mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
5425 commits 23 branches 109 tags 32 MiB
Commit graph

5425 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steve Beattie
16ede09541 Fix a tyop and add corresponding profile names for other error 
conditions.
 2006-09-13 20:06:16 +00:00
Steve Beattie
e291f9933e Add a user tunable setting to add arguments to the parser invocations, 
if necessary.  Currently used to suppress warnings about unsafe/unfiltered
environment 'u' exec transitions. 

[Corresponds to rev 6415 in the old svn repo]
 2006-09-13 18:40:52 +00:00
Steve Beattie
c59d7489be [This commit corresponds to revs 6425 and 6429 in the old svn repo] 
This commit adds a test that checks to see if exec unconfined -->
confined requires any access to the binary being run confined. Current
behavior is that it does not.
 2006-09-12 22:22:51 +00:00
Steve Beattie
5bc7850467 Convert the struct expected by ptrace.c to be struct user from 
asm-xxx/user.h rather than struct user_regs_struct, as we had a report
that that wasn't available on some arches.
 2006-09-12 20:57:29 +00:00
Steve Beattie
76cbeb9892 [This corresponds to commits 6414, 6415, 6417, 6422, 6423, and 6424 in 
the old svn tree.]

This patch adds tests to verify the environment filtering done in the Px
and Ux cases. It tests the environment from both an elf executable and
from a shell script. Also verifies that with the apparmor module loaded,
environment filtering on setuid apps still happens.
 2006-09-12 05:55:31 +00:00
Steve Beattie
1cd7fe23d4 [https://bugzilla.novell.com/show_bug.cgi?id=129516] 
Relicense file to GPL (don't know why it wasn't caught originally). Made
it look in the right location, but doesn't appear to function -- I don't
know if that's due to language changes or if it ever worked. Seth Arnold
will need to comment.
 2006-09-11 21:46:44 +00:00
Steve Beattie
08651d770b [https://bugzilla.novell.com/show_bug.cgi?id=203557] 
Add support for python egg archives as well as python 2.5. Perhaps the
python version should be seperated into a variable?
 2006-09-11 21:17:43 +00:00
Steve Beattie
2803303d19 Have svn ignore autogenerated .mo files 2006-09-11 20:20:54 +00:00
Steve Beattie
aa470621a4 Check in an internationalization change that got missed in the 'm' mode 
update.
 2006-09-11 20:12:47 +00:00
John Johansen
c235cfb8aa Add the Kbuild files that got add in the Makefile patch but weren't added to svn 2006-08-30 00:55:04 +00:00
John Johansen
0e8b2acd9a change module init type so that the module will work when compiled as a builtin 2006-08-30 00:44:01 +00:00
John Johansen
f5645aca78 change from use of unsigned long to gfp_t for memory allocation flags 2006-08-30 00:43:12 +00:00
John Johansen
acb8945d38 Add the unsafe exec flag and change exec to handle both safe (environment scrubbed by loader) and unsafe execs. 2006-08-30 00:42:09 +00:00
John Johansen
802ba1fad1 Add the m permission bit and change the way exec permissions for mmap are handled 2006-08-30 00:40:36 +00:00
John Johansen
a9e9d7fe1d remove dead code 2006-08-30 00:39:49 +00:00
John Johansen
912cb42ccb fix allocations for the audit subsystem that must be GFP_ATOMIC 2006-08-30 00:39:07 +00:00
John Johansen
b1a492d2fe fix error where a confined parent could take control of an unconfined child by getting the unconfined child to ptrace it 2006-08-30 00:38:15 +00:00
John Johansen
f5c23403a7 fix error that could cause oops when an error occured in dentry translation with no inode 2006-08-30 00:36:48 +00:00
John Johansen
ea7c6f7e8b fix error where name lookup was not properly propogating failure (errors) 2006-08-30 00:34:38 +00:00
John Johansen
b6430e3f83 properly set return code for changehat interface 2006-08-30 00:33:36 +00:00
John Johansen
7b15ddcef5 revert to using auditsd tag instead of auditaa because this is what is in suse kernels 2006-08-30 00:31:36 +00:00
John Johansen
e53c2f9db3 revert back to using d_path instead of d_path_flags 2006-08-30 00:30:46 +00:00
John Johansen
f2f5d972e4 Replace some minor uses of subdomain with apparmor 2006-08-30 00:29:49 +00:00
John Johansen
a9bd7afd94 bring Makefile up to latest version 2006-08-30 00:29:10 +00:00
John Johansen
1d152eecb8 Import nextgen branch of AppArmor 2006-08-30 00:27:59 +00:00
John Johansen
145432c805 fork apparmor module to checkin next gen code base 2006-08-30 00:19:50 +00:00
Seth Arnold
770d7d521e crispin noticed that this profile includes a pointless Px domain transition 2006-08-21 22:11:47 +00:00
Dominic Reynolds
704e1e4d36 Initial checkin 2006-08-16 16:32:49 +00:00
Seth Arnold
f9df421131 Ralf Spenneberg fixup for make install target 2006-08-09 22:39:20 +00:00
Matt Barringer
be64d6bed4 Turned the uid=0 check back on. 2006-08-05 21:05:25 +00:00
John Johansen
39adc91bbb fix xattr regression test. variable perm was being modified as a side affect of called functions so it was passing the wrong perm to the tests. 2006-08-04 22:39:16 +00:00
John Johansen
97ef545dc3 revert interface version to v2 2006-08-04 21:30:34 +00:00
John Johansen
5c2fe819d8 fix prologue.inc previous patch was broken in porting so that profiles could not be generated 2006-08-04 21:27:38 +00:00
Tony Jones
5b0e1a3dd5 Initial checkin of kernel module. 
Makefile will invoke Kbuild for external (out of tree) builds.
 2006-08-04 19:07:32 +00:00
Seth Arnold
dfa966cbdc r3528@dhcp-81: root | 2006-08-02 16:39:14 -0700 
fix 0-0 typo
 2006-08-04 18:14:15 +00:00
Seth Arnold
087c48b35e r3527@dhcp-81: root | 2006-08-02 15:33:07 -0700 
Fix up the m, U, and P stuff, and other misc fixes
 2006-08-04 18:13:59 +00:00
John Johansen
c13b341fef add parser test files that I failed to add when the parser m and P patches where committed 2006-08-04 17:24:51 +00:00
John Johansen
c611d4cbf0 increase interface version for loading policy, due to the m and unsafe exec flags breaking compatabity with v2 policy 2006-08-04 17:22:19 +00:00
John Johansen
5a84323302 update boot prereq for suse 2006-08-04 17:20:46 +00:00
John Johansen
b96bd2cd3b update parser to use HAS_X macros 2006-08-04 17:20:16 +00:00
John Johansen
7f1df42d3e update regresssion test prologue.inc for m flag 2006-08-04 17:19:41 +00:00
John Johansen
2e0cfb276d add longpath test 2006-08-04 17:18:41 +00:00
John Johansen
d70afadf6e change init script to use skipped_msg 2006-08-04 17:16:47 +00:00
John Johansen
313c2a35ec This patch adds m support to the regression tests 2006-08-04 17:15:41 +00:00
John Johansen
3cb147e25c [https://bugzilla.novell.com/show_bug.cgi?id=172061] 
This (updated) patch to trunk adds support for Px and Ux (toggle
bprm_secure on exec) in the parser, As requested, lowercase p and u
corresponds to an unfiltered environmnet on exec, uppercase will filter
the environment.  It applies after the 'm' patch.

As a side effect, I tried to reduce the use of hardcoded characters in
the debugging statements -- there are still a few warnings that have
hard coded letters in them; not sure I can fix them all.

This version issues a warning for every unsafe ux and issues a single
warning for the first 'R', 'W', 'X', 'L', and 'I' it encounters,
except when the "-q" or "--quiet" flag , "--remove" profile flag, or
"-N" report names flags are passed.  Unfortunately, it made the logic
somewhat more convoluted.  Wordsmithing improvements welcome.
 2006-08-04 17:14:49 +00:00
John Johansen
cafbfe7cd3 [https://bugzilla.novell.com/show_bug.cgi?id=175388] 
This (updated) patch to trunk adds the m flag to the parser language. The
m flag explicitly does -not- conflict with px, ux, or ix.

It does not add exec mmap as implicit to inherited execs, as it was
asserted that the module should do this.

I have not fixed up the testcases to match.
 2006-08-04 17:14:06 +00:00
Dominic Reynolds
97593fb21b Changes to support new language features - exec modifiers Ux|Px and m 
bit for mmap PROT_EXEC.
 2006-08-04 16:38:22 +00:00
Dominic Reynolds
95ea812d91 Changes to support new language features - exec modifiers Ux|Px and m 
bit for mmap PROT_EXEC.
 2006-08-04 16:37:57 +00:00
John Johansen
4597d52ad3 test 2006-07-31 20:49:33 +00:00
John Johansen
2d820fb581 test 2006-07-31 20:45:34 +00:00