mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1497 commits 23 branches 109 tags 32 MiB
Commit graph

1497 commits

This branch
This branch
All branches
Author SHA1 Message Date
John Johansen
4fcd7e94f5 If encountered the scanner will dump unmatched text from <audit_id>. 2010-09-09 12:17:03 -07:00
John Johansen
513611ff92 Fix memory leak where apparmor_notify is not freeing up messages that 
are not reported.
 2010-09-09 10:40:38 -07:00
John Johansen
fe3cce7828 Default apparmor_notify to report messages, when it is installed and 
started.  Since apparmor_notify is not installed by default and not started
by default, the act of installing and starting it implies the desire to
get messages.
 2010-09-09 10:31:45 -07:00
Jamie Strandboge
edb1ae1798 allow mmap of font cache files in @{HOME}/.fontconfig/ for sun-java6 2010-09-08 13:56:19 -05:00
Jamie Strandboge
85c20fb564 update ubuntu-browsers.d/java for latest sun-java6 (LP: #633369) 2010-09-08 12:27:09 -05:00
Jamie Strandboge
834efc7b2c fix LP: #626451 (GoogleTalk in ubuntu-browsers.d/multimedia) 2010-09-08 08:51:06 -05:00
Jamie Strandboge
d2c61794ea update fonts abstraction to add '/var/lib/ghostscript/** r,' 2010-09-03 08:38:14 -05:00
Jamie Strandboge
b56e654f26 abstractions/ubuntu-browsers: add '/usr/bin/sensible-browser PUxr' 2010-08-30 07:52:20 -05:00
John Johansen
d256e1f9c0 The upstream 2.6.36 kernel is missing the /sys/kernel/security/apparmor/profiles file, so introspection of which profiles are loaded is not possible. 
Make testing of profiles loaded conditional on introspection being present.
 2010-08-26 10:38:27 -07:00
John Johansen
8762c1dcfb The upstream 2.6.36 version of apparmor doesn't support network rules. 
Add a flag to the parser controlling the output of network rules,
and warn per profile when network rules are not going to be enforced.
 2010-08-26 10:37:46 -07:00
John Johansen
1f1a303457 The upstream 2.6.36 version of apparmor is missing the match file, 
so the parser doesn't set matching options correctly.

Set minimal defaults with that will allow the parser to load policy,
on 2.6.36 kernels.
 2010-08-26 10:36:45 -07:00
Steve Beattie
046e1fb215 This is an incomplete fix for bug 
https://bugs.launchpad.net/apparmor/+bug/623467

This patch adds some additional testcases to the log parsing
testsuite, to cover rejections for operations that aren't covered by
other testcase (truncate, rename_src, rename_dest, mkdir) as well
as fixing SubDomain.pm to take those operations into account when
parsing log files.

The operations link, unlink, and possibly setattr still need to be
covered by SubDomain.pm
 2010-08-25 09:53:39 -07:00
Steve Beattie
341877416e Creating lame empty error files that dejagnu needs for its tests. 
Apologies for not getting an ACK on this commit.
 2010-08-23 22:34:51 -07:00
Steve Beattie
6c31d0d894 This commit teaches pam_apparmor about the current errno returned by the 
kernel when the hat that was passed does not exist in the profile (but
other hats exist). It also removes the very old EPERM case, which hasn't
been accurate for a while. (LP: #619521)
 2010-08-19 08:24:41 -07:00
Jamie Strandboge
40751c2ed3 abstractions/ubuntu-browsers.d/ubuntu-integration: update for kmozillahelper 
and gnome-appearance-properties (LP: #514356, LP: #573344)
abstractions/ubuntu-browsers.d/user-files: update for /net (LP: #593413)
 2010-08-18 10:06:40 -05:00
John Johansen
d72422b369 When doing debugging/building dfa graphs, generally I use -QT however 
this results in

Unable to open output file - Success

to be output to standard error.

This occurs because despite specifying kernel_load = 0, the kernel load
parts are still being done, and failing.
 2010-08-17 08:03:07 -07:00
John Johansen
291066dcbd On certain graphs the dfa graph dump output can become messed up as it isn't properly handling non-printing characters in the case of single character 
output.  Drop the cast to signed character which messes up the output.
 2010-08-17 08:02:27 -07:00
Jamie Strandboge
c96c8a391f profiles/apparmor.d/abstractions/ubuntu-browsers.d/java: generalize names 
of child profiles
 2010-08-11 14:10:16 -05:00
Jamie Strandboge
7536899894 create ubuntu-feed-readers abstraction and have ubuntu-browsers.d/multimedia 
use it instead of specifying liferea directly
 2010-08-11 09:58:34 -05:00
Jamie Strandboge
44f2e73d1b update X abstraction for gdm's new placement of XAUTHORITY (LP: #601583) 2010-08-11 09:57:54 -05:00
Jamie Strandboge
9e99dfc8b2 add ca-certificates to ssl_certs abstraction (LP: #605835) 2010-08-11 09:15:56 -05:00
Jamie Strandboge
42cd946ff2 update ubuntu-browsers.d/kde to use PUx for kde4-config 2010-08-10 17:57:42 -05:00
Jamie Strandboge
cbbf3ea75e update abstractions/ubuntu-browsers.d/java for icedtea 2010-08-10 16:45:23 -05:00
Jamie Strandboge
23a77d70e8 adjust profiles/Makefile for abstractions/ubuntu-browsers.d 2010-08-10 16:42:00 -05:00
Jamie Strandboge
e1e85f285c remove kde4-config from the kde abstraction 2010-08-10 15:38:58 -05:00
Jamie Strandboge
6988cd07a0 adjust profiles/apparmor.d/local/README to codify the intended usage of local/ 2010-08-10 14:28:10 -05:00
Jamie Strandboge
1bdb6069da fix whitespace abstractions/ubuntu-browsers.d/* 
add 'owner' match to abstractions/ubuntu-browsers.d/java
 2010-08-10 14:18:21 -05:00
Jamie Strandboge
0978a1ad8a update ubuntu-* abstractions to use PUx instead of Ux 2010-08-10 14:11:04 -05:00
John Johansen
350520a650 Add check to the regression tests that verifies the expected profiles 
are loaded.
 2010-08-10 09:24:41 -04:00
Jamie Strandboge
2a3aae6d57 'owner' match in commit 1406 too strict for /tmp/ and /var/tmp/ 2010-08-09 09:56:31 -05:00
Jamie Strandboge
d472cf13b1 add Ubuntu-specific profiles/apparmor.d/abstractions/ubuntu-browsers.d/* 
for use with browser profiles
 2010-08-06 16:01:57 -05:00
Jamie Strandboge
eace04e2e7 profiles/Makefile: use LOCAL_ADDITIONS using filter-out in clean target, which 
is much cleaner.
 2010-08-05 16:00:23 -05:00
Jamie Strandboge
f9187ac661 profiles/Makefile: use same logic in 'clean' target as we did in 'local' 2010-08-05 15:53:07 -05:00
Jamie Strandboge
9c3fb960e8 implement 'local/' mechanism to aid in packaging: 
- create profiles/apparmor.d/local/README to explain it all
- adjust shipped profiles in profiles/apparmor.d to include the local changes
- adjust profiles/Makefile for local files
 2010-08-05 15:30:43 -05:00
Jamie Strandboge
b550fa291c adjust profiles/Makefile for local files 2010-08-05 15:10:33 -05:00
Jamie Strandboge
6fb3f5c4a6 move profiles/local to profiles/apparmor.d/local 2010-08-05 14:15:56 -05:00
Jamie Strandboge
f25949cf84 start on 'local/' mechanism to aid in packaging: 
- add profiles/local/README
- adjust profiles/apparmor.d/{bin,sbin,usr}* to include a file from local/
- adjust profiles/apparmor.d/{bin,sbin,usr}* for for copyright, some whitespace
  and svn conventions
 2010-08-05 14:00:02 -05:00
Kees Cook
cc434a1c7f Fixes "deleted" test case to match the documentation for the expected 
outcome. Adds additional positive test, fixes spelling.
 2010-08-04 12:22:48 -07:00
John Johansen
5c8581a345 Update the regression test suite to test chmod, chown and chgrp on directories. 2010-08-04 10:25:44 -07:00
John Johansen
6259edac38 Update and expand comments on regex tree normalization 2010-08-04 10:23:22 -07:00
John Johansen
f0220611aa Epsnodes carry no information beyond the node type. Convert to using 
a single static node, which will reduce allocations and peak memory
use slightly.
 2010-08-04 09:53:46 -07:00
John Johansen
5c8051994b Make -q quiet can not update cache warnings 2010-08-04 09:52:54 -07:00
Jamie Strandboge
62f2e7f06e fix for LP: #611248 (gdk pixbug loaders) 
tighten up the dbus abstractions
 2010-08-03 12:06:29 -05:00
Jamie Strandboge
24e3b5296e tighten up the dbus abstractions 2010-08-03 12:04:37 -05:00
Jamie Strandboge
9533ac3405 fix for LP: #611248 2010-08-03 09:13:34 -05:00
John Johansen
b5c780d2a1 Remove pcre and update tests where necessary 2010-07-31 16:00:52 -07:00
Kees Cook
06ebb0b6d6 use wildcards correctly for utils subdirectory ignores 2010-07-26 11:02:42 -07:00
Kees Cook
5f76ba2ae3 Cleanups in libapparmor that should have been part of commit 1437. These 
were part of the ACKed patch on the mailing list.
 2010-07-26 10:58:07 -07:00
Kees Cook
32d899eb6d The coredump regression test existed in the tree, but was not hooked up to 
the testsuite. It looks like coredump mediation may have been removed,
since it is rather a corner-case, so I have currently marked it as XFAIL.

In hooking it back up, the "prologue.inc" was reviewed, dead code dropped,
and the "image=" argument changed to correctly handle the imageperms
syntax used elsewhere. It was working in other tests out of coincidence.
 2010-07-26 10:55:00 -07:00
Kees Cook
b30b4c1877 Fixes several warnings, typos, clarifies a subtest description and starts 
to try to get rid of programmatic use of $Id$ in kernel regression tests.
 2010-07-26 10:50:33 -07:00