Call aa_change_profile(), instead of aa_change_onexec(), when
--immediate is passed in.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Create a simple aa-exec implementation, written in C, matching the
--help, --debug, --verbose, and --profile options present in the current
Perl implementation.
The new aa-exec sources reside in the binutils/ directory.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
aa-enabled should live in /usr/bin, rather than /sbin, since it is not
used in early boot and requires no root privileges.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
r2637 added support for parsing unix rules, but forgot to add write
support. The result was that a profile lost its unix rules when it was
saved.
This patch adds the write_unix_rules() and write_unix() functions (based
on the write_pivot_root() and write_pivot_root_rules() functions) and
makes sure they get called at the right place.
The cleanprof testcase gets an unix rule added to ensure it's not
deleted when writing the profile. (Note that minitools_test.py is not
part of the default "make check", however I always run it.)
References: https://bugs.launchpad.net/apparmor/+bug/1522938https://bugzilla.opensuse.org/show_bug.cgi?id=954104
Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk, 2.10 and 2.9.
This means:
- expect unicode (instead of str) when reading from a file in py2
- convert keys() result to a set to avoid test failures because of
dict_keys type
After this change, all tests work for both py2 and py3.
Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk and 2.10.
python 3 uses only the 'str' type, while python 2 also uses 'unicode'.
This patch adds a type_is_str() function to common.py - depending on the
python version, it checks for both. This helper function is used to keep
the complexity outside of the rule classes.
The rule classes get adjusted to use type_is_str() instead of checking
for type(x) == str, which means they support both python versions.
As pointed out by Tyler, there are also some type(...) == str checks in
aare.py and rule/__init__.py which should get the same change.
Finally, add test-common.py with some tests for type_is_str().
References: https://bugs.launchpad.net/apparmor/+bug/1513880
Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk and 2.10
Note: 2.10 doesn't contain SignalRule, therefore it doesn't get that
part of the patch.
Add regression tests for the --profile, --namespace, and --immediate
options of aa-exec.
A new variable is added to uservars.inc to point to the in-tree or
system aa-exec depending on the presence of the USE_SYSTEM=1 make
variable at build time.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Clean up the Makefile by removing distro-related install targets. These
should not be needed.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
The new aa-enabled program can be used as a barebones replacement for
`aa-status --enabled`. It is written in C, rather than Python, which
keeps its dependencies to a minimum.
By default, aa-enabled prints a human-readable status of AppArmor's
availability to stdout. It supports a --quiet option which allows for
functionality equivalent to `aa-status --enabled`, which does not print
any messages.
The aa-enabled exit statuses mimic the behavior documented in the
aa-status(8) man page.
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Incorporated feedback from the code review process]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Don't catch AppArmorExceptions in aa-easyprof any longer and rely on
apparmor.fail to print the exception to stderr.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
The patch also switches to using error() instead of a plain print() for
AppArmorException, which means prefixing the error message with 'ERROR: '
References: https://bugs.launchpad.net/apparmor/+bug/1521400
Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk and 2.10.
https://launchpad.net/bugs/1526085
Revno 2934 'Add fns to handle profile removal to the kernel interface'
introduced a regression in the parser's namespace support by causing the
--namespace-string option to be ignored. This resulted in the profile(s)
being loaded into the global namespace rather than the namespace
specified on the command line.
This patch fixes the bug by setting the Profile object's ns member, if
the --namespace-string option was specified, immediately after the
Profile object is allocated.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
'change_hat' events have the target profile in 'name2', not in 'name'
(which is None and therefore causes a crash when checking if it contains
'//')
Also add the log event causing this crash to the libapparmor testsuite.
References: https://bugs.launchpad.net/apparmor/+bug/1523297
Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9.
Parsing variables was broken in several ways:
- empty quotes (representing an intentionally empty value) were lost,
causing parser failures
- items consisting of only one letter were lost due to a bug in RE_VARS
- RE_VARS didn't start with ^, which means leading garbage (= syntax
errors) was ignored
- trailing garbage was also ignored
This patch fixes those issues in separate_vars() and changes
var_transform() to write out empty quotes (instead of nothing) for empty
values.
Also add some tests for separate_vars() with empty quotes and adjust
several tests with invalid syntax to expect an AppArmorException.
var_transform() gets some tests added.
Finally, remove 3 testcases from the "fails to raise an exception" list
in test-parser-simple-tests.py.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9
(which also implies 2.10)
Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't
get that part of the patch.
This patch adds a check-local target to libapparmor/testsuite/Makefile.am
that checks the logfile generated by the test_multi tests
(libaalogparse.log) and errors out if
- the logfile doesn't exist (which might mean that dejagnu isn't installed
- the logfile contains 'ERROR'
This isn't the best solution I can imagine, but it's the only/easiest
way I found that doesn't need changing of autogenerated files.
Also extend clean-local to delete libaalogparse.{log,sum}
Finally, add test_multi/testcase_syslog_read.err (empty file) to avoid
make check fails.
Acked-by: John Johansen <john.johansen@canonical.com>
Also adjust test-signal.py for AARE (it needs a change in _compare_obj())
and enable the regex-based tests.
Acked-by: John Johansen <john.johansen@canonical.com>
The AARE class is meant to handle the internals of path AppArmor regexes
at various places / rule types (filename, signal peer etc.). The goal is
to use it in rule classes to hide all regex magic, so that the rule
class can just use the match() method.
If log_event is given (which means handing over a raw path, not a regex),
the given path is converted to a regex in convert_expression_to_aare().
(Also, the raw path is used in match().)
BTW: The reason for delaying re.compile to match() is performance - I'd
guess a logprof run calls match() only for profiles with existing log
events, so we can save 90% of the re.compile() calls.
The patch also includes several tests.
Acked-by: John Johansen <john.johansen@canonical.com>
Having a list of rule types/classes at several places is annoying and
error-prone. This patch centralizes the list in aa.py.
This also means ask_the_question() in aa.py will now (in theory) support
'change_profile' and 'rlimit'. In practise, that doesn't change anything
because logparser.py doesn't support change_profile events yet - and
rlimit doesn't cause any log events.
Also add some long overdue copyright headers.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
In detail, this means:
- handle signal events in logparser.py
- "translate" those events in aa.py - from log (logparser.py readlog())
to prelog (handle_children()) to log_dict (collapse_log()) to
log_obj (ask_the_questions())
(yes, really! :-/ - needless to say that this is ugly...)
- finally ask the user about the signal in ask_the_questions()
Also add a logparser test to test-signal.py to ensure the logparser step
works as expected.
Note that the aa.py changes are not covered by tests, however they
worked in a manual test.
Acked-by: John Johansen <john.johansen@canonical.com>
As Kshitij mentioned, abstract methods should use NotImplementedError
instead of AppArmorBug.
While changing this, I noticed that __repr__() needs to be robust against
NotImplementedError because get_raw() is not available in BaseRule.
Therefore the patch changes __repr__() to catch NotImplementedError.
Of course the change to NotImplementedError also needs several
adjustments in the tests.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
(long before branching off 2.10, therefore I'll also commit to 2.10)
It's pointless to keep a separate file for those tests - they integrate
well in test-signal.py.
After the move, test-signal_parse.py is empty and will be deleted.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
Besides 'signal', also 'change_profile' and 'rlimit' cleanup was missing
for the main profile.
In aa.py delete_duplicates() (used to check includes), only 'signal' was
missing.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
This means:
- import the classes instead of RE_PROFILE_SIGNAL
- simplify signal rule parsing a lot
- drop the (now unused) functions parse_signal_rule() and write_signal_rules()
- change write_signal() to use the SignalRuleset class
Also drop the now unused Raw_Signal_Rule from rules.py.
Finally, drop most parser signal tests from the "known wrong results"
blacklist in test-parser-simple-tests.py because those tests succeed
with SignalRule.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
The tests in test-signal_parse.py used aa.parse_signal_rule(), which is
based on Raw_Signal_Rule (= regex check + "just store it").
This patch changes the tests to test against SignalRule.get_clean().
Since get_clean() does some cleanups, the expected result slightly
differs from the original rule.
Finally switch to the AATest class and setup_all_loops() we use in most
tests.
Also change test-regex_matches.py to import RE_PROFILE_SIGNAL directly
from apparmor.regex instead of apparmor.aa (where it will vanish soon).
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
Those classes will be used to parse and handle signal rules.
They understand the (surprisingly complex) syntax of signal rules.
Note that get_clean() doesn't output superfluos things, so
signal ( send ) set = ( int ),
will become
signal send set=int,
Also add a set of tests (100% coverage :-) to make sure everything works
as expected.
This is a merged commit of the following patches:
- 07-add-SignalRule-and-SignalRuleset.diff
- 13-test-signal-compare_obj.diff
- 17-signal-rule-cleanup.diff
- 21-test-signal-rename-tests.diff
- 22-signal-rule-adjustments.diff
- 24-signal-rule-fix-error-message.diff
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
(all patches in this commit)
As a preparation for the SignalRule class, add a <details> match group
to RE_PROFILE_SIGNAL.
Also adjust test-regex_matches.py for the added group.
Note: RE_PROFILE_SIGNAL is only used in aa.py, and only matches[0..2]
are used. 0 and 1 are audit and allow/deny and 2 is and stays the whole
rule (except audit and allow/deny). Therefore no aa.py changes are
needed.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.10
Creating a file is in theory covered by the 'a' permission, however
discussion on IRC brought up that depending on the open flags it might
not be enough (real-world example: creating the apache pid file).
Therefore change the mapping to 'w' permissions. That might allow more
than needed in some cases, but makes sure the profile always works.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for 2.9, 2.10 and trunk
For debugging, it's helpful to know which part of the code initialized a
profile_storage and for which profile and hat this was done.
This patch adds an 'info' array with that information, adds the
corresponding parameters to profile_storage() and changes the callers to
deliver some useful content.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.10
We replaced parse_audit_allow() with parse_modifiers() in r2833, but
overlooked that parse_modifiers() returns allow/deny as boolean. This
resulted in storing bare file rules in aa[profile][hat]['path'][False]
instead of aa[profile][hat]['path']['allow'] (or True instead of 'deny'
for 'deny file,' rules), with the user-visible result of loosing bare
file rules when saving the profile.
This patch converts the boolean value from parse_modifiers back to a
string.
Note: 2.9 is not affected because the old parse_audit_allow() returns
'allow' or 'deny' as string, not as boolean.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for trunk and 2.10
The last utils/test/Makefile change switched to using the in-tree
libapparmor by default (unless USE_SYSTEM=1 is given). However, I missed
to add the swig/python parts of libapparmor to PYTHONPATH, so the
system-wide LibAppArmor/__init__.py was always used.
This patch adds the in-tree libapparmor python module to PYTHONPATH.
I'm sorry for the interesting[tm] way to find out that path, but
a) I don't know a better / less ugly way and
b) a similar monster already works in libapparmor/swig/python/test/ ;-)
Acked-by: John Johansen <john.johansen@canonical.com> for 2.9 and trunk
(that also implies 2.10 ;-)
To make things more interesting, /usr/bin/python and /usr/bin/python[23]
are symlinks to /usr/bin/python[23].[0-9], so we have to explicitely
list several versions.
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com> for 2.9, 2.10 and trunk
2.9.x and 2.10 had some time stamp bugs around cache handling that
result in the cache getting a wrong time stamp, and then not getting
correctly updated when policy changes.
Force cache recompiles for these versions by bumping the parser abi
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
syslog-ng needs to access both the permanent /var/log/journal/ and the
non-permanent /run/journal/.
I also included /var/run/journal/ to stay consistent with supporting
both /run/ and /var/run/.
Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9.
This makes print()ing a class object much more helpful - instead of
<apparmor.rule.network.NetworkRule object at 0x7f416b239e48>
we now get something like
<NetworkRule> network inet stream,
(based on get_raw())
A NetworkRuleset will be printed as (also based on get_raw())
<NetworkRuleset>
network inet stream,
allow network inet stream, # comment
</NetworkRuleset>
Also add tests to test-network.py to ensure that __repr__() works as
expected.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
aa-logprof is able to parse all profiles, so there is no longer a
reason to skip this test.
This patch reverts r2097 and r2098 from 2013-01-02.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
Acked-by: John Johansen <john.johansen@canonical.com>
(and now that the tests work even if logprof.conf doesn't exist,
Steve's NACK is no longer valid)
