Right now, if you have a named profile with regular expressions to
match binaries, the profile will be shown in aa-status under the
"process list", which doesn't make sense. Instead, show the actual
executable name, and if the profile name differs, report it at the
end (or as a separate field in the json output mode).
Signed-off-by: Kees Cook <keescook@chromium.org>
write_include() was the only user of write_single(), and write_single()
had some include-specific code. This patch gets rid of write_single().
write_include() gets a simplified version of the code instead of calling
write_single().
The tools don't support having multiple rules in one line (they expect
\n after each rule), therefore mark some of the bare_include_tests as
known failures.
console_select_and_upload_profiles() and set_profiles_local_only() both
use a local variable named 'profs'. Rename it to 'profiles'.
This is the first baby step for rewriting how aa.py stores the profiles
internally. I plan to use 'profs' as variable name instead of 'aa', and
this commit gets the result for "grep -r profs" down to 0.
This is needed by new versions of notify-send, as found on openSUSE
Tumbleweed. Without this, desktop notifications don't work anymore, and
notify-send starts to eat up CPU.
If DBUS_SESSION_BUS_ADDRESS is already set, it won't be changed.
For now we only allow quoted absolute paths without spaces in the name
due to:
- 1738877: include rules don't handle files with spaces in the name
- 1738879: include rules don't handle absolute paths without quotes in
some versions of parser
- 1738880: include rules don't handle relative paths in some versions of
the parser
- extend available_buttons() to display an "owner permissions on/off"
button if the rule supports it
- extend ask_the_questions() to handle these buttons
- add some tests to test-translations.py to avoid hotkey conflicts with
the newly added buttons
- move the code of set_options_audit_mode() to a new function
set_options_mode() and make set_options_audit_mode() a wrapper for it.
- add set_options_owner_mode() as another wrapper for set_options_mode()
and add code to switch the owner flag to set_options_mode()
- add tests for set_options_owner_mode()
This flag defines if the "Owner permissions on/off" button gets
displayed in aa-logprof.
False by default for all rule types (most of them don't support the
owner conditional). Also false for non-owner FileRule.
True only for FileRule if owner=True.
logparser.py failed to notice if file events are owner-only in modern
audit.log (using fsuid=... and ouid=...).
This patch adds a comparison of fsuid and ouid and marks file events
as 'owner' if they match.
Note that log events without fsuid=... or ouid=... will have
18446744073709551615 as fsuid / ouid value (that's 2^64 - 1).
'None' would clearly be better ;-)
References: https://bugs.launchpad.net/apparmor/+bug/1538340
handle_children(): automatically add m permissions on ix rules
See merge request apparmor/apparmor!22
Acked-by: John Johansen <john.johansen@canonical.com>
Exit rather than returning from shell snippets in Makefiles. It is
reported that returning causes the following error message with bash:
/bin/sh: line 4: return: can only `return' from a function or sourced script
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Christian Boltz <apparmor@cboltz.de>
The test-aa-easyprof.py script relies on the parser to be built so the
check target of the utils/test/Makefile should detect if the parser
exists before running any tests.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Christian Boltz <apparmor@cboltz.de>
Since some kernel versions, inherit (ix) needs mmap permissions. Instead
of annoying the user with an avoidable question after adding an ix rule,
always add m permissions.
Together with the already existing code, this means newly added inherit
rules will now have 'mrix' permissions.
autodep() calls read_inactive_profiles() each time it's called (= for
each binary). The result is a "Conflicting profile" error (showing the
same filename twice) if autodep() runs more than once. This can easily
happen when using "aa-autodep /usr/bin/*".
This patch adds an attribute to read_inactive_profiles() that lets the
function return without doing anything if was called before.
check_po.pl lists lots of false positives saying that
msgstr ""
does not have the (h)otkey translated.
This patch whitelists those untranslated strings.
I also tested (by manually "breaking" a translation) that missing
hotkeys still get noticed.
This bug probably exists since forever, therefore I propose this patch
for 2.9..trunk. (OTOH, nobody noticed it, so maybe trunk is enough ;-)
Note: I still get a few false positives for ru.po (no idea why, similar
texts in the other languages don't cause this) - ideas and fixes welcome.
After using "view changes", the selection got reset to the first changed
profile. This could mislead the user into saving the wrong profile.
This patch ensures the selection is kept.
I propose this patch for trunk and 2.11.
(2.11 will need different indentation again.)
I'm not sure if we should also apply this in 2.10 and 2.9 - they have
the same behaviour, but OTOH I'm not sure if changing behaviour (even if
it's an improvement) in those old releases is a good idea.
Opinions?
The last change in save_profiles() sorted() the order in which the
changed profiles get displayed. However, it did not honor the sorting
when displaying changes or saving the selected profile, leading to the
wrong profile displayed or saved.
This patch fixes picking the selected profile, and at the same time
replaces the duplicated code for doing this with a single instance.
I propose this patch for trunk and 2.11.
Note that the 2.11 branch needs a slightly different patch (different
indentation).
Also note that this regression made it into 2.11.1, so distributions
shipping 2.11.1 should add this patch.
We never did a release with the JSON code, and YaST (the only known user
of the JSON interface) will work with the added 'changes' dialog type
from r3721 without needing changes.
Also add a better comment/reason why a response for 'changes' is
expected, but gets ignored.
Reviewed-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The python setup tools script is set to rewrite the shbang line of
scripts installed in ${PREFIX}/bin/ if the PYTHON environment variable
is set. Unfortunately, this (a) only covers the aa-easyprof script
as the rest are installed in ${PREFIX}/sbin/, and (b) we've deprecated
python 2 support, and hardcoded python3 as the interpreter for all of
the python scripts in the utils/ directory.
The only use for this feature would be if for some reason the utils did
not work properly with the default python3 interpreter and a specific
version was needed to be set, but I don't think that warrants keeping
the extra bit of code complexity around (and indeed, the snippet that
does this is forcibly disabled in Debian/Ubuntu).
Therefore, drop the shbang rewriting entirely.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Provides the filename in the json format, which can be
directly read by Yast. Increased the protocol version; perhaps
it should go in the next release.
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
[cboltz] fix "unused variable" warning and add a comment about ignoring
the JSON response
Acked-by: Christian Boltz <apparmor@cboltz.de>
This is a preparation patch to use for JSON mode of conveying
diff filename. In this patch we move diff generation functions to UI.
In the process, I have cleaned up the code to reduce code and enable reuse.
Remove unused function get_profile_diff().
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
[cboltz] Also adjust aa-mergeprof to the new function name/location
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The crash was caused by the more strict ProfileStorage in bzr trunk
(older versions use hasher() which is more forgiving, but also very
"useful" to hide quite some bugs)
Acked-by: Christian Boltz <apparmor@cboltz.de>
YaST has two issues in the "save changed profiles" dialog:
- when using "save selected", the list of profiles doesn't get updated.
Update q.options inside the loop to fix this.
- the list of profiles is displayed as "["/usr/bin/foo", true]" instead
of just "/usr/bin/foo". Use changed.keys() instead of changed to fix
this. (text-mode aa-logprof doesn't change, it always displayed
"/usr/bin/foo" and continues to do so.)
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1062667 part a)
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11.
Note that 2.11 needs a slightly different patch (whitespace diff).
