mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-07 01:41:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1375 commits 23 branches 109 tags 32 MiB
Commit graph

120 commits

Author SHA1 Message Date
Kees Cook
190329745d handle new null profile logs, handle new include directories. from ubuntu branch 2009-11-11 11:37:30 -08:00
Steve Beattie
b02e3ff0cd Fix up a couple of grotty bits around the debugging code. 2009-03-19 17:36:40 +00:00
Steve Beattie
be5ddfa59b utils/SubDomain.pm: 
- Update matching regex for reordered kernel audit messages (when they
  come through syslog). Ideally, rather than use a regex, the utils would
  just use the log parsing library to determine whether it's a log even
  of interest.
- fix debugging code write a logfile in /var/log/apparmor and not a
  predictable location in /tmp; File::Temp would be the right solution
  except that the log file is created in a BEGIN clause, and
  File::Temp.new() ends up returning an unopened filehandle in that
  situation, so logging fails. Someone with more perl-fu may know how to
  fix that.
 2009-03-19 15:32:02 +00:00
John Johansen
1def78f1c4 Add missing gettext for "Repository" prompt 2009-02-06 11:09:54 +00:00
John Johansen
9bf970a4c1 Fix the utils to use the unconfined instead of unconstrained, as the kernel no 
longer supports the word unconstrained.
 2008-11-21 13:03:52 +00:00
John Johansen
e9e58b9887 Fix bnc#447566, where enforce, complain, and audit tools fail to work 
for profiles that use the profile keyword before the profile name.
 2008-11-21 13:03:00 +00:00
John Johansen
7fdf8d9925 Fix bnc#430358 where the utils make an invalid profile, by outputting 
other rules with no permissions.

Since other rules are not currently supported, remove them.
 2008-11-21 12:58:48 +00:00
John Johansen
4c3df3ae53 fix bnc#407491, where a solatary / is not properly handled by the utils 
The / is stripped and permission is prompted for a "" path.
 2008-11-21 12:57:08 +00:00
John Johansen
39343c8675 Fix fork track (bnc#447564) 
Fork tracking is broken by the kernel message for clone no longer supplying
the child pid correctly.  Instead the parent pid will be output with each
message and the tools will fake a fork when they detect a previously
unknow parent child relationship.
 2008-11-21 12:55:00 +00:00
Steve Beattie
288aed8886 Fix uninitialized variable warning if /etc/apparmor/repository.conf does 
not exist.
 2008-11-04 20:37:57 +00:00
John Johansen
f2dec0e337 fix for bnc408846, where network rules are repeatedly prompted for even when 
a matching rule is in the profile.
 2008-09-10 08:38:44 +00:00
John Johansen
4fb77c6f5d fix 3 bugs currently convered by bnc408877 
- flags being dropped from hats
- rules can be poorly split on writing the profile
- identical rules with different permissions are not properly combined, so
  that only permissions of the last rule are kept
 2008-09-10 08:36:59 +00:00
John Johansen
9e8c5e9914 Fix two bugs 
- rpc was failing when passing arrays because the perl is_utf8 string flag
  was set even though its only sending numbers but newer HTTP::Message
  checks for this is_utf8 and if it finds it aborts.
- fix local profiles
  local profiles were failing because
  1.) the parameters to serialize_profile were bad
  2.) the file location was not getting updated so they would get written
      back to the inactive profiles directory
 2008-06-03 21:54:55 +00:00
John Johansen
cb9f84a61e fix repository profile saving, where the name for profiles from the repository got lost on saving 2008-06-03 10:38:19 +00:00
John Johansen
838d22220a bleah finally get the config setting for default owner right 2008-06-02 09:02:09 +00:00
John Johansen
9a1f1a5689 fix not defined owner_toggle to default_owner_prompt as it should be 2008-06-01 04:59:08 +00:00
John Johansen
ddf2704a42 default owner_toggle to off it is not in the config file 2008-05-19 22:43:24 +00:00
John Johansen
cbdea9c7c2 Add new exec modes and many bug fixes 2008-04-24 16:05:33 +00:00
John Johansen
d85344df63 add support for user rules 2008-04-18 21:16:15 +00:00
John Johansen
3db6bd6c54 more audit support. file rules this time 2008-04-18 21:10:25 +00:00
John Johansen
fe5a2b35ee remap includes to do {}{} link the profiles use {profile}{profile} 2008-04-18 21:09:53 +00:00
John Johansen
e06d1bf84b add support for audit keyword 2008-04-18 21:09:05 +00:00
John Johansen
ad996cec9c add support for set capability 2008-04-18 21:08:34 +00:00
John Johansen
94c795aa52 Hrmm. Actually add support for deny rules 2008-04-18 21:08:05 +00:00
John Johansen
ac273b33f8 Add support for deny rules 2008-04-18 21:07:37 +00:00
John Johansen
9b7912c39f add an extra hash level to distiguish between allow and deny - only use allow 2008-04-18 21:07:16 +00:00
John Johansen
36e0d38fc4 rename global vartable to the filetable 2008-04-18 21:06:24 +00:00
John Johansen
8d715ce9d6 make it so just reading an embedded hat doesn't cause the profile to be rewritten 2008-04-18 21:04:54 +00:00
John Johansen
6e87b3f004 add enough support for cx modes that parsing can succeed 2008-04-18 21:04:16 +00:00
John Johansen
bc652326a7 refactor to pass the profile down, as a step to making routines more generic and independant 2008-04-18 21:03:28 +00:00
John Johansen
1c8b9a51e4 make modes be stored as a bit set and use bit operations 2008-04-18 21:02:47 +00:00
John Johansen
83a35b57c2 give paths a sub hash to store mode into 2008-04-18 21:02:07 +00:00
John Johansen
e43a4769be retain the filename the profile was loaded from and use that when writting it back out 2008-04-18 21:01:10 +00:00
John Johansen
f213706f17 support retaining variables in the head of the file 2008-04-18 21:00:35 +00:00
John Johansen
5a088a1a47 change order that rules are output in 2008-04-18 20:59:42 +00:00
John Johansen
0cbaee9902 support parsing retaining of subset on link rules 2008-04-18 20:59:00 +00:00
John Johansen
a67cfbbb30 keep variables 2008-04-18 20:58:07 +00:00
John Johansen
2a0dc5aae9 keep change_hat rules 2008-04-18 20:57:51 +00:00
John Johansen
d07689e2a7 support and keep profiles using the profile keyword 2008-04-18 20:57:33 +00:00
John Johansen
5d1d6d31c3 keep set capability rules 2008-04-18 20:57:01 +00:00
John Johansen
03728a0155 keep rlimit rules 2008-04-18 20:56:41 +00:00
John Johansen
715952ce0d keep alias rules 2008-04-18 20:56:26 +00:00
John Johansen
de95e8b6ef keep change_profile rules 2008-04-18 20:56:08 +00:00
John Johansen
cda1e94f8a basic patch to link rules 2008-04-18 20:55:43 +00:00
John Johansen
7ec531f4e8 try to make some general writer routines 2008-04-18 20:55:11 +00:00
John Johansen
e48fccb6d0 simple patch to map u::g modes into old style 2008-04-18 20:50:18 +00:00
John Johansen
e25c4dad06 fix bug where task was getting dropped 2008-04-18 20:49:48 +00:00
John Johansen
89b9ef516a don't change locale if yast has already set them 2008-04-18 20:49:00 +00:00
John Johansen
9961c4b895 skip vim swp files in the profile dir. bnc#205105 2008-04-10 08:40:52 +00:00
John Johansen
e59f8bfd29 fix bnc@304205. Stop redefining LC_MESSAGES when it yast has alread 
defined it.
 2008-04-10 08:25:23 +00:00