mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1225 commits 23 branches 109 tags 32 MiB
Commit graph

174 commits

Author SHA1 Message Date
John Johansen
262075ca80 Update translation files 2009-02-07 12:09:50 +00:00
John Johansen
1def78f1c4 Add missing gettext for "Repository" prompt 2009-02-06 11:09:54 +00:00
John Johansen
9bf970a4c1 Fix the utils to use the unconfined instead of unconstrained, as the kernel no 
longer supports the word unconstrained.
 2008-11-21 13:03:52 +00:00
John Johansen
e9e58b9887 Fix bnc#447566, where enforce, complain, and audit tools fail to work 
for profiles that use the profile keyword before the profile name.
 2008-11-21 13:03:00 +00:00
John Johansen
7fdf8d9925 Fix bnc#430358 where the utils make an invalid profile, by outputting 
other rules with no permissions.

Since other rules are not currently supported, remove them.
 2008-11-21 12:58:48 +00:00
John Johansen
4c3df3ae53 fix bnc#407491, where a solatary / is not properly handled by the utils 
The / is stripped and permission is prompted for a "" path.
 2008-11-21 12:57:08 +00:00
John Johansen
39343c8675 Fix fork track (bnc#447564) 
Fork tracking is broken by the kernel message for clone no longer supplying
the child pid correctly.  Instead the parent pid will be output with each
message and the tools will fake a fork when they detect a previously
unknow parent child relationship.
 2008-11-21 12:55:00 +00:00
John Johansen
77caea2cc7 'unconfined' can appear to mix up process names eg. (/usr/bin/rsync vs. 
/usr/bin/rsyncd) bnc#408869

The unconfined tool shows:

[...]
29799 /usr/bin/rsync not confined
29799 /usr/bin/rsync not confined

This is because unconfined is grabbing the post symlink resolved exe filename
which for /usr/sbin/rsyncd is /usr/bin/rsync.

To fix this provide both the cmdline and exec name in parenthesis when the
exe name and the cmdline name differ.

For the above example you would see
29799 /usr/bin/rsync (/usr/sbin/rsyncd) not confined
 2008-11-21 12:31:22 +00:00
John Johansen
4f2821bce0 Update translation files 2008-11-07 12:02:32 +00:00
Steve Beattie
32696e32bc Things will also be painfully broken if there's a profile for /bin/dash, 
which serves as /bin/sh on ubuntu.
 2008-11-06 22:48:32 +00:00
Steve Beattie
288aed8886 Fix uninitialized variable warning if /etc/apparmor/repository.conf does 
not exist.
 2008-11-04 20:37:57 +00:00
John Johansen
f2dec0e337 fix for bnc408846, where network rules are repeatedly prompted for even when 
a matching rule is in the profile.
 2008-09-10 08:38:44 +00:00
John Johansen
4fb77c6f5d fix 3 bugs currently convered by bnc408877 
- flags being dropped from hats
- rules can be poorly split on writing the profile
- identical rules with different permissions are not properly combined, so
  that only permissions of the last rule are kept
 2008-09-10 08:36:59 +00:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
John Johansen
e663e7c0b0 Zbyniu Krzystolik <zbyniu@pld-linux.org> 
Added missing capabilities names.
Simple rlimits support.  It doesn't care about range of individual limit, 
you can add ie -100G stack size or 100M nice. But maybe sufficient?
 2008-06-09 23:30:35 +00:00
John Johansen
aa0b2030c7 add missing for 2008-06-04 11:36:13 +00:00
John Johansen
9e8c5e9914 Fix two bugs 
- rpc was failing when passing arrays because the perl is_utf8 string flag
  was set even though its only sending numbers but newer HTTP::Message
  checks for this is_utf8 and if it finds it aborts.
- fix local profiles
  local profiles were failing because
  1.) the parameters to serialize_profile were bad
  2.) the file location was not getting updated so they would get written
      back to the inactive profiles directory
 2008-06-03 21:54:55 +00:00
John Johansen
cb9f84a61e fix repository profile saving, where the name for profiles from the repository got lost on saving 2008-06-03 10:38:19 +00:00
John Johansen
838d22220a bleah finally get the config setting for default owner right 2008-06-02 09:02:09 +00:00
John Johansen
9a1f1a5689 fix not defined owner_toggle to default_owner_prompt as it should be 2008-06-01 04:59:08 +00:00
John Johansen
8d3ff10db1 Update the utils profile restrictions so that cx and named transitions can be 
used on utility programs
 2008-05-30 07:21:15 +00:00
John Johansen
516fb55d1d update translation files 2008-05-26 09:52:11 +00:00
John Johansen
ddf2704a42 default owner_toggle to off it is not in the config file 2008-05-19 22:43:24 +00:00
John Johansen
51558b0b19 add missing ; to complain and enforce. copy fix over to audit 2008-04-24 18:24:02 +00:00
John Johansen
cbdea9c7c2 Add new exec modes and many bug fixes 2008-04-24 16:05:33 +00:00
John Johansen
d85344df63 add support for user rules 2008-04-18 21:16:15 +00:00
John Johansen
3db6bd6c54 more audit support. file rules this time 2008-04-18 21:10:25 +00:00
John Johansen
fe5a2b35ee remap includes to do {}{} link the profiles use {profile}{profile} 2008-04-18 21:09:53 +00:00
John Johansen
e06d1bf84b add support for audit keyword 2008-04-18 21:09:05 +00:00
John Johansen
ad996cec9c add support for set capability 2008-04-18 21:08:34 +00:00
John Johansen
94c795aa52 Hrmm. Actually add support for deny rules 2008-04-18 21:08:05 +00:00
John Johansen
ac273b33f8 Add support for deny rules 2008-04-18 21:07:37 +00:00
John Johansen
9b7912c39f add an extra hash level to distiguish between allow and deny - only use allow 2008-04-18 21:07:16 +00:00
John Johansen
36e0d38fc4 rename global vartable to the filetable 2008-04-18 21:06:24 +00:00
John Johansen
8d715ce9d6 make it so just reading an embedded hat doesn't cause the profile to be rewritten 2008-04-18 21:04:54 +00:00
John Johansen
6e87b3f004 add enough support for cx modes that parsing can succeed 2008-04-18 21:04:16 +00:00
John Johansen
bc652326a7 refactor to pass the profile down, as a step to making routines more generic and independant 2008-04-18 21:03:28 +00:00
John Johansen
1c8b9a51e4 make modes be stored as a bit set and use bit operations 2008-04-18 21:02:47 +00:00
John Johansen
83a35b57c2 give paths a sub hash to store mode into 2008-04-18 21:02:07 +00:00
John Johansen
e43a4769be retain the filename the profile was loaded from and use that when writting it back out 2008-04-18 21:01:10 +00:00
John Johansen
f213706f17 support retaining variables in the head of the file 2008-04-18 21:00:35 +00:00
John Johansen
5a088a1a47 change order that rules are output in 2008-04-18 20:59:42 +00:00
John Johansen
0cbaee9902 support parsing retaining of subset on link rules 2008-04-18 20:59:00 +00:00
John Johansen
a67cfbbb30 keep variables 2008-04-18 20:58:07 +00:00
John Johansen
2a0dc5aae9 keep change_hat rules 2008-04-18 20:57:51 +00:00
John Johansen
d07689e2a7 support and keep profiles using the profile keyword 2008-04-18 20:57:33 +00:00
John Johansen
5d1d6d31c3 keep set capability rules 2008-04-18 20:57:01 +00:00
John Johansen
03728a0155 keep rlimit rules 2008-04-18 20:56:41 +00:00
John Johansen
715952ce0d keep alias rules 2008-04-18 20:56:26 +00:00
John Johansen
de95e8b6ef keep change_profile rules 2008-04-18 20:56:08 +00:00