mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1387 commits 23 branches 109 tags 32 MiB
Commit graph

1387 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steve Beattie
6f7dad8790 Merge: r1389: add 'k' to /var/lib/samba/**.tdb in the samba abstraction 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:26:22 -07:00
Steve Beattie
f0d5b09b9f Merge: r1397-r1398: adjust cgi path for php5 abstraction (LP: #538661) 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:24:35 -07:00
Steve Beattie
ab10eafaaf Merge r1406: abstractions/user-tmp: require 'owner' matching 
Nominated-by: Jamie-Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:22:54 -07:00
Steve Beattie
aa106808fd Merge: r1409: statvfs allowed by default 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:21:10 -07:00
John Johansen
6c23d48649 Bump versioning to AppArmor 2.5 2010-03-10 23:07:29 -08:00
Steve Beattie
4094043011 Fix up some testcase description fields 2010-03-10 21:38:10 -08:00
Steve Beattie
970807f01a Merge in stress test changes before ext4 eats them. 2010-03-10 21:09:15 -08:00
Steve Beattie
66286494a2 Resurrect another of the stress tests; it kinda works, though it requires 
killall-ing a few things in order to make it stop. And alas, it does seem
to eventually cause kernel hangs with 2.6.32-16. (Committing now before ext4
eats my changes and brain.)
 2010-03-10 20:56:47 -08:00
Steve Beattie
140495fe64 Make kernel stress tests work again (kill.sh works at least) 2010-03-10 17:56:51 -08:00
John Johansen
04a872f927 Add some new profile flag tests to validate parsing of the new flags 
controlling nameresolution.
 2010-03-10 17:00:24 -08:00
Steve Beattie
60f6153446 Fixup parser stress test to work with modern parser args.. 2010-03-10 16:11:39 -08:00
John Johansen
e2737566ff Fix genprof/logprof to handle create (c) and delete (d) permissions that 
are being reported by the kernel modules auditing.
 2010-03-10 15:30:06 -08:00
Jamie Strandboge
dd3a979827 apparmor_notify: call getopt and check for -h before trying to open audit.log, 
so help can be used as non-root when auditd is installed
 2010-03-10 10:11:26 -06:00
Steve Beattie
69d59f80ed Don't (un)load flattened hats on removal, as the kernel pulls them out 
automatically (and the parser emits an error due to this).
 2010-03-09 01:38:12 -08:00
Steve Beattie
ebe59ca483 Add a simple 'cx' mode testcase. I *think* I'm specifying it correctly. 2010-03-08 22:28:22 -08:00
Steve Beattie
fc669861fe Yuck, fix up bogus type conversions. Also fix up some PDEBUG statements, 
to make debugging why things are going wrong in specific examples
easier.
 2010-03-08 21:49:16 -08:00
Steve Beattie
61c61f9aab Add some unit tests for processunquoted() -- sadly it handles octals 
fairly wrong. Need to fix, but not tonight. Le sigh
 2010-03-08 20:38:54 -08:00
Jamie Strandboge
fd3baa930e add ubuntu-bittorrent-clients and ubuntu-media-players abstractions 2010-03-08 13:50:25 -06:00
Jamie Strandboge
df05261cd3 add /etc/sound to audio abstraction 2010-03-08 13:49:37 -06:00
Jamie Strandboge
75d858a764 apparmor_notify: add -w NUM -- wait NUM seconds before displaying notifications 
(with -p)
 2010-03-03 11:30:55 -06:00
John Johansen
5709d94710 Add the ability to control how path mediation is done at the profile level 2010-02-17 12:21:52 -08:00
Kees Cook
4f5686901b include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
John Johansen
725328c209 Allow for a location to alias to multiple locations. Ie. 
alias / -> /rofs,
alias / -> /rwfs,
 2010-02-12 13:51:27 -08:00
John Johansen
ee00b0cea2 Update aliases so that they apply properly to profile names. 
Instead of updating the profile name, allow a profile to have multiple
alternate names.  Aliases are now added as alternate names and matched
through the xmatch dfa.
 2010-02-12 13:49:58 -08:00
John Johansen
eafddd3cea Fix alias to keep old rule and add new one instead of updating old rule. 
Alias was broken because it when an alias was made the old path was completely
removed and there was no way to specify it.  Update it so aliases just add
an new duplicate rule instead.
 2010-02-12 13:46:55 -08:00
John Johansen
94b2a345f2 Fix -S flag so the profile can be dumped to stdout again 
The changes to the loader permission logic broke the -S flag, so update
the test so that we can dump out the profile again.
 2010-02-12 13:44:00 -08:00
Jamie Strandboge
e0ca522633 fix pod2man error in apparmor_notify.pod 2010-02-12 10:25:02 -06:00
Jamie Strandboge
a58c1b5119 utils/Makefile: install apparmor_notify 
add utils/apparmor_notify.pod
 2010-02-12 10:14:11 -06:00
John Johansen
7d940743cb Add change_hatv and change_hat_vargs calls to libapparmor. 
These replacement routines allow an application to avoid the probing
behavior of earlier version of change_hat.  Allowing them to be faster
and have better learning characteristics.
 2010-02-11 15:38:24 -08:00
John Johansen
f999b49843 Add change_profile onexec to libapparmor 2010-02-11 15:37:25 -08:00
John Johansen
7592c80db5 Update build version tags to 2.5~pre 2010-02-11 15:36:16 -08:00
Kees Cook
60fb075419 libraries/libapparmor/src/scanner.l: dynamic string handling to avoid stack overflows on log parsing (LP: #519686) 
Bug: https://launchpad.net/bugs/519686
 2010-02-10 15:13:55 -08:00
John Johansen
91f0f0053f Update regression tests test harness for known problems to use xpass and 
xfail instead of known_{pass,fail}, also have it only reports unexpected
results, error for when result != what it should, and Alert for when it
result is what is should be but is a known problem and hence expected
to report something else.

Also update the regression tests for known problems under AppArmor 2.5,
this does not fix all known problems, (ie hats being removed differently
and hence resulting in unable to load profile errors, and the mknod
problem on alternate runs of the test suite, nor xattrs tests not ensuring
that the fs supports xattrs).
 2010-02-06 23:04:57 -08:00
John Johansen
56d1be6ca6 Update ptrace test to fix case where unconfined is ptracing child helper 
which is now allowed and add case where confined app is ptracing child
which isn't allowed.
 2010-02-06 20:09:55 -08:00
John Johansen
516e3f60e4 update change_hat tests for correct error codes on AppArmor 2.5 2010-02-06 20:08:51 -08:00
John Johansen
db796ef3f1 Update test harness to allow for tests defined by profile X 2010-02-06 20:07:44 -08:00
John Johansen
335b088dd0 Bump version to 2.4 2010-02-04 14:41:36 -08:00
John Johansen
98ea04e7c6 Deprecate old management applications that are no longer supported and 
do not work.
 2010-02-04 14:39:27 -08:00
Jamie Strandboge
737cd15707 apparmor_notify: allow -s option with -p 2010-02-04 00:15:24 -08:00
Jamie Strandboge
3d899affcf apparmor_notify: 
- handle being called as something other than apparmor_notify
- simple aggregation on first run
 2010-02-03 21:51:59 -08:00
Jamie Strandboge
858d535389 apparmor_notify: simple aggregation on first run 2010-02-03 21:50:05 -08:00
Jamie Strandboge
767bf6d1d7 apparmor_notify: handle being called as apparmor_notify or aa-notify 2010-02-03 20:56:38 -08:00
Jamie Strandboge
29a95e10de rename apparmor-notify to apparmor_notify 
update apparmor_notify to read ~/.apparmor/notify.conf
 2010-02-01 17:30:04 -08:00
John Johansen
8dd795dec1 Rework the partitioning to take advantage of Partitions now being a list 2010-01-31 23:21:00 -08:00
John Johansen
8bcfa1a32f Move partitions from using sets to lists as this is a better match 
for what is being done.
 2010-01-31 23:19:54 -08:00
John Johansen
e984b6ff74 Seperate Partition definition for States. This is a small step to cleaning 
up the code
 2010-01-31 23:18:14 -08:00
John Johansen
1179c1a42c Improve partitioning performance slightly by inserting new partitions 
imediately after the current partition being considered, instead of
at the back of the parition list.  This does two things, it makes it
more likely the data is in cache, and it also in general results in
more partitions being created in a single pass.
 2010-01-31 23:12:33 -08:00
Kees Cook
69ebfc4cda update python shared library paths for "pyshared" 2010-01-29 10:10:31 -08:00
Jamie Strandboge
26499f965b utils/apparmor-notify: adjust copyright to match the rest of the source 2010-01-28 10:58:38 -06:00
Jamie Strandboge
75b07641fd add utils/apparmor-notify and utils/notify.conf, but don't install yet 2010-01-28 10:25:09 -06:00