mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1274 commits 23 branches 109 tags 32 MiB
Commit graph

31 commits

Author SHA1 Message Date
Steve Beattie
b8cde97ab7 Bah, the whole using linux/socket.h get AF_* tokens versus sys/socket.h 
thing again. Fix to use the kernel's definition of AF_MAX in
linux/socket.h if it's larger than glibc's AF_MAX definition in
sys/socket.h and add a wrapper function so that we don't have include
af_names.h everywhere.

Also, fix memory leaks around the handling of network entries of
policies.
 2009-07-24 17:24:41 +00:00
Steve Beattie
f9c5756b4d * fix a few more memory leaks 
* undocumented symbol table dumping short options weren't actually
   accepted by the parser.
 2009-07-24 13:24:53 +00:00
John Johansen
af902dddf1 during policy load, return errors instead of exiting 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:19 +00:00
John Johansen
627c044e4d add parser subsystem reset functions 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:11 +00:00
John Johansen
0137b992b4 move -D_GNU_SOURCE to Makefile for parser_lex.l to gain it 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:39 +00:00
John Johansen
3850ede5cf Fix aliases so that aliases are applied to the profile name as well as 
the entries

Add rewrite as an alternative alias keyword
 2009-06-10 20:26:31 +00:00
John Johansen
ac88f71c63 Allow the parser to load opensuse 11.0 style hats and newer 2.3 style hats 2008-09-10 08:42:49 +00:00
John Johansen
0c95606e03 let the parser add the change_hat rule 2008-06-08 09:32:12 +00:00
John Johansen
3b11aa9050 Remove hat rules. In large policies the number of hat rules becomes 
problematic, hat rules can be replaced with simple hat flag on a profile.
 2008-06-08 09:02:27 +00:00
John Johansen
be495f2125 fix 
- rc.apparmor.functions were not correctly removing profiles on replace and
  reload, also convert to using the module interface directly bypassing the
  parser.
- fix cx ->  named transitions
- fix apparmor_parser -N so that it emits hats as profiles under new kernel
  modules.  This is the correct behavior as hats are promoted to profiles.
 2008-06-04 07:24:38 +00:00
John Johansen
8c47189e19 update names output so that profile reload works correctly with hats and local profiles 2008-05-29 06:09:34 +00:00
John Johansen
ee03760c1d disable named transition conversion to cx. Needs to be reworked 2008-04-16 08:48:06 +00:00
John Johansen
11f925abba fix named transition, enable cx to imply transition to local profile, without having to specify name 2008-04-16 06:54:51 +00:00
John Johansen
015df061e3 Named transition - but disabled due to a bug 2008-04-16 04:45:02 +00:00
John Johansen
78590d1823 allow for simpe alias rules 2008-04-09 09:03:17 +00:00
John Johansen
34f2c96700 let a profile set a tasks caps, similar to fscaps 2008-04-06 18:55:27 +00:00
John Johansen
c460dcc52f update change_hats rules to generate rules for all hats 2008-04-06 18:52:47 +00:00
John Johansen
74152bbd9d Add the implicit change_hat rules for hats in the profile. 
Allow external hats by declaring them in the profile via
  ^hatname,

eg.
  /foo {
     ^local_hat {

     }

     ^external_hat,
  }

  /foo//external_hat {

  }
 2008-04-05 05:44:44 +00:00
John Johansen
ec08477129 fix type on typename in cast bug 2008-04-05 04:57:51 +00:00
John Johansen
40c3686041 remove old netdomain syntax 2007-11-16 09:34:01 +00:00
John Johansen
a4721bd02d add basic handling of profile namespaces 2007-11-16 09:18:48 +00:00
John Johansen
5655affcda flatten hats for individual profile load 2007-06-26 21:09:46 +00:00
John Johansen
cd79c1ac77 update copyright dates 2007-04-11 08:12:51 +00:00
Steve Beattie
b547067e8d This patch fixes the parser to do duplicate rule elimination after 
variable expansion occurs, not before.
 2007-03-30 18:34:37 +00:00
John Johansen
f3ba454d8c Add dfa support to the parser 2007-02-27 02:29:16 +00:00
John Johansen
20dbc4d8cb fix miss break #240986. Back out partial commit of dfa matcher support (that was mistakenly submitted) 2007-02-01 21:45:39 +00:00
John Johansen
d1f8df2fa5 dfa patches for the parser 2007-02-01 20:18:50 +00:00
Steve Beattie
f13d422be0 Fixup a type-mismatch that happened to not cause crashes purely by 
coincidence.
 2006-05-18 16:26:28 +00:00
Seth Arnold
eb6ca6797b A quick hack that will test if the running kernel supports PCRE or not, and bail out with a more informative error message if the policy being loaded requires additional kernel support 2006-04-18 17:15:05 +00:00
Steve Beattie
6b0de8f6bc Update keywords attribute, svn:ignore attribute, update Makefile to 
point to the new location of the common/ dir.
 2006-04-12 03:09:10 +00:00
Steve Beattie
6d3e74907d Import the rest of the core functionality of the internal apparmor 
development tree (trunk branch). From svn repo version 6381.
 2006-04-11 21:52:54 +00:00