mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1407 commits 23 branches 109 tags 32 MiB
Commit graph

1407 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jamie Strandboge
e843ad3457 cherrypick r1483 from trunk: 
allow mmap of font cache files in @{HOME}/.fontconfig/ for sun-java6
 2010-09-08 13:58:37 -05:00
Jamie Strandboge
9333e221bc update fonts abstraction to add '/var/lib/ghostscript/** r,' 2010-09-03 08:42:29 -05:00
Jamie Strandboge
523738348c merge from trunk: abstractions/ubuntu-browsers: add '/usr/bin/sensible-browser 
PUxr'
 2010-08-30 11:11:34 -05:00
Steve Beattie
8b79fb5fea Merge from trunk revs 1476, 1477, and 1478: cope with various elements 
that the upstream 2.6.36 kernel is missing.

All Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-26 11:24:41 -07:00
Steve Beattie
8878869a0c Modified version of trunk rev 1473: 
This teaches pam_apparmor about the current errno returned by the
kernel when the hat that was passed does not exist in the profile (but
other hats exist). (LP: #619521)

It differs to the fix in trunk in that, to be more conservative in
the change, it does not remove the EPERM case, even though it should
not be needed anymore.

Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Kees Cook <kees@ubuntu.com>
 2010-08-19 08:45:19 -07:00
Steve Beattie
5fe2fc0c3f Merge from trunk r1462: remove kde4-config from the kde abstraction 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-11 12:06:38 -07:00
Steve Beattie
25f5cc50b3 Merge from trunk r1466: add ca-certificates to ssl_certs abstraction 
(LP: #605835)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-11 12:02:36 -07:00
Steve Beattie
72141e5a6e Merge r1457 from trunk: 'owner' match in commit 1406 too strict for 
/tmp/ and /var/tmp/ (LP: #615177)

Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-10 09:12:34 -07:00
Steve Beattie
d323db562a Merge revs 1403, 1417, 1447 from trunk: 
* add dbus-session abstraction (and use Pix rather than Uix)
 * fix gnome abstraction for gdk pixbuf loaders (LP: #611248)

Nominated by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-08-05 10:44:08 -07:00
Steve Beattie
030d97e3f1 Merge from r1430: fix for LP: #599450 
Changes the table resizing so that there is always sufficient high
entries in the table, preventing bounds violations from occurring.

Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-07-24 16:16:14 +02:00
Steve Beattie
0eb5d7c050 Merge from r1429: combine the two separate table resize code segments 
into a single functionally equivalent segment.

Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-07-24 16:09:25 +02:00
Steve Beattie
1c1de08f11 Partial merge r1419: add the -p flag to support the output of 
flattened profiles.

Submitted-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-07-17 18:39:37 -07:00
Steve Beattie
6dad83c212 Merge r1387: Fix perl swig bindings so that libapparmor can be built 
when configured without perl.

Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Marc Deslauriers <marc.deslauriers@canonical.com>
 2010-07-13 16:38:39 -07:00
Steve Beattie
1ad455c6da Merge r1385: Fix memory leak during dfa minimization. 
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Marc Deslauriers <marc.deslauriers@canonical.com>
 2010-07-13 16:36:47 -07:00
Steve Beattie
b5c8c2bdaf Merge r1379: Fix leaking file descriptors on included files. 
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Marc Deslauriers <marc.deslauriers@canonical.com>
 2010-07-13 16:31:57 -07:00
Steve Beattie
ac1a585bbe Merge from trunk rev 1424: Move expression tree node labeling into expr 
node themselves to reduce memory usage and make node labeling per dfa
rather than global.

Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-07-12 15:53:51 -07:00
Steve Beattie
8187d02864 Merge in rev 1422 from trunk: Cleaning up the sets firstpos, lastpos, 
and followpos early reduces peak memory usage.

Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-07-12 15:28:26 -07:00
Steve Beattie
8525087270 Merge in r1413 and r1418: report correct filename/line number on errors 
in the parser.

r1413 Nominated-by: Kees Cook <kees@ubuntu.com>
r1413 Acked-By: Steve Beattie <sbeattie@ubuntu.com>
r1418 Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
r1418 Acked-By: Kees Cook <kees@ubuntu.com>
r1418 Acked-By: John Johansen <john.johansen@canonical.com>
 2010-06-25 12:58:17 -07:00
Steve Beattie
26624648f8 apparmor_notify merges: r1391-r1396,r1401-r1402,r1405,r1407-r1408: 
These commits should bring apparmor_notify and apparmor_notify.pod
up to what is in trunk. In short:
- add long options
- cleanup output
- better handle auditd
- handle logfile rotation
- use seteuid() to drop privileges so we can raise/drop after log
  file rotation. Add -u USER option for dropping privileges when not
  using sudo
- man page updates
- group like entries together when using -v with -s (and later cleanups
  including LP: #582075)
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:36:21 -07:00
Steve Beattie
6f7dad8790 Merge: r1389: add 'k' to /var/lib/samba/**.tdb in the samba abstraction 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:26:22 -07:00
Steve Beattie
f0d5b09b9f Merge: r1397-r1398: adjust cgi path for php5 abstraction (LP: #538661) 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:24:35 -07:00
Steve Beattie
ab10eafaaf Merge r1406: abstractions/user-tmp: require 'owner' matching 
Nominated-by: Jamie-Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:22:54 -07:00
Steve Beattie
aa106808fd Merge: r1409: statvfs allowed by default 
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-06-21 15:21:10 -07:00
Steve Beattie
21875a520d Fix leaking file descriptors on included files. 2010-03-12 01:50:26 -08:00
John Johansen
6c23d48649 Bump versioning to AppArmor 2.5 2010-03-10 23:07:29 -08:00
Steve Beattie
4094043011 Fix up some testcase description fields 2010-03-10 21:38:10 -08:00
Steve Beattie
970807f01a Merge in stress test changes before ext4 eats them. 2010-03-10 21:09:15 -08:00
Steve Beattie
66286494a2 Resurrect another of the stress tests; it kinda works, though it requires 
killall-ing a few things in order to make it stop. And alas, it does seem
to eventually cause kernel hangs with 2.6.32-16. (Committing now before ext4
eats my changes and brain.)
 2010-03-10 20:56:47 -08:00
Steve Beattie
140495fe64 Make kernel stress tests work again (kill.sh works at least) 2010-03-10 17:56:51 -08:00
John Johansen
04a872f927 Add some new profile flag tests to validate parsing of the new flags 
controlling nameresolution.
 2010-03-10 17:00:24 -08:00
Steve Beattie
60f6153446 Fixup parser stress test to work with modern parser args.. 2010-03-10 16:11:39 -08:00
John Johansen
e2737566ff Fix genprof/logprof to handle create (c) and delete (d) permissions that 
are being reported by the kernel modules auditing.
 2010-03-10 15:30:06 -08:00
Jamie Strandboge
dd3a979827 apparmor_notify: call getopt and check for -h before trying to open audit.log, 
so help can be used as non-root when auditd is installed
 2010-03-10 10:11:26 -06:00
Steve Beattie
69d59f80ed Don't (un)load flattened hats on removal, as the kernel pulls them out 
automatically (and the parser emits an error due to this).
 2010-03-09 01:38:12 -08:00
Steve Beattie
ebe59ca483 Add a simple 'cx' mode testcase. I *think* I'm specifying it correctly. 2010-03-08 22:28:22 -08:00
Steve Beattie
fc669861fe Yuck, fix up bogus type conversions. Also fix up some PDEBUG statements, 
to make debugging why things are going wrong in specific examples
easier.
 2010-03-08 21:49:16 -08:00
Steve Beattie
61c61f9aab Add some unit tests for processunquoted() -- sadly it handles octals 
fairly wrong. Need to fix, but not tonight. Le sigh
 2010-03-08 20:38:54 -08:00
Jamie Strandboge
fd3baa930e add ubuntu-bittorrent-clients and ubuntu-media-players abstractions 2010-03-08 13:50:25 -06:00
Jamie Strandboge
df05261cd3 add /etc/sound to audio abstraction 2010-03-08 13:49:37 -06:00
Jamie Strandboge
75d858a764 apparmor_notify: add -w NUM -- wait NUM seconds before displaying notifications 
(with -p)
 2010-03-03 11:30:55 -06:00
John Johansen
5709d94710 Add the ability to control how path mediation is done at the profile level 2010-02-17 12:21:52 -08:00
Kees Cook
4f5686901b include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
John Johansen
725328c209 Allow for a location to alias to multiple locations. Ie. 
alias / -> /rofs,
alias / -> /rwfs,
 2010-02-12 13:51:27 -08:00
John Johansen
ee00b0cea2 Update aliases so that they apply properly to profile names. 
Instead of updating the profile name, allow a profile to have multiple
alternate names.  Aliases are now added as alternate names and matched
through the xmatch dfa.
 2010-02-12 13:49:58 -08:00
John Johansen
eafddd3cea Fix alias to keep old rule and add new one instead of updating old rule. 
Alias was broken because it when an alias was made the old path was completely
removed and there was no way to specify it.  Update it so aliases just add
an new duplicate rule instead.
 2010-02-12 13:46:55 -08:00
John Johansen
94b2a345f2 Fix -S flag so the profile can be dumped to stdout again 
The changes to the loader permission logic broke the -S flag, so update
the test so that we can dump out the profile again.
 2010-02-12 13:44:00 -08:00
Jamie Strandboge
e0ca522633 fix pod2man error in apparmor_notify.pod 2010-02-12 10:25:02 -06:00
Jamie Strandboge
a58c1b5119 utils/Makefile: install apparmor_notify 
add utils/apparmor_notify.pod
 2010-02-12 10:14:11 -06:00
John Johansen
7d940743cb Add change_hatv and change_hat_vargs calls to libapparmor. 
These replacement routines allow an application to avoid the probing
behavior of earlier version of change_hat.  Allowing them to be faster
and have better learning characteristics.
 2010-02-11 15:38:24 -08:00
John Johansen
f999b49843 Add change_profile onexec to libapparmor 2010-02-11 15:37:25 -08:00