mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 00:41:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1492 commits 23 branches 109 tags 32 MiB
Commit graph

1492 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steve Beattie
4265cecdfa From: Marc Deslauriers <marc.deslauriers@ubuntu.com> 
Acked-By: Steve Beattie <steve@ubuntu.com>
Ref: https://bugs.launchpad.net/bugs/431929

Parse log entries containing an ouid.

(I added a testcase to Marc's fix.)
 2009-09-18 21:13:04 +00:00
Kees Cook
317a3a0ad2 load test profiles from commandline instead of stdin 2009-08-25 00:26:57 +00:00
John Johansen
0018491c1e Add basic changeprofile re test and enable changeprofile tests by default 2009-08-21 20:39:45 +00:00
John Johansen
aced280818 Make cache warning respect the quiet flag 2009-08-20 23:48:32 +00:00
John Johansen
0320e0e849 Update changeprofile tests 
Have the parser skip the caches
 2009-08-20 23:46:48 +00:00
John Johansen
e43065cfe0 Add user side support for pux exec mode 2009-08-20 15:41:10 +00:00
John Johansen
6998f6fc3d Add 64bit capabilities 2009-08-20 15:27:12 +00:00
John Johansen
747d7da402 Revert broken 64bit capabilities patch 2009-08-20 15:26:12 +00:00
John Johansen
c80b2c9766 Fix library resolution when linux-vdso.so.1 is used instead of 
linux-vdso32.so.1 or linux-vdso64.so.1
 2009-08-20 12:33:29 +00:00
John Johansen
ed8530d9b6 start of some changeprofile tests 2009-08-20 04:13:08 +00:00
Kees Cook
7e962a409c expand short-option list to include -T 2009-08-19 15:07:53 +00:00
Kees Cook
bf7c9c8567 document missing options in the apparmor_parser man page 2009-08-19 14:45:05 +00:00
Kees Cook
07d3b17eb4 add --skip-read-cache to allow for --write-cache when -r should happen without reading the old cached profiles 2009-08-19 14:44:40 +00:00
John Johansen
9e27a95b8e Enable profile names with regular expressions. This requires a newer 
kernel.
 2009-07-30 06:09:19 +00:00
John Johansen
4f3e6daae9 Fix the clone regression test so that the correct end of the stack is 
used.
 2009-07-28 02:17:10 +00:00
John Johansen
9c532c444b Add a couple capability tests 2009-07-25 03:57:22 +00:00
John Johansen
22d883b4d3 cleanup asprintf return value being ignored warnings 2009-07-24 23:47:46 +00:00
John Johansen
c8fa7815a6 Update capabilities to support 64 bit caps 2009-07-24 23:37:03 +00:00
Steve Beattie
b8cde97ab7 Bah, the whole using linux/socket.h get AF_* tokens versus sys/socket.h 
thing again. Fix to use the kernel's definition of AF_MAX in
linux/socket.h if it's larger than glibc's AF_MAX definition in
sys/socket.h and add a wrapper function so that we don't have include
af_names.h everywhere.

Also, fix memory leaks around the handling of network entries of
policies.
 2009-07-24 17:24:41 +00:00
Kees Cook
098598c98d update short-option list to match the long-option list 2009-07-24 14:57:10 +00:00
Steve Beattie
f9c5756b4d * fix a few more memory leaks 
* undocumented symbol table dumping short options weren't actually
   accepted by the parser.
 2009-07-24 13:24:53 +00:00
Steve Beattie
1b069745b3 * fix another small memory leak in #include handling 
* more code formatting changes because I'm a jerk whose mental lexer
   needs whitespace to properly tokenize code.
 2009-07-24 12:18:12 +00:00
Steve Beattie
5a8a692628 Bah, revert in-progress change that accidentally got committed in rev 
1421.
 2009-07-24 12:06:17 +00:00
Steve Beattie
da52731c75 * fix small memory leak in parser_main.c 
* fixup instances of my inability to spell separator
  * minor code formatting cleanup in parser_lex.l
 2009-07-24 11:56:07 +00:00
Steve Beattie
ed86641695 Fixup testcase description. 2009-07-24 11:34:30 +00:00
Steve Beattie
f579d5efe6 Add a couple more situations around include suffix ignoring. 2009-07-24 11:11:39 +00:00
John Johansen
a7a1cb3827 test for ignored suffixes 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:38:10 +00:00
John Johansen
ab3d7edcdc add loading from and writing to cache options 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:36:09 +00:00
John Johansen
33d01a980a allow multiple profiles to be parsed from the command line 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:39 +00:00
John Johansen
af902dddf1 during policy load, return errors instead of exiting 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:19 +00:00
John Johansen
1fd75ff4f4 actually use -q when loading 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:54 +00:00
John Johansen
c4c430dcd0 fix comments to be non-recursive 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:30 +00:00
John Johansen
627c044e4d add parser subsystem reset functions 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:11 +00:00
John Johansen
0137b992b4 move -D_GNU_SOURCE to Makefile for parser_lex.l to gain it 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:39 +00:00
John Johansen
397ead10af add aare_reset_matchflags() to reset match flags 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:09 +00:00
John Johansen
6afe6185be Fix change_profile so that it works with regular expressions (lpn390810) 
Change_profile was broken so that it couldn't parse expressions that
weren't path based or started with a variable.  Furthermore if the name
held any expressions it was not hanlded correctly, as it was being passed
directly to dfa conversion without going through glob -> pcre conversion.
 2009-07-23 21:18:37 +00:00
Steve Beattie
298b32e82e Fix up another include test that was failing for the wrong reason. 2009-07-23 20:38:59 +00:00
Steve Beattie
f67f92652a Fix up a couple of testcase includes that got broken in the reorg. 2009-07-23 20:27:54 +00:00
John Johansen
8a780d6f6d Rearrange tests into subdirectories, so that it is easier to see what tests 
are currently present.
 2009-07-23 07:42:57 +00:00
John Johansen
a03d354ee5 Enable simple.py to traverse subdirectories. This will allow splitting 
up the simple_tests/ dir into several subdirs, so they are easier
to manage.
 2009-07-22 22:19:23 +00:00
Steve Beattie
a08658b46d Add a couple of testcases around change_profile keyword and different 
types of profile names.
 2009-07-22 15:43:46 +00:00
John Johansen
100d791e84 Update mount test to allow for cability sys_admin, allowing mount and unmount 2009-07-08 21:35:28 +00:00
John Johansen
3850ede5cf Fix aliases so that aliases are applied to the profile name as well as 
the entries

Add rewrite as an alternative alias keyword
 2009-06-10 20:26:31 +00:00
Steve Beattie
5a2b875b81 parser/Makefile: 
* move network families to filter out into a separate variable to
   so that the list doesn't get lost in a complex sed invocation
 * pull out the actual macro definitions from linux/socket.h and use
   them if glibc's sys/socket.h (really bit/socket.h) hasn't caught up
   with the family definitions.
 2009-06-10 19:20:51 +00:00
Steve Beattie
54037862e6 Fix formatting from last commit. 2009-06-10 17:51:09 +00:00
John Johansen
5998357682 Add option to force that read implies exec from user side. 2009-06-10 15:37:27 +00:00
Steve Beattie
b240be37cc Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Acked-By: Steve Beattie <steve@nxnw.org>

- correct --as-needed linkflag
- use autotools to check for dbus and libaudit-dev properly
 2009-05-13 04:20:48 +00:00
Steve Beattie
5d38632153 Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Acked-By: Steve Beattie <steve@nxnw.org>

Fix a typo in the header.
 2009-05-12 22:03:13 +00:00
Steve Beattie
719bfd2011 Fix aclocal warning. 2009-05-12 21:58:54 +00:00
Steve Beattie
c3f9d75abe Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Acked-By: Steve Beattie <steve@nxnw.org>

This patch allows libapparmor to be built out of tree.
 2009-05-12 21:56:56 +00:00