mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 01:11:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1087 commits 23 branches 109 tags 32 MiB
Commit graph

1087 commits

This branch
This branch
All branches
Author SHA1 Message Date
John Johansen
a2de30e4ce Add missing patches 2007-11-13 16:57:45 +00:00
John Johansen
67f130c66c Move deprecated code into the deprecated branch 2007-11-13 08:33:09 +00:00
Dominic Reynolds
472a1d333a Added handling to correctly check the result of the profile development 
run and reset the profile mode to enforce when the profile development
run exits without an error.
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328045
 2007-11-06 18:08:24 +00:00
Dominic Reynolds
c074a19f24 Ignore complain flags when up|down loading profiles to|from the 
repository. This makes the repository agnostic to profile mode
(complain/enforce) - users must manage this locally via
aa-complain/aa-enforce.
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328033
 2007-11-06 18:06:18 +00:00
Dominic Reynolds
63a7fa4aed Modified code to check the repository for new profile when: 
- processing an unknown hat/execute rejection if its not already in the profile
   - at the start of processing all the remain events for the profile
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328707
 2007-11-06 16:46:57 +00:00
Dominic Reynolds
57f1e839b7 Updated regex used to detect syslog messages (from bug reported against 
Ubuntu gutsy)
 2007-11-06 16:37:52 +00:00
Steve Beattie
cfef502c54 Basic change_profile testcases, basic network rules testcases, testcases 
around carat symbols and commas in file rules, and basic permission
modes first testcases from jjohansen@suse.de.

Acked-By: Steve Beattie <steve@nxnw.org>
 2007-10-01 06:34:27 +00:00
Steve Beattie
815c103488 lock mode bit tests from jjohansen@suse.de 
Also, make 'check' toplevel target be an alias for 'tests'

Acked-By: Steve Beattie <steve@nxnw.org>
 2007-10-01 06:12:26 +00:00
Steve Beattie
4e0679ecc6 Append testcases from jjohansen@suse.de. 
Acked-By: Steve Beattie <steve@nxnw.org>
 2007-10-01 06:04:18 +00:00
David J Drewelow
6eedd28dc2 Fix for bug #329476. The mode validation regexp has been updated to 
support additional values.
 2007-09-28 16:51:56 +00:00
Dominic Reynolds
de278ffef8 Don't try to read inactive profile directory if it doesn't exist. Fix 
based on feedback from mathiaz@ubuntu.com and from bug report:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/141128.
 2007-09-28 15:39:42 +00:00
Steve Beattie
de9a6dea63 Stop emitting anything from non-apparmor messages to stdout, and parse 
the messages enough to report the audit type in the operation field, the audit
message id|timestamp, and the rest of the message in the info field.
 2007-09-20 08:25:43 +00:00
Steve Beattie
ee5f978570 the lexer allocates strings for everything it identifies, therefore it's 
safe for the grammer to just use the strings where they don't need to be
modified, reducing the number of strdup()/free() pairs that need to be
invoked.
 2007-09-19 21:49:23 +00:00
Steve Beattie
403b124bf1 Add support for old-style link rejections. 
Add testcase for new-style link rejection for comparison.
 2007-09-19 21:06:08 +00:00
Steve Beattie
95949a069a Add support for old-style syscall rejections. 2007-09-19 20:44:19 +00:00
Steve Beattie
34040a4d83 Clean up the grammar file somewhat; more work needed. 2007-09-19 20:30:26 +00:00
John Johansen
bb2eb071c3 Fix bug in change_hat that would cause a confined process to become 
unconfined if, the process was confined in a hat and the process
attempted to change_hat to a new hat and that attempt failed because
the hat was not defined in policy.
 2007-09-19 19:48:31 +00:00
Steve Beattie
8e909ad869 Add support for old-style AUDIT messages. 2007-09-18 17:47:11 +00:00
Steve Beattie
b9342d0963 logparsing library: fix up interpreting the protocol to handle both 
digits and strings returned (though it's entirely possible the kernel
will only ever return the protocol number).

Things should probably be fixed up to convert back to the name of the
protocol.
 2007-09-18 02:01:42 +00:00
Steve Beattie
4d505d643e Add correctly generated testcase for parent=pid_t from Kenny Graunke 
<kgraunke@novell.com>, as well as fixing the code to properly parse
messages containing them.

Alas, this resulted in a change in the returned structure.
 2007-09-17 22:38:22 +00:00
Steve Beattie
7489640b82 Fix the logparsing library to parse correctly the task field passed back 
by apparmor; the new syntax passes back the task as unquoted digits,
whereas the logparser expected a quoted string.
 2007-09-17 21:54:49 +00:00
Steve Beattie
c075a9db45 Add testcase for "task=NNNN" apparmor hint message. 2007-09-17 21:24:35 +00:00
Steve Beattie
cf76182f2c Add a testcase for network protocols that the log parsing library can't 
parse.
 2007-09-17 21:20:24 +00:00
Steve Beattie
9ad53af32b Add testcase for old-style mandatory missing profile exec rejection. 2007-09-17 20:55:05 +00:00
Steve Beattie
cd498230c7 Fix aa logparsing library to parse messages where the strings in the 
name, name2, or profile fields have been safely (hex) encoded.
 2007-09-17 05:22:40 +00:00
Dominic Reynolds
27c13607be Change the default repository to 
http://apparmor.opensuse.org/backend/api - the host for the production
repository.
 2007-09-17 02:28:26 +00:00
Dominic Reynolds
44a6fbadff Modify the cupsd profile to use ix transtions (rather than Px) for 
backend plugins.
 2007-09-17 02:00:47 +00:00
Dominic Reynolds
4ffd798b57 Update to log parsing to correctly unpack the hex encoded values passed 
from the module: name, name2, and profile. (fix from jmichael@suse.de)
 2007-09-17 01:58:36 +00:00
Dominic Reynolds
0cd4b39f4c Remove the confirmation prompt for confirm_and_finish - this was a 
duplicate prompt after the repository changes to save_profiles.
 2007-09-17 01:56:14 +00:00
Dominic Reynolds
61d499c108 Add support for network toggles, append, and locking to the YaST2 
EditProfile wizard.
 2007-09-17 01:55:11 +00:00
Steve Beattie
2640f42273 Add a basic inode_permission testcase. 2007-09-15 06:02:13 +00:00
Steve Beattie
ee5391c6a4 Remove the magic token from the aa_change_profile() interface, as 
change_profile transitions ought to be uni-directional. If you want
bi-directional transitions, use aa_change_hat() instead.
 2007-09-15 05:41:44 +00:00
Steve Beattie
95625c6a39 Bump release version (+date) in specfile, and bump library minor 
version.
 2007-09-15 03:46:56 +00:00
Steve Beattie
793afcd06c Add support for an old style message hint "changing_profile" which 
indicates that the pid referenced is being placed in the null-complain
profile.
 2007-09-14 21:38:46 +00:00
David J Drewelow
935e7eb32f Fixes (#310454) to support new audit log format and new libapparmor1. 2007-09-14 21:23:08 +00:00
David J Drewelow
d46ba6ba79 Fixes (#310454) to support new audit log format and new libapparmor1. 2007-09-14 21:22:26 +00:00
Steve Beattie
fa6dce4c65 This patch fixes up the support for parsing old style messages generated 
on systems where auditd has not been compiled with --with-apparmor (i.e.
events are reported with an unknown type).
 2007-09-14 14:36:01 +00:00
Steve Beattie
6700630539 This patch fixes the parsing of old-style apparmor log messages that 
occur within a hat that's name does not begin with a '/'. New style
message parsing was not affected by this bug.
 2007-09-14 14:33:05 +00:00
Steve Beattie
2228421afd Stop printing "Error: syntax error" to stdout when the library has a 
problem parsing the log message.
 2007-09-14 14:29:07 +00:00
Steve Beattie
7f9a058d9c This patch adds support for parsing apparmor messages that come through 
syslog, along with testcases. This should work for both old and new
style log messages, as well as with dmesg timestamps enabled in the
kernel ("echo 1 > /sys/module/printk/parameters/printk_time").

This patch applies on top of the previous patch sent to support the
type=15xx messages.
 2007-09-14 14:26:21 +00:00
Steve Beattie
a6a88a4dd7 This patch adds support to the logparsing library for the type=15xx 
flags when events come through the audit subsystem. It also fixes the
case where the audit daemon has not been configured with apparmor
support and the events are reported as type=UNKNOWN[15xx].

It also fixes the testsuite dependencies so that they will get relinked
when the library changes.
 2007-09-14 14:00:48 +00:00
Steve Beattie
16758ebdaa Bump to version 1.2 to match autobuild version. 2007-09-13 16:50:57 +00:00
Steve Beattie
3df28e13db Bump version in the configure.in file to match version in the specfile. 2007-09-13 16:15:06 +00:00
Dominic Reynolds
3b9e750206 Roll back reporting refactor changes for now. These will be readded to 
trunk post 2.1.
 2007-09-10 21:02:43 +00:00
Dominic Reynolds
b4b19bd9b4 Compile and include the AppArmorDialogs module in yast2-apparmor 2007-09-10 20:25:26 +00:00
Dominic Reynolds
33521849c7 Part of the user feedback for repository connections (r957) - missed 
this file on initial checkin.
 2007-09-10 19:50:15 +00:00
Dominic Reynolds
7faf960612 Update the logfile parsing in the tools to support syslog (in addition 
to LAF) as a source of AppArmor module messages.
 2007-09-10 19:44:07 +00:00
Dominic Reynolds
ddba73d87c Very basic user feedback when connections are made to a remote 
repository. For genprof/logprof just report "Connecting to the
repository". For yast display a dialog.
 2007-09-10 19:42:18 +00:00
Dominic Reynolds
b451a537c4 Update the eventd schema to support the mode_deny mode_req types 
reported by the latest apparmor module in its rejection/permitting
messages.
 2007-09-10 19:41:03 +00:00
Dominic Reynolds
b80d1a3efe Remove the auto-install hooks for apparmor-docs in the YaST2 apparmor 
wizards.
 2007-09-10 19:39:38 +00:00