mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
773 commits 23 branches 109 tags 32 MiB
Commit graph

113 commits

Author SHA1 Message Date
Steve Beattie
6c1d6fdd80 Patch from jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Support placing the permission modes first before the pathname. This
makes things somewhat more consistent with other types of permissions
(capability [specific_cap], network [stuff], etc.).
 2007-07-27 20:55:25 +00:00
Steve Beattie
318df7804a Patch from jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Allow using the keyword "hat" in place of the magic symbol '^'
 2007-07-27 20:48:24 +00:00
Steve Beattie
9c4e50e7ca Patch from jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Use file_mode to remove duplicated code. Prelim for reordering file
permissions.
 2007-07-27 20:47:17 +00:00
Steve Beattie
3216755358 Patch by jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Use correct terminology; convert unconstrained to unconfined.
 2007-07-27 20:45:45 +00:00
Steve Beattie
9df76dbcda Patch by jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Add mediation/keywords for locks.
 2007-07-27 20:38:43 +00:00
Steve Beattie
95d6ab1b1b Patch by jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Add support for a distinction between write permission and append-only
permission.
 2007-07-27 20:31:38 +00:00
Steve Beattie
2737f6bc97 Patch by jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Support for basic network mediation keywords.
 2007-07-27 20:29:47 +00:00
Steve Beattie
b383370856 Patch by jjohansen@suse.de 
Acked-By: Steve Beattie <sbeattie@suse.de>

Don't allow commas at the end of an ID.
 2007-07-27 20:27:41 +00:00
Steve Beattie
86e5ed3109 Patch from jjohansen@suse.de 
Fix debugging with CHANGE_PROFILE.
 2007-07-27 20:25:59 +00:00
Steve Beattie
a6f387a17e Fix gcc warning about possible uninitialized use of the ms variable; if 
match_string is NULL, the out: cleanup will test ms for !NULL and free
it, even though it hasn't been initialized.
 2007-07-18 14:22:59 +00:00
John Johansen
d5f43d5a4f remove stupid debug fprintf statements that got left in 2007-06-27 01:27:44 +00:00
John Johansen
12f3472c09 basic change_profile support 2007-06-26 21:10:28 +00:00
John Johansen
5655affcda flatten hats for individual profile load 2007-06-26 21:09:46 +00:00
Steve Beattie
a97558b1f7 fix formatting of description field in initscripts 2007-05-28 03:42:26 +00:00
Steve Beattie
f442a50a4d convert a malloc/strcpy to just a straight strdup(). 2007-05-24 22:07:39 +00:00
Steve Beattie
c2d927e710 Fix return code propogation in the initscripts, and return the 
correct return code in the try-restart case properly when apparmor is
not loaded.
 2007-05-24 05:00:34 +00:00
Steve Beattie
42acd17489 Quiet techdoc build output when not building in verbose mode. 2007-05-15 20:02:15 +00:00
Steve Beattie
02528b7281 Ugh, how did I mess up the changelog entry like that? Sigh. 2007-05-15 19:36:49 +00:00
John Johansen
87b55accec Allow inverted character classes in non-quoted pathnames. This conflicts 
with old style hats but we haven't allowed for them for a couple of years.

Disable tests that check for old style hats.
 2007-05-10 05:21:44 +00:00
Steve Beattie
ba524dcf1c Fix small memory leak. 2007-05-09 14:47:52 +00:00
Steve Beattie
9467d933df Add a little more oddball space formatting test of hat definitions. 2007-05-08 06:28:08 +00:00
Steve Beattie
9bfe436dff Kill some bogus readme text 
Pull in conversion to texlive-latex from openSUSE
Mark manpages as documentation (I didn't know files outside of
/usr/share/doc/packages/%{name}-%{version} could be marked as such).
 2007-04-25 20:50:21 +00:00
Steve Beattie
4e2bf5ab74 Resurrect apparmor-docs package, this time as a subpackage of 
apparmor-parser. The html version of the parser manpages as well as pdf,
html, and text versions of the techdoc are included in the -docs
package.

Disabled a regression stress test that is a bit problematic on 64bit
arches; the stress test itself is a bit absurd given how many rules it
generates.
 2007-04-14 04:48:56 +00:00
Steve Beattie
c8eb1e4c42 Move the techdoc to the apparmor-parser package. 2007-04-12 06:01:40 +00:00
Seth Arnold
a48588ef80 clean up the BNF-ish language description; indicate the trailing-slash requirement for directories; add a few new change_hat applications 2007-04-11 23:47:58 +00:00
John Johansen
cd79c1ac77 update copyright dates 2007-04-11 08:12:51 +00:00
Steve Beattie
77cc03023e Subject: initscript: subdomain -> apparmor 
This patch converts some of the internal references from subdomain to
apparmor (and s/sd/aa/ as well). Variables referenced in
/etc/apparmor/subdomain.conf (which also needs to be renamed) are not
renamed.
 2007-04-04 21:56:08 +00:00
Steve Beattie
1696851ec4 Subject: initscript: kill debug option 
The apparmor module no longer supports being loaded with the
subdomain_debug module argument. Kill the option that tried to do this.
 2007-04-04 21:36:10 +00:00
Steve Beattie
f309bbd8e7 Subject: initscript: kill rebuild option 
[This is a slight update to a patch originally by jjohansen@suse.de]

The ability of the rcapparmor initscript to rebuild the apparmor module
if attmepts to load the module failed had been broken for a while; this
patch rips out the option altogether. The ability to drop to runlevel
1 if the apparmor module can't be loaded is still available, if not
recently tested.
 2007-04-04 21:28:43 +00:00
Steve Beattie
5cc6094944 Subject: initscript: support builtin apparmor 
This patch, based on prior versions by jjohansen@suse.de, reworks the
rcapparmor initscript to support apparmor as a kernel builtin, instead
of just a module.
 2007-04-04 21:23:42 +00:00
Steve Beattie
67a12028f2 Subject: initscript: ignore more dpkg 
In the recent fixups for Ubuntu/Debian, .dpkg-new files got added to the
set of profile names that get ignored. Alas, that only got added in one
of two locations in the initscript; this patch fixes that by making a
common test function that both locations use.
 2007-04-04 20:42:26 +00:00
Steve Beattie
feb167c51a Move some common manpage cleanup to common/Make.rules (and clean up 
pod2html tmpfiles). Also mark manpages to be ignored by svn.
 2007-04-03 20:12:16 +00:00
Steve Beattie
24606ec70b Subject: Add manpages to the parser package 
Move the apparmor.d(5), apparmor(7), apparmor_parser(8),
subdomain.conf(5) and apparmor.vim(5) (for lack of a better location)
into the apparmor-parser package.
 2007-04-03 19:04:10 +00:00
Andreas Gruenbacher
cd1eaa88a0 Add DFA table format README. 2007-04-03 13:53:24 +00:00
Andreas Gruenbacher
b9057fd0bc Remove obsolete definition. 2007-03-30 20:39:11 +00:00
Andreas Gruenbacher
b379c2dcc3 Introduce reference counting for syntax tree nodes. Use that to share AcceptNodes, and split the bits in AcceptNodes to minimize the number of states. 2007-03-30 20:38:51 +00:00
Steve Beattie
b547067e8d This patch fixes the parser to do duplicate rule elimination after 
variable expansion occurs, not before.
 2007-03-30 18:34:37 +00:00
John Johansen
9d6cd4ffa8 make dfa the default output mode 2007-03-30 17:32:00 +00:00
Steve Beattie
abe841d7c4 Add an 'all' target for the pcre subdir. 2007-03-30 16:30:15 +00:00
Steve Beattie
7a4b823826 Always traverse subdirs to determine whether things need to be rebuilt 
or not.
 2007-03-30 16:26:50 +00:00
Jesse Michael
bef39bbff8 Add an empty install-debian: target to keep the makefile from blowing up 
when running on Debian/Ubuntu systems and also make the init script skip
*.dpkg-new files when loading profiles.
 2007-03-30 16:09:50 +00:00
Andreas Gruenbacher
b73d827660 Fix build: screwed up because the build dependencies are broken; changes to regexp.y don't trigger the appropriate rebuilds 2007-03-30 15:58:15 +00:00
Andreas Gruenbacher
212b828384 Comment out some dead code 2007-03-30 15:20:57 +00:00
Andreas Gruenbacher
36e95daeb8 Get rid of all the POS_ and some other unused definitions 2007-03-30 14:59:13 +00:00
Andreas Gruenbacher
aeb6205ce8 Add reference counting on class Node so that we will be able to reuse AcceptNodes 2007-03-30 14:13:56 +00:00
Steve Beattie
1bdc66f696 Add buildrequires on flex and bison, from coolo@suse.de 2007-03-29 21:46:20 +00:00
Steve Beattie
79e6a4fec5 This patch fixes up a couple of bashisms in the rc.apparmor.functions 
file that prevented it from working correctly on systems where /bin/sh
isn't bash, and is probably more readable to boot. It still will parse
things properly when confined binaries or thier corresponding profiles
contain spaces in their names.

Fix based on feedback and patches from Arkadiusz Miskiewicz
<arekm@maven.pl>/PLD and Kees Cook/Ubuntu.
 2007-03-27 18:38:28 +00:00
Steve Beattie
a2b9ac62fc Minor initscript cleanups thanks to Kees Cook and Magnus Runesson's 
Ubuntification.
 2007-03-26 20:52:45 +00:00
Steve Beattie
ec03fafc16 Whoops, referred to a a couple of aa_eventd functions in 
rc.apparmor.functions.
 2007-03-24 00:13:04 +00:00
Steve Beattie
f85eb7fdc2 Fix build failure. 2007-03-23 23:52:36 +00:00