file that prevented it from working correctly on systems where /bin/sh
isn't bash, and is probably more readable to boot. It still will parse
things properly when confined binaries or thier corresponding profiles
contain spaces in their names.
Fix based on feedback and patches from Arkadiusz Miskiewicz
<arekm@maven.pl>/PLD and Kees Cook/Ubuntu.
fix getprocattr so that it returns the start of the profile name string
instead of the end of it.
A rcu-locking-docs.txt
Change the locking docs to reflect the locking changes for rcu
aa_task_contexts
A fix-rename-file-type.diff
Use the dentry->inode to determine if the medieated dentry is a directory.
The use of the inode that is pasted in is incorrect because it is
often the parent inode of the dentry being mediated.
A misc-typos.diff
Fix a few miscellaneous typos
A rcu-stale-forward-ptr.diff
A rcu-caps-cache-comment.diff
Add a comment as to why resetting the caps cache instead of propogating it
is the right thing to do.
A warn-info-messages.diff
Convert AA_WARN to us aa_audit_message, most of these messages while
not necessary for learning mode should be present in the logs with
the other apparmor messages.
A rename-activate-unpack.diff
rename the interface routines to use unpack instead of activate, its
simpler and more standard.
j
which sets of files they ignore (rpm backups, dotfiles, and emacs
backups). It moves the tests into a common function so that
modifications only need to occur in one location.
AppArmor's use of RCU is non-standard in that the profile is RCU protected
and ref count protected at the same time. A race can occur between
removing a task removing profile reference from the subdomain and another
task getting a reference to the profile from the subdomain.
Task A Task B
tmp = read subdomain->profile
subdomain->profile = NULL
aa_put_profile(subdomain->profile) <- ref_count goes to 0
aa_get_profile(tmp)
profile is put on rcu_callback list
aa_put_profile(profile)
profile is put on rcu_callback list
again using same rcu_head
The problem lies in the subtle distinction of the profile reference count
held by a subdomain, vs. all other profile reference counts.
The reference count held by the subdomain is an RCU protected reference
count so the profile it references can only be freed after an rcu cycle.
The reference being only read side RCU protected can be read at any
point is the rcu cycle before the subdomain->profile reference is updated.
The updating of the profile reference count is not atomic to this
resulting in the race.
Using seperate put functions for the rcu protected subdomain->profile
reference vs other profile references, where the rcu put adds the profile
to the rcu callback list and the regular put frees the profile directly
won't work either since rcu reference count has the same race.
This just results in the profile being freed twice instead of putting the
profile on the rcu callback list twice.
however in that the capability hooks never get called. This shouldn't
be a big problem since AppArmor already composes capability through
use of common cap.
This just prevents the user from having to deal with/understand the
error message that occurs when the capability module fails to stack
with AppArmor.
than the VALID_FS_CHECK because it is simpler and can account for
all filesystem types that shouldn't be mediated. Where the old
VALID_FS_CHECK would fail for filesystem not in its list.
result in incorrect removal of " (deleted)" from the pathname.
The race is as follows:
the path contains " (deleted)", which is unlikely but valid
during path lookup the path is valid
after path lookup before the deleted test the dentry is unhashed
the deleted test now succeeds but the pathname never had " (deleted)"
appended by d_path. The paths " (deleted)" string is removed
and an incorrect path is returned
are currently running while logprof/genprof is used being left in the
null-complain profile instead of being moved to the profile the user
has just specified.
the profiles are updated correctly though, so if the application is
stopped and restarted, it will be confined by the appropriate profile.
utils package and manually fixed some places where perltidy's
reformatting made it harder to read. the options used were--
-i=4 # 4-space indentation
-l=0 # unlimited line length (for now)
-pt=2 # slightly tightened parens
-ce # cuddled elses
-nolq # don't outdent long quotes
-nsfs # don't add spaces in front of semi-colons in for ( ) statements
-isbc # only indent block comments that have whitespace in front of them
-otr # don't place a break between a comma and an opening brace
the code will be refactored to make it possible to switch to using
80-column line-breaks without resorting to really nasty formatting
constructs.
