Acked-By: Steve Beattie <sbeattie@ubuntu.com>
The format of audit messages that are redirected to syslog because
auditd isn't running changed between Hardy and Intrepid and now have
the type=NNNN field before the audit tag like--
Nov 1 22:24:43 box kernel: [ 158.113592] type=1503
audit(1225603483.635:5): operation="inode_permission" requested_mask="r::"
denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034
profile="/usr/sbin/cupsd"
I believe this patch will address the moved type=NNNN field as well as
capturing non-matching logfile input instead of printing it to stdout.
Patch modified by Steve Beattie <sbeattie@ubuntu.com> to take into
account a couple of different situations.
https://bugs.launchpad.net/bugs/271252https://bugzilla.novell.com/show_bug.cgi?id=441381
- flags being dropped from hats
- rules can be poorly split on writing the profile
- identical rules with different permissions are not properly combined, so
that only permissions of the last rule are kept
Added missing capabilities names.
Simple rlimits support. It doesn't care about range of individual limit,
you can add ie -100G stack size or 100M nice. But maybe sufficient?
of rlimits supported by the kernel.
- remove hat rules
- add hat flag for each profile
- fix apparmorfs profile listing code. Used to only return the first
80 or so profiles, and then refuse to output more
removing profiles, as the list is unstable after additions or removals.
- Add the ability to loaded precompiled policy by specifying the -B
option, which can be combined with --add or --replace
- rc.apparmor.functions were not correctly removing profiles on replace and
reload, also convert to using the module interface directly bypassing the
parser.
- fix cx -> named transitions
- fix apparmor_parser -N so that it emits hats as profiles under new kernel
modules. This is the correct behavior as hats are promoted to profiles.
- rpc was failing when passing arrays because the perl is_utf8 string flag
was set even though its only sending numbers but newer HTTP::Message
checks for this is_utf8 and if it finds it aborts.
- fix local profiles
local profiles were failing because
1.) the parameters to serialize_profile were bad
2.) the file location was not getting updated so they would get written
back to the inactive profiles directory
