are computed and stored in a map, that is not cleaned up. This means that the labeling
is retained across different dfas.
Move the labeling into expr node as this takes less memory than using a map and will
also separates node labeling so its per dfa instead of global. In addition this means
the labeling is cleanedup/freed when the expr tree is freed without any extra work.
each expression tree node and then used as input to create the dfa states.
Currently they are not being freed until the nodes are destroyed, but the information
is no longer needed once the dfa has been created. Cleaning them up early reduces
peak memory usage.
* a non-include related syntax error (errors/modefail.sd)
* multiple successful includes followed by a failed include
(errors/multi_include.sd)
It also fixes two issues with the parser's line counting:
* the count began at 0 (demonstrated by the first testcase's error
being reporting on one line less than it should be), and
* an extra line increment when includes were detected (demonstrated
by the second testcase's error being reported at a line beyond the
correct linenumber.
The existing testcases did not catch these because they were all
based on the first include in the file failing and so the start of
the count from 0 counteracted the extra counted line.
paths. Secondly, the /lib64 -> /lib symlink would mean the
/lib64/ld-linux symlink would incorrectly be generated as
/lib64/ld-N.NN.so which still has a symlink in its path, and thus
apparmor wouldn't permit the access. Fixing by having readlink
canonicalize the entire path.
ack thppt.
when auditd logs get rotated)
- use getgrnam() with setgid when dropping to nobody_group
- add '-u USER' option to drop to this user when running priviliged but
not under sudo. Useful for starting when logged in as root.
- add a read access check before get_logfile_inode() so we don't have to
wait for the timeout in get_logfile_inode()
- set euid only when dropping privileges, instead of using POSIX::setuid()
which sets uid, euid and saved id when starting privileged
- create send_message() function which fork/execs so that we can set the
real uid before calling notify-send (notify-send looks at the real uid
when trying to connect to dbus)
- adjust reopen_logfile() to raise privileges (via euid) before accessing
logfile when $< != $>. Drop them again after open().
- also check for inode change
- update size to use stat
- treat logfile_size like logfile_inode
- update logfile_size and logfile_inode in reopen_logfile()
- add -f option to optionally specify the logfile
- when polling, check to see if the logfile size decreased, and if so, reopen
it. Currently this only works if you can read the file after dropping
privileges
tests. I don't like the solution because it exposes a data structure
definition outside of the only file that should know it's layout.
Also, fixed the Makefile to fail the build when one of the unit test
programs fails. :-(
