This patch adds support for the mount and pivotroot related keywords,
fstype, flags, and srcname.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
When signals and ptrace mediation were added to apparmor, the aalogparse
routines were not adjusted to compensate. This patch adds support for
the signal and peer keywords.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch moves the apparmor.h and aalogparse.h headers
from the libapparmor/src/ directory to a new directory
libapparmor/include/. The apparmor.h header is stored in a sys/
directory within libapparmor/include/ to match its usual install
location in /usr/include/sys/, simplifying the #include statements of
source that wishes to include either the in-tree or system installed
version of the header (i.e. #include <sys/apparmor.h> can be used
everywhere).
The patch size is inflated by the movements of the header files, which
are unchanged except for their locations. Otherwise, the rest of the
changes are to modify the include search path or to stop looking in
$CWD for one of the headers.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
This patch converts the C test program to only emit the basename(3) of
the test input file under consideration, rather than the entire path as
passed on the command line, and fixes up all the expected outputs to
match.
The reason to do this is to make it easier for other tools located
in other directories (e.g. under libapparmor/swig) to use these same
test cases with reduced special casing.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
This patch wraps the event record output cases in a macro, for
consistent generation.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
This patch converts most of the fields to using the existing macros for
output, to make consistent and simplify the code a bit.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
The test program didn't make use of the existing print_long() macro for
printing long values, which meant that they were always emitted for
every testcase. This patch makes them consistent with all the other
emitted fields and fixes up the expected output where they shouldn't be
emitted.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Test a set of send, bind, and receive denials routed through syslog,
as well as a set routed through auditd.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
Bugs: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/800826https://bugzilla.novell.com/show_bug.cgi?id=755923
This patch modifies the libapparmor log parsing code to add support
for the additional ip address and port keywords that can occur in
network rejection rules. The laddr and faddr keywords stand for local
address and foreign address respectively.
The regex used to match an ip address is not very strict, to hopefully
catch the formats that the kernel emits for ipv6 addresses; however,
because this is in a context triggered by the addr keywords, it should
not over-eagerly consume non-ip addresses. Said addresses are returned
as strings in the struct to be processed by the calling application.
Bug: https://launchpad.net/bugs/800826
Acked-By: Steve Beattie <steve@ubuntu.com>
Ref: https://bugs.launchpad.net/bugs/431929
Parse log entries containing an ouid.
(I added a testcase to Marc's fix.)
