Bug: https://bugs.launchpad.net/bugs/1366572
In the move of the apparmor.vim manpage source from the parser
directory to utils/vim/, the creation of the html version of the
manpage was lost. This patch fixes that, as well as fixes the vim
Makefile to use the common/Make.rules _clean target (which clears the
pod2htm*.tmp files created by pod2html as well).
It also fixes a bug in common/Make.rules where the _clean target
would report an error when used in a directory where the Makefile
doesn't set the NAME variable, such as utils/vim/.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
- change --help for files - "Profile(s) to merge" instead of "base profile"
- display the profile to save when asking to save it
- disable searching for existing network rules in abstractions because
it crashes. This doesn't hurt too much, see
https://bugs.launchpad.net/apparmor/+bug/1382241
Acked-by: Steve Beattie <steve@nxnw.org>
- remove some debug output (which Kshitij intentionally kept in the
draft patch)
- add a UI_Info to display which profile will be merged
- disable the mergeprofiles.clear_common() call because it crashes
(https://bugs.launchpad.net/apparmor/+bug/1382236)
- disable (M)ore (CMD_OTHER) because it crashes
- make (F)inish work everywhere
- change the help text so that it doesn't mention 3-way-merge until we
implement it
The python utils didn't know about the hat keyword, for example
hat foo {
This patch changes RE_PROFILE_HAT_DEF to add support for the hat keyword.
Note that this patch only changes profile reading - when saving a
profile, the ^foo syntax will always be used.
While on it, also convert the regex to named matches - the result
numbering changed anyway ;-)
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
This is the rebased version of the patch by
Kshitij Gupta <kgupta8592@gmail.com>
(mostly) original patch description:
Changes to facilitate 2-way merge (maybe also 3-way) of multiple
profiles as discussed on IRC
This patch
- moves reset method to reset_aa function
- modifies message displayed to user
- allows processing of multiple files in 2-way merge
- disables 3-way merge till new syntax has been decided
The changes reflect the approach of providing arbitrary number of
files using wildcards or explicitly.
The changes map the profiles in the given files to their respective
files in the local directory specified using -d. Then the merges take
place profile-wise.
Acked-by: Steve Beattie <steve@nxnw.org>.
When adding inet rules in aa-logprof, it crashes with
IndexError: list index out of range
The reason is that it doesn't display the options if only the raw rule
is available (aka "no abstraction").
This patch checks if options[] is set and otherwise sets selection to
the raw rule.
Acked-by: Steve Beattie <steve@nxnw.org>
After several hours of debugging on IRC and flooding paste.opensuse.org ;-)
I finally found the reason - reading(!) from log_dict with a wrong
key caused the creation of that strange mode in log_dict.keys().
While finding that bug was very hard, the fix is easy - just replace
"profile" with "aamode". (That probably makes one char per hour of
debugging...)
To improve that ratio, also add a warning to common.py so that this
interesting[tm] behaviour of hasher() is at least documented.
Acked-by: Steve Beattie <steve@nxnw.org>
...
File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/severity.py", line 147, in handle_variable_rank
variable = regex_variable.search(resource).groups()[0]
AttributeError: 'NoneType' object has no attribute 'groups'
handle_variable_rank() checked with if '@' in resource:
and if it finds it, expects it can match a variable, which means @{.....}
If a filename contains a @ this fails.
The patch fixes the if condition so that it does a regex match.
It also adds two testcases for filenames containing @ to make sure they
don't cause a crash and result in the exptected severity rank.
Acked-by: Steve Beattie <steve@nxnw.org>
aa-cleanprof (and others?) duplicate quotes in file rules.
If a profile contains
"/bin/foo bar" mrix,
and I run aa-cleanprof on it several times, I end up with
""""""/bin/foo bar"""""" mrix,
This patch calls strip_quotes on the pathname.
(If needed, the quotes are re-added when writing the profile - tested
with aa-cleanprof.)
References: https://bugs.launchpad.net/apparmor/+bug/1328707
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
This patch changes open_file_read() and open_file_write() to use
errors='surrogateescape' (with fallback to 'replace' for py2).
This avoids a crash when reading a logfile with special characters that
are not utf8-encoded (for example a latin1 "ö"), and also avoids crashes
at several other places we don't know yet ;-)
The patch also changes open_file_read() and open_file_write() to wrapper
functions, and moves the "real" code to the new open_file_anymode()
function.
Also, I removed the try/except - it's superfluous because it throws the
exception without any modifications.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
This patch reverts commit 2131 which added support for the newer apache
2.4 ap_hook_check_access_ex() api, based on a report from Christian that
it broke apache's simple authentication.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
With the two recent unix socket test patches to mark dgram tests as
failing but expected to pass, I realized that there's no indication
in the output that there are current expected failures (except for
the single corefile test expected failure)[0]. This patch attempts to
remedy that by emitting the x-type plus the test description for each
test that is marked as such. I've set it to always emit these results.
[0] The test infrastructure does give an alert if there is a test that
has been marked xpass or xfail but has started behaving correctly.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
It's not been tracked down in
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373172 why
this is happening, but the current unnamed unix socket dgram tests
are failing when only the server is confined, and the peer label is
given as only the confining profile (the stream and seqpacket dgram
tests/permissions don't seem to trigger this revalidation rejection).
Until this bug is diagnosed and addressed, mark these tests as failing
but expected to pass (i.e. 'xpass').
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
With the addition of the unix socket mediation and
corresponding tests, there are currently two tests that fail
in unix_socket_pathname.sh. These have been recorded as bugs
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373174 and
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373176 but John
has not had time to investigate if these are legitimate bugs. The
following patch marks the tests as expecting to pass but currently
failing.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Currently the apparmor parser warns about rules that are not enforced or
downgraded. This is a problem for distros that are not carrying the out of
tree kernel patches, as most profile loads result in warnings.
Change the behavior to not output a message unless a warn flag is passed.
This patch adds 2 different warn flags
--warn rule-downgraded # warn if a rule is downgraded
--warn rule-not-enforced # warn if a rule is not enforced at all
If the warnings are desired by default the flags can be set in the
parser.conf file.
v2 of patch
- update man page
- add --warn to usage statement
- make --quiet clear warn flags
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This patch:
- allows the unsupported rules to be stored when parsing profiles
- writes all the unsupported rules back to profile
Acked-by: Christian Boltz <apparmor@cboltz.de>
match groups.
Also split out RE_OWNER that matches the "owner" keyword.
To make the code easier to understand, I dropped the existing audit
variable and instead directly query the "new" audit variable while
filling path_rule['audit'].
Acked-by: Steve Beattie <steve@nxnw.org>
YaST still uses AppArmor.pm, and now errors out when starting the
profile editor because it doesn't know about signal, unix, ptrace and
dbus rules.
This patch adds basic support for those rules to AppArmor.pm by adding
them to the "ignore those rules" regex.
Note: Rules covered by this regex are lost when writing the profile
therefore the patch adds a comment to at least make this a "known bug".
References:https://bugzilla.novell.com/show_bug.cgi?id=900013
Acked-by: Steve Beattie <steve@nxnw.org>
BugLink: http://bugs.launchpad.net/bugs/1378091
The audit flags are not being set correctly by the parser so that
audit capability XXX,
will not result in an audit message being logged when the capability
is used.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The following patch:
- creates a class for prompt questions moving away from Perl hash hack
for the purpose.
- moves some functions to the methods for that class
- fix options being incorrectly passed to questionPrompt in aa-mergeprof
Acked-by: Christian Boltz <apparmor@cboltz.de>
socket. Note, DBus mediation is still in effect so rules still need to be added
for accessing the DBus API (LP: #1375067)
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
utils/test/runtests-py*.sh always exits with $? = 1 even if there is no
error. This is caused by the last executed command, test -n
This patch changes it to test -z so that we'll get $? = 0 if all tests
succeed.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Bug: https://bugzilla.novell.com/show_bug.cgi?id=895495
We define the __unused macro as a shortcut for __attribute__((unused))
to quiet compiler warnings for functions where an argument is unused,
for whatever reason. However, on 64 bit architectures, older glibc's
bits/stat.h header defines an array variable with the name __unused
that collides with our macro and causes the parser to fail to build,
because the resulting macro expansion generates invalid C code.
This commit fixes the issue by removing the __unused macro where it's
not needed (mod_apparmor) and renaming it to 'unused' elsewhere. It also
in some instances reorders the arguments so that the unused macro
appears last consistently.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Bug: https://bugs.launchpad.net/bugs/1339727
LightDM keeps moving the location where it stores xauthority files for
users, when configured to store them in a system directory (e.g. with
[LightDM]
user-authority-in-system-dir=true
set in a lightdm configuration file).
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
BugLink: http://bugs.launchpad.net/bugs/1373085
The parser fails to accept certain characters, even when escaped
or quoted as part of the profile or label name in ipc rules. This
is due to the lexer not accepting those characters as part of the
input pattern.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
(capability is one of the easiest rule types, so it's good as a start.)
The patch also adds basic support for rules containing more than one
capability, like
capability chown dac_override,
Note that this is just a pass-through mode (instead of complaining about
an invalid line). aa-logprof will happily add another "capability chown"
if it hits a log entry for it. (But: we never got a bugreport about not
supporting multi-capability lines, so I guess they are rarely used ;-)
I also added a parse_audit_allow() function to handle the audit and
allow/deny keywords. They are used in most rule types, which means we
can get rid of some duplicated code with this function.
Finally, update utils/test/test-regex_matches.py - RE_PROFILE_CAP now
has 5 instead of 4 match groups because of the added multi-capability
support.
While on it, I also improved the error message in setup_regex_tests()
to also show the rule that causes a problem.
Acked-by: Steve Beattie <steve@nxnw.org>
Bug: https://bugs.launchpad.net/bugs/1375516
The unix_socket test program calls getsockopt() after calling bind().
Because AppArmor continues to use traditional file rules for sockets
bound to a filesystem path, it does not mediate some socket operations
after the socket has been bound to the filesystem path. The getopt
permission is one of those socket operations.
To account for this lack of mediation, the getopt permission should be
removed from the server permissions list.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
