mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
5374 commits 23 branches 109 tags 32 MiB
Commit graph

5374 commits

This branch
This branch
All branches
Author SHA1 Message Date
Christian Boltz
5c1932d0d6 Merge branch 'master' into 'master' 
Update usr.sbin.winbindd profile to allow krb5 rcache files locking

See merge request apparmor/apparmor!460

Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.11..master
 2020-03-23 20:14:27 +00:00
allgdante
e92da079ca Generate CAPABILITIES in a script due to make 4.3 
This way we could generate the capabilities in a way that works with
every version of make.
Changes to list_capabilities are intended to exactly replicate the old
behavior.
 2020-03-23 15:09:15 +00:00
Samuel Cabrero
2c3001c7a1 Update usr.sbin.winbindd profile to allow krb5 rcache files locking 
Samba 4.12.0 together with krb5 1.18 needs file locking permissions in
the krb5 rache directory:

type=AVC msg=audit(1584708328.422:76): apparmor="DENIED" operation="file_lock"
  profile="winbindd" name="/var/cache/krb5rcache/krb5_20500.rcache2"
  pid=1461 comm="winbindd" requested_mask="k" denied_mask="k"
  fsuid=20500 ouid=20500

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2020-03-20 13:57:18 +01:00
John Johansen
02cfbc8b96 Sync library version with 2.13.4 release 
The library version must be consistent across releases. Since 2.13.4
and master use the same library version it needs to be updated.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2020-03-12 04:20:29 -07:00
Steve Beattie
7c5572964d
Translations: merge updates from launchpad 
Omnibus collection of translations updates through 2020/03/05

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-03-07 16:29:42 -08:00
Launchpad Translations on behalf of apparmor-dev
f6c4461a2c
Launchpad automatic translations update. 2020-03-07 16:10:25 -08:00
Launchpad Translations on behalf of apparmor-dev
58769a4765
Launchpad automatic translations update. 2020-03-07 16:10:18 -08:00
Steve Beattie
1af84c42f7
Translations: merge updates from launchpad 
Omnibus collection of translations updates through 2020/02/22

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-24 10:01:32 -08:00
Launchpad Translations on behalf of apparmor-dev
ba232c0e9c
Launchpad automatic translations update. 2020-02-24 09:59:44 -08:00
Launchpad Translations on behalf of apparmor-dev
33b48e727f
Launchpad automatic translations update. 2020-02-24 09:59:43 -08:00
Launchpad Translations on behalf of apparmor-dev
300e3488ee
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-24 09:59:37 -08:00
John Johansen
9bccf457d1 Merge usr.sbin.dnsmasq: add configuration files created by openresolv 
See https://roy.marples.name/projects/openresolv/configuration.html#dnsmasq .

PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/457
Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-20 16:55:15 +00:00
Christian Boltz
d9275d6f1d Merge branch 'run-fix' into 'master' 
Add trailing slash to the run variable definition

See merge request apparmor/apparmor!456

Acked-by: Christian Boltz <apparmor@cboltz.de>
 2020-02-20 11:14:55 +00:00
nl6720
8b92f50e2c usr.sbin.dnsmasq: add configuration files created by openresolv 
See https://roy.marples.name/projects/openresolv/configuration.html#dnsmasq .

Signed-off-by: nl6720 <nl6720@gmail.com>
 2020-02-20 11:42:16 +02:00
nl6720
ef591a67ce Add trailing slash to the run variable definition 
Signed-off-by: nl6720 <nl6720@gmail.com>
 2020-02-20 10:43:21 +02:00
John Johansen
2cb932441c Merge usr.sbin.smbd: add usershare directory 
See https://wiki.archlinux.org/index.php/Samba#Enable_Usershares .

AFAIK the `/var/lib/samba/usershares` directory is also used by Ubuntu.

PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/455
Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-20 08:18:37 +00:00
John Johansen
6b6146d7cc Merge Add "run" variable 
Split off from !212 . Add and use `@{run}`.

Also update a couple of profiles that don't use `@{PROC}`

PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/454
Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-20 08:15:58 +00:00
Steve Beattie
edb72fc4f7
Translations: merge updates from launchpad 
Omnibus collection of translations updates.

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:52:29 -08:00
Launchpad Translations on behalf of apparmor-dev
d87ce2e586
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:19 -08:00
Launchpad Translations on behalf of apparmor-dev
ad524d7a85
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:18 -08:00
Launchpad Translations on behalf of apparmor-dev
77dbb4e1a7
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:18 -08:00
Launchpad Translations on behalf of apparmor-dev
938d908462
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:17 -08:00
Launchpad Translations on behalf of apparmor-dev
4d758cc2ab
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:17 -08:00
Launchpad Translations on behalf of apparmor-dev
2aa6f56e4a
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:17 -08:00
Launchpad Translations on behalf of apparmor-dev
78a66a6676
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:16 -08:00
Launchpad Translations on behalf of apparmor-dev
fbf91cfde3
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:16 -08:00
Launchpad Translations on behalf of apparmor-dev
d0708bc782
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:15 -08:00
Launchpad Translations on behalf of apparmor-dev
7ecc948748
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:15 -08:00
Launchpad Translations on behalf of apparmor-dev
27fa9a2eaa
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:14 -08:00
Launchpad Translations on behalf of apparmor-dev
0adbd59dbf
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:14 -08:00
Launchpad Translations on behalf of apparmor-dev
47bae2b6e1
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:13 -08:00
Launchpad Translations on behalf of apparmor-dev
8b09271128
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:13 -08:00
Launchpad Translations on behalf of apparmor-dev
010e4fa5fe
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:12 -08:00
Launchpad Translations on behalf of apparmor-dev
9eb195d565
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:12 -08:00
Launchpad Translations on behalf of apparmor-dev
dc7c20ce6d
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:12 -08:00
Launchpad Translations on behalf of apparmor-dev
2b297c4606
Launchpad automatic translations update. 
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
 2020-02-17 19:21:07 -08:00
nl6720
c13cee8bbc usr.sbin.smbd: add usershare directory 
Signed-off-by: nl6720 <nl6720@gmail.com>
 2020-02-13 14:12:24 +02:00
nl6720
c9252827f4 Use "PROC" variable in profiles 
Signed-off-by: nl6720 <nl6720@gmail.com>
 2020-02-13 11:07:42 +02:00
nl6720
7a9a4824d4 Use "run" variable in profiles 
Signed-off-by: nl6720 <nl6720@gmail.com>
 2020-02-13 11:02:49 +02:00
nl6720
452b5b8735 Add "run" variable 
Signed-off-by: nl6720 <nl6720@gmail.com>
 2020-02-13 13:45:45 +02:00
Christian Boltz
ee8dcde452
let logprof only propose abstractions without '# LOGPROF-SUGGEST: no' 
This implements one part of
https://gitlab.com/apparmor/apparmor/issues/15
 2020-02-11 21:33:49 +01:00
Christian Boltz
962f1e7a7b Merge branch 'cboltz-exoopen-local' into 'master' 
Add #include if exists <*.d> to new abstractions

See merge request apparmor/apparmor!453

Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2020-02-11 20:31:41 +00:00
Christian Boltz
aa8fa18552
Add #include if exists <*.d> to new abstractions 
This was missing, and catched by a previously enabled test.
 2020-02-08 17:14:38 +01:00
Christian Boltz
fbe8641026 Merge branch 'cboltz-nameservice-usretc' into 'master' 
adjust abstractions/base and nameservice for /usr/etc/ move

See merge request apparmor/apparmor!447

Acked-by: John Johansen <john.johansen@canonical.com> for 2.12..master
 2020-02-03 21:34:38 +00:00
John Johansen
d257afd309 Add xdg-open (and friends) abstraction 
Implement set of abstractions to handle opening uris via xdg-open and similar helpers used on different desktop environments.

Abstractions are intended to be included into child profile, together with bundle abstractions such as ubuntu-browsers, ubuntu-email and others, for fine-grained control on what confined application can actually open via xdg-open and similar helpers.

PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/404
Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-03 21:32:21 +00:00
Christian Boltz
65bb277d8b Merge branch 'cboltz-ci-check-includes' into 'master' 
run "make -C profiles check-abstractions.d" in ci

See merge request apparmor/apparmor!449

Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-03 21:30:22 +00:00
John Johansen
ffca515269 libapparmor_re: fix resource leaks detected by coverity.com 
Fixes two resource leaks. https://scan.coverity.com/projects/apparmor

I don't actually know how to link to the individual reports but the first one comes from an early return. The second comes from an iterator potentially being empty.

PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/439
Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-03 21:28:55 +00:00
Christian Boltz
f1fdf4db39 Merge branch 'cboltz-typo' into 'master' 
Fix apparmor_xattrs typo in apparmor.d manpage

See merge request apparmor/apparmor!452

Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-03 21:26:45 +00:00
Christian Boltz
cf15b241e7
adjust abstractions/base and nameservice for /usr/etc/ move 
References: http://bugzilla.opensuse.org/show_bug.cgi?id=1161756
 2020-02-03 22:23:15 +01:00
John Johansen
264777a409 Allow mysqld directory for MySQL PID file 
Some distros, like Debian, use mysqld instead of mysql as the run directory.

PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/450
Acked-by: John Johansen <john.johansen@canonical.com>
 2020-02-03 21:18:44 +00:00