fix bad parameter merge on apparmor_ptrace 2008-10-03 20:43:43 +00:00
John Johansen
2873f3effd Add apparmor patches for 2.6.27, and related aufs patches. 2008-09-30 16:00:31 +00:00
John Johansen
b3a1923a8f update to 2.3.1 2008-09-12 10:40:04 +00:00
John Johansen
fe07cb1e6c fix miss spell word transtion bnc383310 2008-09-12 06:52:39 +00:00
John Johansen
c149ae6097 Finish adding support to allow the parser to loaded dumped profiles 
generated using
  apparmor_parser profile -S >binary_profile

can now be loaded using
  apparmor_parser -B binary_profile
 2008-09-10 08:44:53 +00:00