target in the profiles Makefile, for future archaeological spelunking.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This patch adds the kernelvars tunable to the global set that is usually
included by default in apparmor policies. It then converts the rules
that are intended to match /proc/pid to use this tunable.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
This patch finishes the conversion from /proc to the @{PROC}
tunable within profiles and abstractions. It also adjusts some of
the /proc/*/something usages to @{PROC}/[0-9]*/something to restrict
things to just the /proc/pid directories. (A followup patch will
convert these to use @{pid} from the kernelvars tunable.)
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
In testing the skype profile, I found access to my @{HOME}/.XCompose
was being rejected. This patch updates the X abstraction to take a
user's defined XCompose key shortcuts into account.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
Author: Jamie Strandboge <jamie@canonical.com>
Bug-Ubuntu: https://launchpad.net/bugs/933440 Forwarded: yes
This is a very slightly updated version of the skype profile
update that Jamie Strandboge submitted, but did not get a review.
The only addition over the previously submitted version is rw access
to @{HOME}/.config/Skype/Skype.conf.
(This commit incorporates the additional @{HOME}/.kde4 change proposed
by Christian Boltz <apparmor@cboltz.de>)
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
The apparmor_api abstractions make the mistake of including tunables
directly, which is a no-no since the variable definitions in tunables
need to occur in the preamble of a profile, not embedded within it.
This patch removes those includes, and replaces them documentation of
tunables are necessary, as some of the expected ones are not part of
tunables/global.
It also adjust the kernelvars tunable's definition of the @{pid}
regex, as the current parser does not support nesting of {} groupings,
which breaks any profile that attempts to use the tunable.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
This patch modifies the nvidia abstraction to add the livdpau wrapper
config file for nvidia workarounds. It also converts the /proc/
rules to use the @{PROC} tunable. And finally, it converts the
ubuntu-browsers.d/multimedia abstraction to use the nvidia abstraction.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
This patch separates out make check in the profiles/ directory into
two sub targets, for checking profiles against the built parser
and aa-logprof respectively. The logprof check currently makes some
assumptions about the environment that make it difficult to run in
a minimal chroot environment.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
When I corrected the profiles/Makefile to automatically find files to
install, I converted one variable name but missed a later location where
that variable was used, which broke the 'make check' target, because
directories would be handed to the apparmor parser. This patch corrects
that and also makes the VERBOSE flag report each profile name as it's
being handed to the parser.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
was addressed (however temporarily) in commit 2085.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
fix a nasty little bug that can surface in apparmor 2.8 when
Hats/children profiles are used.
the matchflags in the dfa backend are not getting properly reset, which
results in a previously processed profiles match flags being used. This is
not a problem for most permissions but can result in x conflict errors.
Note: this should not result in profiles with the wrong x transitions loaded
as it causes compilation to file with an x conflict.
This is a minimal patch targeted at the 2.8 release. As such I have just
updated the delete_ruleset routine to clear the flags as it is already
being properly called for every rule set.
Apparmor 2.9/3.0 will have a different approach where it is not possible
to reuse the flags.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
chance to run before verifying it's current and future confinement
state. In testing the combined sleeps added roughly a second to
onexec.sh's total time on relatively reasonable hardware.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: John Johansen <john.johansen@canonical.com> (via IRC)
whether or not the filesystem has a fine enough timestamp resolution.
Occasionally even on filesystems like ext3, the two files' creation
dates would differ when created less than a second apart, which would
typically cause the 'Cache is used when cache is newer' test to fail
because the cached file would have the same timestamp as the profile.
The fix creates 10 files 0.1 seconds apart and ensures that all ten
have distinct timestamps.
(The occasional failure was caught in testing runs like
https://bugs.launchpad.net/qa-regression-testing/+bug/1087061/ )
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
chance to run before verifying it's current and future confinement
state. In testing the combined sleeps added roughly a second to
onexec.sh's total time on relatively reasonable hardware.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: John Johansen <john.johansen@canonical.com> (via IRC)
to the apparmor_api subtree not getting added in the Makefile. Rather
Rather than require every sub-directory that gets added to be
enumerated, it uses find to determine what directories and files to
install, to avoid future breakage. It is admittedly slower than the
original code because install(1) is being invoked for every file in
the apparmor.d tree, rather than acting on wildcard globs. That said,
I think it's an acceptable tradeoff.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
mediation, file picker, etc.), making it easier for other source bases
to detect the presence of libapparmor would be beneficial. This patch
adds pkg-config support to the build infrastructure for libapparmor.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: Kees Cook <kees@ubuntu.com>
I added this profile to the openSUSE apparmor-profiles package in Feb 2012.
Until now I didn't receive any bugreports so I'd say it's complete ;-)
References: https://bugzilla.novell.com/show_bug.cgi?id=748499
Acked-By: jdstrand (on IRC)
This patch adds a test script/driver for the aa-decode utility. The only
change from the previous versions is to support overriding the location
of the aa-decode to test via the APPARMOR_DECODE environment variable
and documenting the utils/ tests in the top level README.
The aa-decode test can be run directly from the commandline in the utils
directory like so:
test/test-aa-decode.py -v
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Christian Boltz <apparmor@cboltz.de>
This patch fixes two issue with the simple test driver. The first is
that child exec that actually ran the parser was located inside the
eval statement. This meant that if the exec failed for some reason
(like the parser didn't exist), the child wouldn't actually die,
but would pop out of the eval and continue running through the loop
of test profiles (while the parent process does the same). This meant
that if the script ran on the full testsuite with a misconfiguration,
it would explode creating O(n^2) processes, where n is the number of
testcase files -- with over 25k testcases, that's a lot. The fis is to
lift the child exec outside the eval{}, then an exec() failure causes
the child process to die correctly.
The second fix is that several of the testcases were added with the
DESCRIPTION field added in lower case (i.e. #=Description blah blah).
This fix makes the regex that pulls out the description not be
case-sensitive.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: John Johansen <john.johansen@canonical.com>
This patch replaces the hardcoded path to the in-tree apparmor parser
in several of the script based test scripts with the APPARMOR_PARSER
environment variable, keeping the hardcoded location as the default.
It also adds support for overriding the location of the parser via the
same environment variable. The make infrastructure is updated to use
this, though uses a different variable (PARSER) to drive it.
Thus 'make check PARSER=/some/path/to/an/alternate/apparmor_parser'
will run all the parser tests on that binary. This is useful for
running the testsuite in an automated post-install environment.
(It should be noted that doing so will still build and run the unit
test binaries based on the source tree.)
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: John Johansen <john.johansen@canonical.com>
It turns out that PAGE_SIZE isn't defined on all architectures.
This fixes a regression test failure happening on Ubuntu quantal
on the arm ti-omap4 architecture.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Handling stdin was totally broken (= no output) with the current log
format because aa-decode expected name= to be the last entry in the
log line.
This patch for stdin handling
- fixes the pattern to match the current log format (name= is NOT the
last part in the log entry)
- uses bash replacement to avoid some sed calls (which also means the
script now needs an explicit "#!/bin/bash")
- prints decoded filenames in double instead of single quotes to be
consistent with filenames that were not encoded
- also prints lines that do not contain an encoded filename (instead of
grepping them away)
- replace tr calls by perl's uc() (also for non-stdin mode)
- also handle encoded profile names (introduced by Steve)
- don't fail if a file or profile name contains a '
In other words: you can pipe your audit.log through aa-decode, and the
only difference to the raw audit.log is that filenames are decoded.
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
- It failed to remove coredump files named "core"
- It failed to properly detect "core.<pid>" files
- And it would fail if the coredump_pattern had been modified to
a different location.
This lead one of the tests to report it was passing when it
wasn't because it was detecting the previous tests core file.
- Fix the test to set the coredump_pattern, to dump into the
tmpdir used for the test.
- Make it so it will only detect the core file for the pid of
the last test run.
- And extend the test to have a couple of extra test cases.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
/etc/apparmor/profiles/extras/, and update the path at various places.
Also update the mailinglist address in extra-profiles README and
recommend cp instead of mv.
Note: if you want to have a symlink
/etc/apparmor/profiles/extras -> /usr/share/apparmor/extra-profiles/
for backward compability, you'll have to create it yourself (for example
in the .spec file)
This also fixes https://bugzilla.novell.com/show_bug.cgi?id=713647
Acked-by: John Johansen <john.johansen@canonical.com>
The apparmor_parser has 3 different directory walking routines. Abstract
them out and use a single common routine.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
/usr/share/poppler/cMap/**. These files are included in the poppler-data
package on Ubuntu, and their 'r' denials create quite a bit of noise.
Apparently they are needed to display PDF documents containing CJK
characters with libpoppler. I added it to the gnome abstraction because
several applications not linked against poppler are consulting this
data.
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
/usr/share/poppler/cMap/**. These files are included in the poppler-data
package on Ubuntu, and their 'r' denials create quite a bit of noise.
Apparently they are needed to display PDF documents containing CJK
characters with libpoppler. I added it to the gnome abstraction because
several applications not linked against poppler are consulting this
data.
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Fix the apparmor_parsers -N command (which dumps the list of profile
names found in a policy file) to be available without privilege and
also make it be recognized as a command instead of an option so that
it can conflict with -a -r -R -S and -o.
Currently it can be specified with these commands but will cause the
parser to short circuit just dumping the names and not doing the actual
profile compile or load.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Rework and update the apparmor_parser man page. It reworks some of the
text but mostly just reorganizes the commands and options into logical
grouping to make it easier to sort out how the various commands and
options work.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Add the ability to clear out the binary profile cache. This removes the
need to have a separate script to handle the logic of checking and
removing the cache if it is out of date.
The parser already does all the checking to determine cache validity
so it makes sense to allow the parser to clear out inconsistent cache
when it has been instructed to update the cache.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
serious flaw. The test for the network flag was being applied against both
the kernel flags and the cache flags. This means that if either the kernel
or the cache did not have the flag set then network mediation would be
turned off.
Thus if a kernel was booted without the flag, and a cache was generated
based on that kernel and then the system was rebooted into a kernel with
the network flag present, the parser on generating the new policy would
detect the old cache did not support network and turn it off for the
new policy as well.
This can be fixed by either removing the old cache first or regenerating
the cache twice. As the first generation will write that networking is
supported in the cache (even though the policy will have it disabled), and
the second generation will generate the correct policy.
The following patch moves the test so that it is only applied to the kernel
flags set.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Description: ubuntu-integration does not work properly with exo-open
Bug-Ubuntu: https://launchpad.net/bugs/987578
Acked-By: Jamie Strandboge <jamie@canonical.com>
compatibility interface. Previously it was assuming that if the compatibility
interface was present that network rules where also present, this is not
necessarily true and causes apparmor to break when only the compatibility
patch is applied.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
