mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
478 commits 23 branches 109 tags 32 MiB
Commit graph

478 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jesse Michael
7780d79c8d remove last vestiges of Immunix::Ycp in deference to official ycp module 2007-03-19 02:29:47 +00:00
Jesse Michael
c878e09840 fixes for bz #179656 - missing localization in subdomain.pm 2007-03-18 20:25:25 +00:00
Jesse Michael
5b2dd25bb1 revert broken commit. i'll check in the discrete fixes from the last checkin 
in a second and then follow those up with the corrected cleanup fixes.
 2007-03-18 19:44:57 +00:00
John Johansen
5643deb42e patch to make dfa table numbers match flex table numbers 2007-03-15 22:26:45 +00:00
Steve Beattie
5fe5803aa7 Fix a couple of warnings in the recent trailing slash commit. 2007-03-14 22:35:55 +00:00
John Johansen
e5cced8ba0 change dfa table entry numbering to match flex 2007-03-14 22:02:50 +00:00
John Johansen
ef7a0adff8 change dfa table numbering to match flex 2007-03-14 22:01:16 +00:00
John Johansen
51b25bd3e5 Handle differentation of directories and files via / for the dfa engine. 
This causes the dfa engine to not strip trailing /
and to handle /*/ /**/ and /* and /** cases specially so that directories
don't get matched unintentionally

aare       pcre
/foo/* -> /foo/[^/][^/]*	so the dir /foo/ will not match the rule
/foo/** -> /foo/[^/].*
/*/foo -> /[^/][^/]*/foo	so the rule won't match //foo
/**/foo -> /[^/].*/foo

rules that contain more than a * or ** between dir / elements do not
get converted, ie.

/foo*
/foo**
/foo*/
/foo**/
/*foo
/**foo
/*foo/
/**foo/

there is a known case where this patch is incomplete.  When there
exists an alternation that can be empty and * or ** ie.
/{foo,}*
/{foo,*}
 2007-03-14 22:00:39 +00:00
Steve Beattie
a39a3b0410 Add tests to openat to test what names apparmor sees when a rename 
occurs between the open(dir) and openat(file) calls.
 2007-03-14 19:53:10 +00:00
Steve Beattie
94d4ac649e Fixup the openat.sh test as well. 2007-03-13 22:10:45 +00:00
John Johansen
e102bd2651 fixes to issues that came up in updating the regression tests 2007-03-13 21:44:05 +00:00
Steve Beattie
063bb1b26e Fix up some of the patches after I messed them up by incorporating some of their changes. 2007-03-13 18:27:21 +00:00
Jesse Michael
1de5bdbacc fix missing include to silence compiler warnings 2007-03-13 16:52:28 +00:00
Jesse Michael
505155a48e use the appropriate pam_modutil_* wrapper functions if possible 2007-03-13 16:29:03 +00:00
Steve Beattie
30a2252adf Add some basic tests for openat(). Need to add tests that delete the 
opened directory before the openat() call occurs.
 2007-03-13 11:57:36 +00:00
Steve Beattie
3f32351793 Misc cleanups. 2007-03-13 11:32:04 +00:00
Jesse Michael
c0b7fc812d add minor cleanup to match up with recommendations from the kernel 
CodingStyle documentation
 2007-03-12 18:39:53 +00:00
Dominic Reynolds
8fb0f8f3d1 Fixes for BZ 179656, 233768. Add new capabilities rating to sverity.db, 
localization fixes in SubDomain.pm and Reports.pm.
 2007-03-12 14:12:40 +00:00
Steve Beattie
7b391f3d5c Add a testcase to verify when clone() is allowed. 2007-03-08 23:40:10 +00:00
Steve Beattie
b0733fb3a4 Based on a patch from jjohansen@suse.de, does s/constrained/confined/ in 
comments and descriptions. A later patch will fix it for the few
testcases that actually check the value in /proc/pid/attr/current.
 2007-03-08 21:23:17 +00:00
Steve Beattie
19235e440a Patch by jjohansen@suse.de: fix the syscall_chroot test to work even 
when chroot pathnames are reported against the namespace root instead of
the chroot root.
 2007-03-08 21:00:12 +00:00
John Johansen
b787d8ac21 Patches against test suite to match the for-mainline branch 2007-03-08 17:15:12 +00:00
Steve Beattie
23f05801f6 Add testcases for fchmod/fchown and clean up some formatting in the 
original chmod/chown tests.
 2007-03-08 00:09:47 +00:00
Steve Beattie
ad542aba23 Add a test for cap net_bind_service w/tcp. Alas, this test is still 
disabled.
 2007-03-07 18:54:28 +00:00
Steve Beattie
beac286a5c Run fork.c through lindent. 2007-03-06 20:13:31 +00:00
Andreas Gruenbacher
0c7f8233e8 Rename mount-consistent-d_cache.diff to mount-consistent-d_path.diff. 2007-03-01 21:18:35 +00:00
Andreas Gruenbacher
7df0fde677 Add proposal for unlink permission checking. 2007-03-01 06:16:18 +00:00
Andreas Gruenbacher
da080ef1a4 Add parentheses. 2007-03-01 06:06:51 +00:00
Andreas Gruenbacher
76e0141e21 Fix link-subset-check.diff and add more rigid link-subset-check-2.diff variant for discussion. 2007-03-01 05:02:27 +00:00
Andreas Gruenbacher
584a4a2bbd Make the computation of exec_mode more obvious. 2007-03-01 04:15:51 +00:00
Steve Beattie
065b7bf660 Add a couple of testcases to the hardlink test. 2007-02-28 17:39:53 +00:00
Andreas Gruenbacher
c20016faf5 Make nfsd compile again after file-handle-ops-2.diff. 2007-02-27 23:47:47 +00:00
Andreas Gruenbacher
e4d1ddd10c Really add file-handle-ops-2.diff now. 2007-02-27 22:16:11 +00:00
Andreas Gruenbacher
ba440ad5b8 Ad xattr hook changes needed for proper file descriptor handling. Add file-handle-ops-2.diff for handling xattrs and file read/write. 2007-02-27 22:13:49 +00:00
Andreas Gruenbacher
6184196ce2 Remove junk from constrained-to-confined.diff. 2007-02-27 09:45:27 +00:00
Andreas Gruenbacher
59454ecf49 Add mount-consistent-d_cache.diff and file-handle-ops.diff. Update to last link-subset-check.diff proposal. Minor rediffs to get rid of offsets. 2007-02-27 08:42:00 +00:00
John Johansen
3bc6bf34ab add fixes to locking and more minor cleanups 2007-02-27 05:09:23 +00:00
John Johansen
f3ba454d8c Add dfa support to the parser 2007-02-27 02:29:16 +00:00
Andreas Gruenbacher
06a239c9c8 Enable fix-aa_register.diff. Add no-new-namespaces.diff. 2007-02-24 18:14:47 +00:00
Andreas Gruenbacher
bd442e3869 Add clarify-audit-status-handling.diff. Fix 247679 in link-subset-check.diff. Uncomment ptrace.diff and link-subset-check.diff in series.conf. 2007-02-23 22:33:00 +00:00
Andreas Gruenbacher
4ca2496f50 d_namespace_path fix; rename aa_get_pathname back to aa_get_name. Add tell-files-from-dirs.diff. 2007-02-23 07:38:14 +00:00
Andreas Gruenbacher
79f88b5458 Add tentative aa_link refinement. Comment out this patch and the ptrace patch for now. 2007-02-23 06:28:15 +00:00
Andreas Gruenbacher
0b96655a5c Allow confined processes th ptrace other processes if they have CAP_SYS_PTRACE. 2007-02-23 05:11:21 +00:00
Andreas Gruenbacher
487a7b4e73 Two minor cleanups / improvements 2007-02-22 04:45:15 +00:00
John Johansen
353f21162e fix link permission checks to emit message in complain mode when profile is missing necessary link permissions 2007-02-22 01:04:50 +00:00
John Johansen
6946b405c1 fix link permission checks to emit message in complain mode when profile is missing necessary link permissions 2007-02-22 01:04:11 +00:00
Andreas Gruenbacher
ee4c70b261 Add tentative aa_register fix. 2007-02-21 08:34:17 +00:00
Andreas Gruenbacher
d462346781 Add locking documentation 2007-02-21 01:16:40 +00:00
Andreas Gruenbacher
0f97882aa3 Another bunch of cleanups, including a big locking rewrite. 2007-02-21 01:08:46 +00:00
John Johansen
8eb8d6df7d convert syscall rejects to use GFP_ATOMIC allocations, the GFP_KERNEL allocations can cause spinlock recursion in these hooks. 2007-02-20 07:41:23 +00:00