mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 09:21:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1245 commits 23 branches 109 tags 32 MiB
Commit graph

1245 commits

This branch
This branch
All branches
Author SHA1 Message Date
John Johansen
c0533b390b Reintroduce calling back into tree simplification when any modifications have 
been made but only from the top level.  This allows us to get the
optimizations that were missed, while not causing the massive recursive call
explosion we had before.
 2008-11-20 13:21:23 +00:00
John Johansen
1855fde331 Reduce the use of simplify recursion, repeating the recursion of single 
changes is a waste especially as we get to larger subtrees.

Unfortunately this also means that a fair bit of optimization is lost.
 2008-11-20 13:18:30 +00:00
John Johansen
91eb71e9fa Improve tree normalization 
- reduce the amount it is called, and the amount of recursion it does
- fix a bug that would prevent trees from being fully normalized
 2008-11-19 16:54:26 +00:00
John Johansen
77eb67b5a0 Fix problem where named execute transitions were not being applied, for hats 
and local profiles.  bnc#446574
 2008-11-19 14:00:06 +00:00
Steve Beattie
6cfcb1a823 Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Description: fix compile on build

Patch from Gentoo community:
  - fix up a couple of missing semicolons in syntax (bison compensates
    by emitting it's own)
  - Fix yet another variable tyop in rc.apparmor.functions
  - dump stderr of ls in rc.apparmor.functions to /dev/null
  - add an install-unknown make target
 2008-11-18 17:33:38 +00:00
Steve Beattie
aed481debe Add simple testcase for alias duplicate detection. 2008-11-16 00:49:43 +00:00
Steve Beattie
96e124bf8d Bah, the last commit message was wrong; it added support for mixing 
alias rules and variable declarations within the preamble of a profile.

This commit adds another testcase for alias rules; one in which there is
an overlapping pair of aliases. The parser parses it, but based on -dd
output, I don't believe it's treating it properly.
 2008-11-14 16:46:16 +00:00
Steve Beattie
cc923edf3c - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-14 16:25:44 +00:00
Steve Beattie
6b793b1a8b Add a testcase for the alias handling 2008-11-13 23:48:11 +00:00
Steve Beattie
b07ec7d81b - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-13 23:28:38 +00:00
John Johansen
052c58403d fix init script dependency to use $null on stop 2008-11-07 14:11:34 +00:00
John Johansen
5b97455878 Improve dfa generation. 
Apply tree factoring and simplification techniques to reduce the number of
states used in computing the dfa.  This can have an exponential impact
on both space and time for dfa generation.
 2008-11-07 13:00:05 +00:00
John Johansen
8db35802f9 allow external hats to begin with ^ 2008-11-07 12:54:52 +00:00
John Johansen
6c39288cec fix init script functions so that they don't make use of utilities from 
/usr/bin, which will break /usr if they are on a remote filesystem
 2008-11-07 12:53:37 +00:00
John Johansen
528b1435da Update translation files 2008-11-07 12:04:00 +00:00
John Johansen
4f2821bce0 Update translation files 2008-11-07 12:02:32 +00:00
John Johansen
ecf9412623 Update translation files 2008-11-07 12:01:08 +00:00
John Johansen
f6d502017d Allow introspection in avahi bnc#431222 2008-11-07 05:52:01 +00:00
John Johansen
7d6b94b4c2 fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
John Johansen
6911dfd7d6 Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
John Johansen
42c43bb520 fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:33:57 +00:00
John Johansen
6b6c57887c Reverting previous commit. 2008-11-07 01:31:19 +00:00
John Johansen
1b0dd32cca fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:19:55 +00:00
Steve Beattie
32696e32bc Things will also be painfully broken if there's a profile for /bin/dash, 
which serves as /bin/sh on ubuntu.
 2008-11-06 22:48:32 +00:00
John Johansen
7d8f597c86 Update firefox profile as base for firefox 3 2008-11-05 16:00:39 +00:00
John Johansen
a77734a600 add reject for Novell bnc#425041 2008-11-05 14:53:00 +00:00
John Johansen
7e49a0004b Update ntpd to contain rejects for bnc#433368 and bnc#402693 2008-11-05 14:23:25 +00:00
John Johansen
aab94f31c0 Allow ntp to have capability dac_override 2008-11-05 14:10:08 +00:00
John Johansen
434bbfc409 Fix ntp chroot rejects Novell bnc#256291 2008-11-05 14:08:43 +00:00
John Johansen
148ed13b5e Fix reject for opensuse 11.1 listed in Novell bugzilla bnc#405317 2008-11-05 12:03:29 +00:00
John Johansen
f772109c4d Fix rejects reported in Novell bnc#436849 2008-11-05 11:57:34 +00:00
Steve Beattie
288aed8886 Fix uninitialized variable warning if /etc/apparmor/repository.conf does 
not exist.
 2008-11-04 20:37:57 +00:00
Steve Beattie
e56ed9a68a From: Jesse Michael <jesse.michael@comcast.net> 
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

The format of audit messages that are redirected to syslog because
auditd isn't running changed between Hardy and Intrepid and now have
the type=NNNN field before the audit tag like--

Nov 1 22:24:43 box kernel: [ 158.113592] type=1503
audit(1225603483.635:5): operation="inode_permission" requested_mask="r::"
denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034
profile="/usr/sbin/cupsd"

I believe this patch will address the moved type=NNNN field as well as
capturing non-matching logfile input instead of printing it to stdout.

Patch modified by Steve Beattie <sbeattie@ubuntu.com> to take into
account a couple of different situations.

https://bugs.launchpad.net/bugs/271252
https://bugzilla.novell.com/show_bug.cgi?id=441381
 2008-11-04 20:19:59 +00:00
Steve Beattie
e6e3447c19 More testcases around syslog parsing. 2008-11-04 17:42:25 +00:00
Steve Beattie
023fe19c6d Add a testcase for the passthrough of unparsed input to stdout as 
reported in https://bugs.launchpad.net/bugs/271252
 2008-11-03 19:39:34 +00:00
Steve Beattie
449abea6b5 Add a testcase for the syslog format change documented in LP#271252 2008-11-03 19:34:29 +00:00
Steve Beattie
f1de0575d1 Removing old-style log message testcase; sadly, it's unlikely that will 
ever support this message type in the log parsing library, given that
there shouldn't be much out there generating old style audit messages
anymore.
 2008-11-03 17:48:43 +00:00
Steve Beattie
5c9177fa81 Fixing missing testcase error file 2008-11-03 17:38:08 +00:00
Steve Beattie
6c526f081f Fix compiler warning in the test_multi test program. 2008-11-03 17:17:48 +00:00
Steve Beattie
0ebee05092 Fix a compilation error on ubuntu; wondering if there's older distros 
where glibc doesn't provide /usr/include/dirent.h.
Also fixed a compilation warning around fprintf sizes.
 2008-10-08 19:43:28 +00:00
John Johansen
93f22b7fd6 fix bad parameter merge on apparmor_ptrace 2008-10-03 20:43:43 +00:00
John Johansen
2873f3effd Add apparmor patches for 2.6.27, and related aufs patches. 2008-09-30 16:00:31 +00:00
John Johansen
b3a1923a8f update to 2.3.1 2008-09-12 10:40:04 +00:00
John Johansen
fe07cb1e6c fix miss spell word transtion bnc383310 2008-09-12 06:52:39 +00:00
John Johansen
c149ae6097 Finish adding support to allow the parser to loaded dumped profiles 
generated using
  apparmor_parser profile -S >binary_profile

can now be loaded using
  apparmor_parser -B binary_profile
 2008-09-10 08:44:53 +00:00
John Johansen
ac88f71c63 Allow the parser to load opensuse 11.0 style hats and newer 2.3 style hats 2008-09-10 08:42:49 +00:00
John Johansen
f2dec0e337 fix for bnc408846, where network rules are repeatedly prompted for even when 
a matching rule is in the profile.
 2008-09-10 08:38:44 +00:00
John Johansen
4fb77c6f5d fix 3 bugs currently convered by bnc408877 
- flags being dropped from hats
- rules can be poorly split on writing the profile
- identical rules with different permissions are not properly combined, so
  that only permissions of the last rule are kept
 2008-09-10 08:36:59 +00:00
John Johansen
ddfb6fb978 update for missing comma 2008-07-03 02:30:56 +00:00
John Johansen
6a3e6c68be update patches to 2.6.26 2008-07-02 20:24:33 +00:00