exported in the environment. Without it, merely setting the CFLAGS
environment variable would not affect the compilation of the parser,
though it was still possible to override it by passing the variable
as an argument (e.g. make all CFLAGS="-Oinsane -Wextra-special").
It also makes the default CFLAGS for the parser consistent with
the default for the C++ dfa library, and passes the flags on to
the library.
An audit of the other bits of C showed that they either supported
CFLAGS during configure or were otherwise honoring CFLAGS when set
as environment variable.
the common/Make.rules file into common/Version so that libapparmor's
configure.in can make use of it, meaning there's one less thing to
adjust when updating the version. It also bumps the trunk version
from 2.5 to 2.5.90 in (perhaps excessively long) preparation for the
2.6.0 release, and to indicate that it's newer than the 2.5.x branch.
tarballs and converts some of the common/Make.rules targets to get
version information from bzr. As part of this, the tarball generation
creates a .stamp_rev file in the common directory which contains both
the name of the bzr repo exported from as well as the revision.
This just adds prototypes to all functions to make further cleanup
slightly easier by getting perl to complain if not enough args are
passed to a function. Perl doesn't appear to complain about this in
every case even with prototypes, which is kind of annoying.
One of the uses of eval { } wasn't checking $@ for errors, so if
something bad happened, it'd be silently ignored. This just adds in
an extra check to die if we hit a failure.
loopback mounted filesystem to operate on, to guarantee that the mount
option user_xattr is enabled (it's disabled by default on Ubuntu).
With this change, a number of the user xattr testcases that were
expected to pass but weren't started working; however, some of the
ones that were failing as expected are now passing. I've touched up
the expectations as well.
script and add an additional sleep before the parser invocation that
generates the cache file for the first time, to avoid failures in the
"Profiles are cached when requested:" test on ext3 and other filesystems
without fine-grained enough timestamps.
parsing, and precompilation of policy. This allows finding the most
recent text time stamp during parsing and this is then compared to
the cache file time stamp.
While this is slightly slower than the cache file check that only
validated against the profile file it fixes the bug where abstraction
updates do not cause the cache file to become invalid.
capability is reported by LSM_AUDIT and is just the capability number.
capname is reported by the apparmor module and is the name the kernel
knows the capability as.
For now just use capname and silently drop capability when it is found.
started. Since apparmor_notify is not installed by default and not started
by default, the act of installing and starting it implies the desire to
get messages.
https://bugs.launchpad.net/apparmor/+bug/623467
This patch adds some additional testcases to the log parsing
testsuite, to cover rejections for operations that aren't covered by
other testcase (truncate, rename_src, rename_dest, mkdir) as well
as fixing SubDomain.pm to take those operations into account when
parsing log files.
The operations link, unlink, and possibly setattr still need to be
covered by SubDomain.pm
kernel when the hat that was passed does not exist in the profile (but
other hats exist). It also removes the very old EPERM case, which hasn't
been accurate for a while. (LP: #619521)
this results in
Unable to open output file - Success
to be output to standard error.
This occurs because despite specifying kernel_load = 0, the kernel load
parts are still being done, and failing.
