that links to the patches will be posted to the wiki and the mailing
list.
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: John Johansen <john.johansen@canonical.com> (on irc)
the beginning of the script and add an additional sleep before the
parser invocation that generates the cache file for the first time.
Submitted-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Kees Cook <kees@ubuntu.com>
done to fix the bug where abstraction updates do not cause the cache
file to become invalid.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
operation so that the caching tests can be added to the build. Update
caching tests to detect non-ns-resolution filesystems and back off
on the timing test.
Nominated-by: Kees Cook <kees.cook@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
to debug why and where a policy load failed. For now just ignore it.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
a comment and document why its there and what to do with it once the
old entry types are cleaned up.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
capname fields in LSM_AUDIT records; For now just use capname and
silently drop capability when it is found.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Update log parser grammar to handle new LSM-audit log messages.
Add testcases for new LSM-audit log messages.
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Kees Cook <kees@ubuntu.com>
that the upstream 2.6.36 kernel is missing.
All Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
This teaches pam_apparmor about the current errno returned by the
kernel when the hat that was passed does not exist in the profile (but
other hats exist). (LP: #619521)
It differs to the fix in trunk in that, to be more conservative in
the change, it does not remove the EPERM case, even though it should
not be needed anymore.
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Kees Cook <kees@ubuntu.com>
Changes the table resizing so that there is always sufficient high
entries in the table, preventing bounds violations from occurring.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
node themselves to reduce memory usage and make node labeling per dfa
rather than global.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
These commits should bring apparmor_notify and apparmor_notify.pod
up to what is in trunk. In short:
- add long options
- cleanup output
- better handle auditd
- handle logfile rotation
- use seteuid() to drop privileges so we can raise/drop after log
file rotation. Add -u USER option for dropping privileges when not
using sudo
- man page updates
- group like entries together when using -v with -s (and later cleanups
including LP: #582075)
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
