mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1397 commits 23 branches 109 tags 32 MiB
Commit graph

1397 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jamie Strandboge
5ceb1fa1c9 apparmor_notify: 
- also check for inode change
- update size to use stat
- treat logfile_size like logfile_inode
- update logfile_size and logfile_inode in reopen_logfile()
 2010-03-27 09:14:33 -05:00
Jamie Strandboge
4fb9a702f0 apparmor_notify: 
- add -f option to optionally specify the logfile
- when polling, check to see if the logfile size decreased, and if so, reopen
  it. Currently this only works if you can read the file after dropping
  privileges
 2010-03-27 08:28:07 -05:00
Marc Deslauriers
daffe30e47 - utils/SubDomain.pm: get rid of warnings 2010-03-26 09:51:21 -04:00
Jamie Strandboge
f0b380fe5e add 'k' to /var/lib/samba/**.tdb in the samba abstraction 2010-03-25 18:13:00 -05:00
Steve Beattie
4e039d07f3 - Break out make targets so that distributors that don't want full docs 
can pick targets they want. Patch from Arkadiusz Miskiewicz <arekm at
  maven.pl>.

- Comment out debug dump of generate af_names.h
 2010-03-16 15:18:55 -07:00
Steve Beattie
b403bbdf82 Fix perl swig bindings so that libapparmor can be built when configured 
without perl. Thanks to Arkadiusz Miskiewicz <arekm at maven.pl>.
 2010-03-16 15:00:26 -07:00
Steve Beattie
8c7fea39d4 Expand parser stress test to included regexs and rlimit rules. 2010-03-15 11:31:38 -07:00
John Johansen
9efd526f6f Fix memory leak during dfa minimization. 
Dfa minimization wasn't deleting the states it eliminated during the
minimization process, and hence leaking memory.
 2010-03-13 02:23:23 -08:00
Steve Beattie
4ab92b62f5 Fix debug options so they don't go through the dfa engine, significantly 
speeding up the time to emit debugging information.
 2010-03-12 15:26:32 -08:00
Steve Beattie
bd1b72ad42 *whimper* last portiong of the strict-aliasing fix. 2010-03-12 15:20:22 -08:00
Steve Beattie
bccd45a22e Bah, managed to forget part of the last commit. The other half of fixing 
the strict-aliasing bit, the portion that I don't like.
 2010-03-12 15:16:06 -08:00
Steve Beattie
3b9b2158c1 Fix strict aliasing issue that triggered a bug in the parser_symtab unit 
tests. I don't like the solution because it exposes a data structure
definition outside of the only file that should know it's layout.

Also, fixed the Makefile to fail the build when one of the unit test
programs fails. :-(
 2010-03-12 14:41:58 -08:00
Steve Beattie
2a0df39961 Ease memory usage by collating rules in string form rather than as Rule 
objects. Add randomly generating profile flags.
 2010-03-12 03:05:25 -08:00
Steve Beattie
21875a520d Fix leaking file descriptors on included files. 2010-03-12 01:50:26 -08:00
John Johansen
6c23d48649 Bump versioning to AppArmor 2.5 2010-03-10 23:07:29 -08:00
Steve Beattie
4094043011 Fix up some testcase description fields 2010-03-10 21:38:10 -08:00
Steve Beattie
970807f01a Merge in stress test changes before ext4 eats them. 2010-03-10 21:09:15 -08:00
Steve Beattie
66286494a2 Resurrect another of the stress tests; it kinda works, though it requires 
killall-ing a few things in order to make it stop. And alas, it does seem
to eventually cause kernel hangs with 2.6.32-16. (Committing now before ext4
eats my changes and brain.)
 2010-03-10 20:56:47 -08:00
Steve Beattie
140495fe64 Make kernel stress tests work again (kill.sh works at least) 2010-03-10 17:56:51 -08:00
John Johansen
04a872f927 Add some new profile flag tests to validate parsing of the new flags 
controlling nameresolution.
 2010-03-10 17:00:24 -08:00
Steve Beattie
60f6153446 Fixup parser stress test to work with modern parser args.. 2010-03-10 16:11:39 -08:00
John Johansen
e2737566ff Fix genprof/logprof to handle create (c) and delete (d) permissions that 
are being reported by the kernel modules auditing.
 2010-03-10 15:30:06 -08:00
Jamie Strandboge
dd3a979827 apparmor_notify: call getopt and check for -h before trying to open audit.log, 
so help can be used as non-root when auditd is installed
 2010-03-10 10:11:26 -06:00
Steve Beattie
69d59f80ed Don't (un)load flattened hats on removal, as the kernel pulls them out 
automatically (and the parser emits an error due to this).
 2010-03-09 01:38:12 -08:00
Steve Beattie
ebe59ca483 Add a simple 'cx' mode testcase. I *think* I'm specifying it correctly. 2010-03-08 22:28:22 -08:00
Steve Beattie
fc669861fe Yuck, fix up bogus type conversions. Also fix up some PDEBUG statements, 
to make debugging why things are going wrong in specific examples
easier.
 2010-03-08 21:49:16 -08:00
Steve Beattie
61c61f9aab Add some unit tests for processunquoted() -- sadly it handles octals 
fairly wrong. Need to fix, but not tonight. Le sigh
 2010-03-08 20:38:54 -08:00
Jamie Strandboge
fd3baa930e add ubuntu-bittorrent-clients and ubuntu-media-players abstractions 2010-03-08 13:50:25 -06:00
Jamie Strandboge
df05261cd3 add /etc/sound to audio abstraction 2010-03-08 13:49:37 -06:00
Jamie Strandboge
75d858a764 apparmor_notify: add -w NUM -- wait NUM seconds before displaying notifications 
(with -p)
 2010-03-03 11:30:55 -06:00
John Johansen
5709d94710 Add the ability to control how path mediation is done at the profile level 2010-02-17 12:21:52 -08:00
Kees Cook
4f5686901b include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
John Johansen
725328c209 Allow for a location to alias to multiple locations. Ie. 
alias / -> /rofs,
alias / -> /rwfs,
 2010-02-12 13:51:27 -08:00
John Johansen
ee00b0cea2 Update aliases so that they apply properly to profile names. 
Instead of updating the profile name, allow a profile to have multiple
alternate names.  Aliases are now added as alternate names and matched
through the xmatch dfa.
 2010-02-12 13:49:58 -08:00
John Johansen
eafddd3cea Fix alias to keep old rule and add new one instead of updating old rule. 
Alias was broken because it when an alias was made the old path was completely
removed and there was no way to specify it.  Update it so aliases just add
an new duplicate rule instead.
 2010-02-12 13:46:55 -08:00
John Johansen
94b2a345f2 Fix -S flag so the profile can be dumped to stdout again 
The changes to the loader permission logic broke the -S flag, so update
the test so that we can dump out the profile again.
 2010-02-12 13:44:00 -08:00
Jamie Strandboge
e0ca522633 fix pod2man error in apparmor_notify.pod 2010-02-12 10:25:02 -06:00
Jamie Strandboge
a58c1b5119 utils/Makefile: install apparmor_notify 
add utils/apparmor_notify.pod
 2010-02-12 10:14:11 -06:00
John Johansen
7d940743cb Add change_hatv and change_hat_vargs calls to libapparmor. 
These replacement routines allow an application to avoid the probing
behavior of earlier version of change_hat.  Allowing them to be faster
and have better learning characteristics.
 2010-02-11 15:38:24 -08:00
John Johansen
f999b49843 Add change_profile onexec to libapparmor 2010-02-11 15:37:25 -08:00
John Johansen
7592c80db5 Update build version tags to 2.5~pre 2010-02-11 15:36:16 -08:00
Kees Cook
60fb075419 libraries/libapparmor/src/scanner.l: dynamic string handling to avoid stack overflows on log parsing (LP: #519686) 
Bug: https://launchpad.net/bugs/519686
 2010-02-10 15:13:55 -08:00
John Johansen
91f0f0053f Update regression tests test harness for known problems to use xpass and 
xfail instead of known_{pass,fail}, also have it only reports unexpected
results, error for when result != what it should, and Alert for when it
result is what is should be but is a known problem and hence expected
to report something else.

Also update the regression tests for known problems under AppArmor 2.5,
this does not fix all known problems, (ie hats being removed differently
and hence resulting in unable to load profile errors, and the mknod
problem on alternate runs of the test suite, nor xattrs tests not ensuring
that the fs supports xattrs).
 2010-02-06 23:04:57 -08:00
John Johansen
56d1be6ca6 Update ptrace test to fix case where unconfined is ptracing child helper 
which is now allowed and add case where confined app is ptracing child
which isn't allowed.
 2010-02-06 20:09:55 -08:00
John Johansen
516e3f60e4 update change_hat tests for correct error codes on AppArmor 2.5 2010-02-06 20:08:51 -08:00
John Johansen
db796ef3f1 Update test harness to allow for tests defined by profile X 2010-02-06 20:07:44 -08:00
John Johansen
335b088dd0 Bump version to 2.4 2010-02-04 14:41:36 -08:00
John Johansen
98ea04e7c6 Deprecate old management applications that are no longer supported and 
do not work.
 2010-02-04 14:39:27 -08:00
Jamie Strandboge
737cd15707 apparmor_notify: allow -s option with -p 2010-02-04 00:15:24 -08:00
Jamie Strandboge
3d899affcf apparmor_notify: 
- handle being called as something other than apparmor_notify
- simple aggregation on first run
 2010-02-03 21:51:59 -08:00