mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 01:11:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1003 commits 23 branches 109 tags 32 MiB
Commit graph

65 commits

Author SHA1 Message Date
John Johansen
dfe2b6d3db reverse commit 1104 removing optional use of xml-rpc. May reintroduce later 2008-02-26 11:58:40 +00:00
John Johansen
7140ac64a3 Make rpc-xml optional (only needed if repository is used) 2008-02-19 18:50:36 +00:00
Dominic Reynolds
c074a19f24 Ignore complain flags when up|down loading profiles to|from the 
repository. This makes the repository agnostic to profile mode
(complain/enforce) - users must manage this locally via
aa-complain/aa-enforce.
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328033
 2007-11-06 18:06:18 +00:00
Dominic Reynolds
63a7fa4aed Modified code to check the repository for new profile when: 
- processing an unknown hat/execute rejection if its not already in the profile
   - at the start of processing all the remain events for the profile
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328707
 2007-11-06 16:46:57 +00:00
Dominic Reynolds
57f1e839b7 Updated regex used to detect syslog messages (from bug reported against 
Ubuntu gutsy)
 2007-11-06 16:37:52 +00:00
David J Drewelow
6eedd28dc2 Fix for bug #329476. The mode validation regexp has been updated to 
support additional values.
 2007-09-28 16:51:56 +00:00
Dominic Reynolds
de278ffef8 Don't try to read inactive profile directory if it doesn't exist. Fix 
based on feedback from mathiaz@ubuntu.com and from bug report:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/141128.
 2007-09-28 15:39:42 +00:00
Dominic Reynolds
4ffd798b57 Update to log parsing to correctly unpack the hex encoded values passed 
from the module: name, name2, and profile. (fix from jmichael@suse.de)
 2007-09-17 01:58:36 +00:00
Dominic Reynolds
0cd4b39f4c Remove the confirmation prompt for confirm_and_finish - this was a 
duplicate prompt after the repository changes to save_profiles.
 2007-09-17 01:56:14 +00:00
Dominic Reynolds
61d499c108 Add support for network toggles, append, and locking to the YaST2 
EditProfile wizard.
 2007-09-17 01:55:11 +00:00
Dominic Reynolds
7faf960612 Update the logfile parsing in the tools to support syslog (in addition 
to LAF) as a source of AppArmor module messages.
 2007-09-10 19:44:07 +00:00
Dominic Reynolds
ddba73d87c Very basic user feedback when connections are made to a remote 
repository. For genprof/logprof just report "Connecting to the
repository". For yast display a dialog.
 2007-09-10 19:42:18 +00:00
Dominic Reynolds
87cde25a44 Minor changes to ensure that removal of the repository section in 
logprof.conf disables repository integration.
 2007-08-17 21:05:28 +00:00
Dominic Reynolds
9c0820d5ed Fixes for "mandatory profile not found" profiling bug, empty configs in 
logprof.conf generating undefined value errors, repository code
prompting user even if no configuration is present that specifies a
default repository.
 2007-08-16 21:51:08 +00:00
Dominic Reynolds
1c56662fe7 Added support for capablities and network toggles in #includes. 2007-08-15 16:17:50 +00:00
Steve Beattie
4c1effc3a2 Make the location of logger configurable via /etc/apparmor/logprof.conf 2007-08-14 22:07:40 +00:00
Steve Beattie
6123467433 skip files suffixed with .dpkg-old, based on a patch from Mathias Gug 
<mathiaz@ubuntu.com> [Message-ID: <20070813201254.GD11381@mathias.mathiaz.net>]
Added comments to both file-skipping locations referencing the other
location that needs to be modified.

(The ideal solution would be for this information to be stored in one
commonly referenced location, configurable by distributors and
administratrors.)
 2007-08-14 19:19:59 +00:00
Dominic Reynolds
bc8b8d742a Fix bug in saving of local profiles in the yast UI. Front end wasn't 
returning the selected list correctly and the backend wasn't processing
the returned list correctly.
 2007-07-30 01:56:21 +00:00
Dominic Reynolds
ecf9f5b5bf Fix bug in changehat handling code where profiles read in from were set 
as changed even though they may not be active profiles.
 2007-07-30 01:54:25 +00:00
Dominic Reynolds
95769acf38 Patch from jmichael@suse.de to factor out validate_mode into 
validate_log_mode() and validate_profile_mode()
 2007-07-30 01:53:25 +00:00
Dominic Reynolds
82b86abc58 Fix bug where events from the log were dropped for profiles in the 
null-complain-profile.
 2007-07-29 02:30:39 +00:00
Dominic Reynolds
371860fb03 Handle "mandatory profile missing" messages and autodep a new profile if 
P|px is chosen.
 2007-07-29 02:25:25 +00:00
Dominic Reynolds
b210319daa Fixes for regex handling in the tools to match the newer directory 
handling syntax.
 2007-07-29 02:23:31 +00:00
Dominic Reynolds
1a8ae64cfb Add handling for lock and append in logs and profiles. 2007-07-29 02:20:24 +00:00
Dominic Reynolds
3f2ed86bef Don't process events for profiles that no longer exist. 2007-07-29 02:18:29 +00:00
Dominic Reynolds
6f5bc70ae1 Updated usage of SubDomain::readprofile() (which changed in r620) in 
yast apparmor profile agent and syntax checking function in subdomain.pm
 2007-07-29 02:17:17 +00:00
Dominic Reynolds
0bd08b78c8 Strip trailing comments from individual rule lines in the profiles when 
they are parsed.
 2007-07-29 02:06:41 +00:00
Dominic Reynolds
d3d92196f9 Add support to the tools for basic network access mediation - by 
family/socket type.
 2007-07-29 02:06:00 +00:00
Dominic Reynolds
62eb92567d Add handling for clone operation from audit logs - which caused the 
tracking of process forking to not work correctly in the tools.
 2007-07-29 02:05:06 +00:00
Dominic Reynolds
74b0f0b5ad Read and write new change hat profile syntax 
Read in the new audit message format used by the module
Updated the tools to handle the newer directory mediation in apparmor
 2007-07-16 13:19:02 +00:00
Dominic Reynolds
c8c8ca442c Repository fixes for tools. 
- Ask Me Later option for enabling the repository not working  
 - Cleanup the syncronization code with the repository - ensure that 
   mofications are presented correctly as adds/changes to the users profile
   set
 - Correct bug in marking profiles as NEVERSUBMIT  
 - Fix bug in serlializing profiles with hats (was adding the globals
   #include above each hat - ick)
 - Added dialog and config handling code to enable user to choose the mode of
   usage of the profile repository: download only or upload new/changed
   profiles - so that they user isn't repeatedly prompted to sign in to the
   repository
 - Set default configuration for the repository to apparmor.test.opensuse.org
 2007-07-13 17:53:12 +00:00
Dominic Reynolds
e0e441ac72 - Minor formatting 
- use ENV{PAGER}
- chmod use changes to prevent races writing config files
- add preferred user (NOVELL) as config option in logprof.conf and sort
  profiles from repo so that preferred user is the default and first in
  the list
 2007-05-22 20:49:51 +00:00
Dominic Reynolds
8934b04b11 Correct localization problems identified in code review. 2007-04-26 16:31:08 +00:00
Dominic Reynolds
9161f2f09d Formatting/indentation corrections. 2007-04-26 14:42:56 +00:00
Dominic Reynolds
58820fc7e2 Fixed some indentation/formatting problems from the previous checkins. 2007-04-26 03:00:22 +00:00
Dominic Reynolds
08a4da1016 Add support to make the profiles in /etc/apparmor/profiles/extras 
usable directly from genprof/logprof when new profiles are needed.
 2007-04-26 02:59:17 +00:00
Dominic Reynolds
b002b50ba6 Changes to support marking profiles as local only and subsequently 
don't prompt the user to upload changes to the repository.
 2007-04-26 02:58:10 +00:00
Dominic Reynolds
3d16e4e6d6 Add support in YaST UI wizards for the AppArmor profile repository. 2007-04-26 02:56:54 +00:00
Dominic Reynolds
73c22acbdf Make repo user creation explicit choice in console UI during 
logprof/genprof run.
 2007-04-26 02:55:58 +00:00
Dominic Reynolds
54645b9e6b Remove debug statement and wrap call to do_logprof_pass in eval block 
for ag_genprof for error handling
 2007-04-26 02:54:11 +00:00
Dominic Reynolds
d27ff99e31 Changes to add support for the AppArmor profile repository to the 
console UI tools. (jmichael)
 2007-04-26 02:48:24 +00:00
Dominic Reynolds
4419185c4d Cleanup for the profile tools UI. 2007-04-26 02:46:23 +00:00
Dominic Reynolds
7fb70b4b22 Refactor/cleanup reading/writing and handling of configuration options 
in logprof.conf (jmichael)
 2007-04-25 21:06:52 +00:00
Dominic Reynolds
7114db645f refactor autodep to make it easier to add remote repository support 
(jmichael)
 2007-04-25 21:05:07 +00:00
Dominic Reynolds
43aa5f00f0 Reworks the profile loading code to be able to parse profile from a 
string we might have gotten from the network instead of requiring to
read it from a file and clean up the error handling (jmichael)
 2007-04-25 21:04:28 +00:00
Dominic Reynolds
dc4e5485f1 fix a bug in Add Hat dialog related to CMD_ABORT/CMD_FINISHED handling 
(jmichael)
 2007-04-25 20:48:51 +00:00
Dominic Reynolds
94c9775dde Refactoring cleanup for CMD_ABORT/CMD_FINISHED handling (jmichael) 2007-04-25 20:47:13 +00:00
Jesse Michael
3d84f865c9 The version of perl included with Ubuntu's Feisty release is generating 
extra perl warnings about using an uninitialized value in a pattern
match when the user uses the arrow keys to move up and down in the option
list when asking how to handle path access rules.  This makes sure the
variables used in m// operations are always defined.
 2007-03-30 16:04:04 +00:00
Jesse Michael
33a58a858d keep logprof/genprof from spinning forever if the very last line in the 
logfile is "PERMITTING x access to ..."
 2007-03-29 16:39:28 +00:00
Steve Beattie
f5109ad203 This patch makes the utils tools consistent with the initscript as to 
which sets of files they ignore (rpm backups, dotfiles, and emacs
backups). It moves the tests into a common function so that
modifications only need to occur in one location.
 2007-03-23 18:52:22 +00:00