This patch:
- allows the unsupported rules to be stored when parsing profiles
- writes all the unsupported rules back to profile
Acked-by: Christian Boltz <apparmor@cboltz.de>
YaST still uses AppArmor.pm, and now errors out when starting the
profile editor because it doesn't know about signal, unix, ptrace and
dbus rules.
This patch adds basic support for those rules to AppArmor.pm by adding
them to the "ignore those rules" regex.
Note: Rules covered by this regex are lost when writing the profile
therefore the patch adds a comment to at least make this a "known bug".
References:https://bugzilla.novell.com/show_bug.cgi?id=900013
Acked-by: Steve Beattie <steve@nxnw.org>
Subject: perl-apparmor: Properly handle bare 'file' keyword
References: bnc#889652
The bare file keyword is a shortcut for /{**,}. There are also implied
permissions that go with it.
This patch accepts the file keyword as well as allowing for missing mode
specifiers.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Steve Beattie <steve@nxnw.org>
Subject: perl-apparmor: Handle bare 'capability' keyword
References: bnc#889651
Specifying 'capability' implies all capabilities, but the perl code didn't
recognize it.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Steve Beattie <steve@nxnw.org>
Subject: perl-apparmor: Fix bare 'network' keyword handling
References: bnc#889650
The 'network' bare keyword was being printed as "audit network all" due to
two different bugs:
1) {audit}{all} was always being set to 1, regardless of whether the audit
keyword was used
2) {rule} eq 'all' is the wrong test - it should be {rule}{all}
With these fixed, 'network' is properly handled.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Steve Beattie <steve@nxnw.org>
profile editor. They've been under the deprecated tree since Feb 2010,
and were placed there because they were already problematic to support.
No one has taken the mantle to resurrect support after 4 years, so
remove them from the tree entirely. (They will live on in the history,
if anyone does decide to resurrect them.)
perl utilities to the deprecated to directory; a couple of perl
utilities remain, but they are still useful and do not depend on the
Immunix module (just the LibAppArmor perl module).
portion of apparmor has gone upstream. These patches had already been
dropped from the 2.5.x tree.
The compatibility kernel patches are still provided.
