mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 09:21:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1180 commits 23 branches 109 tags 32 MiB
Commit graph

1180 commits

This branch
This branch
All branches
Author SHA1 Message Date
John Johansen
4f2821bce0 Update translation files 2008-11-07 12:02:32 +00:00
John Johansen
ecf9412623 Update translation files 2008-11-07 12:01:08 +00:00
John Johansen
f6d502017d Allow introspection in avahi bnc#431222 2008-11-07 05:52:01 +00:00
John Johansen
7d6b94b4c2 fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
John Johansen
6911dfd7d6 Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
John Johansen
42c43bb520 fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:33:57 +00:00
John Johansen
6b6c57887c Reverting previous commit. 2008-11-07 01:31:19 +00:00
John Johansen
1b0dd32cca fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:19:55 +00:00
Steve Beattie
32696e32bc Things will also be painfully broken if there's a profile for /bin/dash, 
which serves as /bin/sh on ubuntu.
 2008-11-06 22:48:32 +00:00
John Johansen
7d8f597c86 Update firefox profile as base for firefox 3 2008-11-05 16:00:39 +00:00
John Johansen
a77734a600 add reject for Novell bnc#425041 2008-11-05 14:53:00 +00:00
John Johansen
7e49a0004b Update ntpd to contain rejects for bnc#433368 and bnc#402693 2008-11-05 14:23:25 +00:00
John Johansen
aab94f31c0 Allow ntp to have capability dac_override 2008-11-05 14:10:08 +00:00
John Johansen
434bbfc409 Fix ntp chroot rejects Novell bnc#256291 2008-11-05 14:08:43 +00:00
John Johansen
148ed13b5e Fix reject for opensuse 11.1 listed in Novell bugzilla bnc#405317 2008-11-05 12:03:29 +00:00
John Johansen
f772109c4d Fix rejects reported in Novell bnc#436849 2008-11-05 11:57:34 +00:00
Steve Beattie
288aed8886 Fix uninitialized variable warning if /etc/apparmor/repository.conf does 
not exist.
 2008-11-04 20:37:57 +00:00
Steve Beattie
e56ed9a68a From: Jesse Michael <jesse.michael@comcast.net> 
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

The format of audit messages that are redirected to syslog because
auditd isn't running changed between Hardy and Intrepid and now have
the type=NNNN field before the audit tag like--

Nov 1 22:24:43 box kernel: [ 158.113592] type=1503
audit(1225603483.635:5): operation="inode_permission" requested_mask="r::"
denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034
profile="/usr/sbin/cupsd"

I believe this patch will address the moved type=NNNN field as well as
capturing non-matching logfile input instead of printing it to stdout.

Patch modified by Steve Beattie <sbeattie@ubuntu.com> to take into
account a couple of different situations.

https://bugs.launchpad.net/bugs/271252
https://bugzilla.novell.com/show_bug.cgi?id=441381
 2008-11-04 20:19:59 +00:00
Steve Beattie
e6e3447c19 More testcases around syslog parsing. 2008-11-04 17:42:25 +00:00
Steve Beattie
023fe19c6d Add a testcase for the passthrough of unparsed input to stdout as 
reported in https://bugs.launchpad.net/bugs/271252
 2008-11-03 19:39:34 +00:00
Steve Beattie
449abea6b5 Add a testcase for the syslog format change documented in LP#271252 2008-11-03 19:34:29 +00:00
Steve Beattie
f1de0575d1 Removing old-style log message testcase; sadly, it's unlikely that will 
ever support this message type in the log parsing library, given that
there shouldn't be much out there generating old style audit messages
anymore.
 2008-11-03 17:48:43 +00:00
Steve Beattie
5c9177fa81 Fixing missing testcase error file 2008-11-03 17:38:08 +00:00
Steve Beattie
6c526f081f Fix compiler warning in the test_multi test program. 2008-11-03 17:17:48 +00:00
Steve Beattie
0ebee05092 Fix a compilation error on ubuntu; wondering if there's older distros 
where glibc doesn't provide /usr/include/dirent.h.
Also fixed a compilation warning around fprintf sizes.
 2008-10-08 19:43:28 +00:00
John Johansen
93f22b7fd6 fix bad parameter merge on apparmor_ptrace 2008-10-03 20:43:43 +00:00
John Johansen
2873f3effd Add apparmor patches for 2.6.27, and related aufs patches. 2008-09-30 16:00:31 +00:00
John Johansen
b3a1923a8f update to 2.3.1 2008-09-12 10:40:04 +00:00
John Johansen
fe07cb1e6c fix miss spell word transtion bnc383310 2008-09-12 06:52:39 +00:00
John Johansen
c149ae6097 Finish adding support to allow the parser to loaded dumped profiles 
generated using
  apparmor_parser profile -S >binary_profile

can now be loaded using
  apparmor_parser -B binary_profile
 2008-09-10 08:44:53 +00:00
John Johansen
ac88f71c63 Allow the parser to load opensuse 11.0 style hats and newer 2.3 style hats 2008-09-10 08:42:49 +00:00
John Johansen
f2dec0e337 fix for bnc408846, where network rules are repeatedly prompted for even when 
a matching rule is in the profile.
 2008-09-10 08:38:44 +00:00
John Johansen
4fb77c6f5d fix 3 bugs currently convered by bnc408877 
- flags being dropped from hats
- rules can be poorly split on writing the profile
- identical rules with different permissions are not properly combined, so
  that only permissions of the last rule are kept
 2008-09-10 08:36:59 +00:00
John Johansen
ddfb6fb978 update for missing comma 2008-07-03 02:30:56 +00:00
John Johansen
6a3e6c68be update patches to 2.6.26 2008-07-02 20:24:33 +00:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
John Johansen
e663e7c0b0 Zbyniu Krzystolik <zbyniu@pld-linux.org> 
Added missing capabilities names.
Simple rlimits support.  It doesn't care about range of individual limit, 
you can add ie -100G stack size or 100M nice. But maybe sufficient?
 2008-06-09 23:30:35 +00:00
John Johansen
2781d88abc update help message 2008-06-09 22:15:28 +00:00
John Johansen
58b8a58e86 Patch from zbyniu to allow parser to build on glibc (<2.4) 2008-06-09 21:17:41 +00:00
John Johansen
f670eaf464 output the names only list before post processing the policy 2008-06-09 21:15:17 +00:00
John Johansen
100ff7cabb Update to allow external hats by specifying the hat keyword in front of 
the profile name.
 2008-06-09 12:00:42 +00:00
John Johansen
d8df8830f1 add hat flag and add it automatically for embedded hats 
remove hat rules
 2008-06-09 11:48:13 +00:00
John Johansen
8420935617 add hat flag to profiles, and test for it in change_hat 2008-06-09 11:47:21 +00:00
John Johansen
5655293cf8 oops, fix the rlimit table size test 2008-06-09 10:15:31 +00:00
John Johansen
303721fca2 - Fix rlimits to work when user space passes in fewer rlimits than the number 
of rlimits supported by the kernel.
- remove hat rules
- add hat flag for each profile
- fix apparmorfs profile listing code.  Used to only return the first
  80 or so profiles, and then refuse to output more
 2008-06-09 10:12:23 +00:00
John Johansen
8f13e0d60d - fix rcapparmor stop. Have it dump the loaded profile list to a file before 
removing profiles, as the list is unstable after additions or removals.
- Add the ability to loaded precompiled policy by specifying the -B
  option, which can be combined with --add or --replace
 2008-06-09 10:00:28 +00:00
John Johansen
0c95606e03 let the parser add the change_hat rule 2008-06-08 09:32:12 +00:00
John Johansen
3b11aa9050 Remove hat rules. In large policies the number of hat rules becomes 
problematic, hat rules can be replaced with simple hat flag on a profile.
 2008-06-08 09:02:27 +00:00
John Johansen
b2f4863231 Fix to stop leaking the dfa ruleset. On large policies containing lots of 
hats this will result in a marked improvement on memory usage.
 2008-06-08 08:56:37 +00:00
John Johansen
aa0b2030c7 add missing for 2008-06-04 11:36:13 +00:00