mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
948 commits 23 branches 109 tags 32 MiB
Commit graph

948 commits

This branch
This branch
All branches
Author SHA1 Message Date
John Johansen
ec639bc82c user:group:any permissions 2007-11-16 09:35:31 +00:00
John Johansen
e601767e03 simple cleanup 2007-11-16 09:34:53 +00:00
John Johansen
40c3686041 remove old netdomain syntax 2007-11-16 09:34:01 +00:00
John Johansen
50284e8aad autogenerate the capability names file 2007-11-16 09:32:38 +00:00
John Johansen
c841a140b3 make the use of flags= optional 2007-11-16 09:31:33 +00:00
John Johansen
999e291acc factor use of id and varid into single token 2007-11-16 09:30:08 +00:00
John Johansen
20d5d20855 tests for pix exec mode 2007-11-16 09:28:30 +00:00
John Johansen
230b04231c add pix transition mode 2007-11-16 09:27:34 +00:00
John Johansen
92a569fdb3 profile namespace tests 2007-11-16 09:22:49 +00:00
John Johansen
a4721bd02d add basic handling of profile namespaces 2007-11-16 09:18:48 +00:00
John Johansen
11d8181d0d Fix bug 254677 2007-11-16 00:16:04 +00:00
John Johansen
a2de30e4ce Add missing patches 2007-11-13 16:57:45 +00:00
John Johansen
67f130c66c Move deprecated code into the deprecated branch 2007-11-13 08:33:09 +00:00
Dominic Reynolds
472a1d333a Added handling to correctly check the result of the profile development 
run and reset the profile mode to enforce when the profile development
run exits without an error.
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328045
 2007-11-06 18:08:24 +00:00
Dominic Reynolds
c074a19f24 Ignore complain flags when up|down loading profiles to|from the 
repository. This makes the repository agnostic to profile mode
(complain/enforce) - users must manage this locally via
aa-complain/aa-enforce.
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328033
 2007-11-06 18:06:18 +00:00
Dominic Reynolds
63a7fa4aed Modified code to check the repository for new profile when: 
- processing an unknown hat/execute rejection if its not already in the profile
   - at the start of processing all the remain events for the profile
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328707
 2007-11-06 16:46:57 +00:00
Dominic Reynolds
57f1e839b7 Updated regex used to detect syslog messages (from bug reported against 
Ubuntu gutsy)
 2007-11-06 16:37:52 +00:00
Steve Beattie
cfef502c54 Basic change_profile testcases, basic network rules testcases, testcases 
around carat symbols and commas in file rules, and basic permission
modes first testcases from jjohansen@suse.de.

Acked-By: Steve Beattie <steve@nxnw.org>
 2007-10-01 06:34:27 +00:00
Steve Beattie
815c103488 lock mode bit tests from jjohansen@suse.de 
Also, make 'check' toplevel target be an alias for 'tests'

Acked-By: Steve Beattie <steve@nxnw.org>
 2007-10-01 06:12:26 +00:00
Steve Beattie
4e0679ecc6 Append testcases from jjohansen@suse.de. 
Acked-By: Steve Beattie <steve@nxnw.org>
 2007-10-01 06:04:18 +00:00
David J Drewelow
6eedd28dc2 Fix for bug #329476. The mode validation regexp has been updated to 
support additional values.
 2007-09-28 16:51:56 +00:00
Dominic Reynolds
de278ffef8 Don't try to read inactive profile directory if it doesn't exist. Fix 
based on feedback from mathiaz@ubuntu.com and from bug report:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/141128.
 2007-09-28 15:39:42 +00:00
Steve Beattie
de9a6dea63 Stop emitting anything from non-apparmor messages to stdout, and parse 
the messages enough to report the audit type in the operation field, the audit
message id|timestamp, and the rest of the message in the info field.
 2007-09-20 08:25:43 +00:00
Steve Beattie
ee5f978570 the lexer allocates strings for everything it identifies, therefore it's 
safe for the grammer to just use the strings where they don't need to be
modified, reducing the number of strdup()/free() pairs that need to be
invoked.
 2007-09-19 21:49:23 +00:00
Steve Beattie
403b124bf1 Add support for old-style link rejections. 
Add testcase for new-style link rejection for comparison.
 2007-09-19 21:06:08 +00:00
Steve Beattie
95949a069a Add support for old-style syscall rejections. 2007-09-19 20:44:19 +00:00
Steve Beattie
34040a4d83 Clean up the grammar file somewhat; more work needed. 2007-09-19 20:30:26 +00:00
John Johansen
bb2eb071c3 Fix bug in change_hat that would cause a confined process to become 
unconfined if, the process was confined in a hat and the process
attempted to change_hat to a new hat and that attempt failed because
the hat was not defined in policy.
 2007-09-19 19:48:31 +00:00
Steve Beattie
8e909ad869 Add support for old-style AUDIT messages. 2007-09-18 17:47:11 +00:00
Steve Beattie
b9342d0963 logparsing library: fix up interpreting the protocol to handle both 
digits and strings returned (though it's entirely possible the kernel
will only ever return the protocol number).

Things should probably be fixed up to convert back to the name of the
protocol.
 2007-09-18 02:01:42 +00:00
Steve Beattie
4d505d643e Add correctly generated testcase for parent=pid_t from Kenny Graunke 
<kgraunke@novell.com>, as well as fixing the code to properly parse
messages containing them.

Alas, this resulted in a change in the returned structure.
 2007-09-17 22:38:22 +00:00
Steve Beattie
7489640b82 Fix the logparsing library to parse correctly the task field passed back 
by apparmor; the new syntax passes back the task as unquoted digits,
whereas the logparser expected a quoted string.
 2007-09-17 21:54:49 +00:00
Steve Beattie
c075a9db45 Add testcase for "task=NNNN" apparmor hint message. 2007-09-17 21:24:35 +00:00
Steve Beattie
cf76182f2c Add a testcase for network protocols that the log parsing library can't 
parse.
 2007-09-17 21:20:24 +00:00
Steve Beattie
9ad53af32b Add testcase for old-style mandatory missing profile exec rejection. 2007-09-17 20:55:05 +00:00
Steve Beattie
cd498230c7 Fix aa logparsing library to parse messages where the strings in the 
name, name2, or profile fields have been safely (hex) encoded.
 2007-09-17 05:22:40 +00:00
Dominic Reynolds
27c13607be Change the default repository to 
http://apparmor.opensuse.org/backend/api - the host for the production
repository.
 2007-09-17 02:28:26 +00:00
Dominic Reynolds
44a6fbadff Modify the cupsd profile to use ix transtions (rather than Px) for 
backend plugins.
 2007-09-17 02:00:47 +00:00
Dominic Reynolds
4ffd798b57 Update to log parsing to correctly unpack the hex encoded values passed 
from the module: name, name2, and profile. (fix from jmichael@suse.de)
 2007-09-17 01:58:36 +00:00
Dominic Reynolds
0cd4b39f4c Remove the confirmation prompt for confirm_and_finish - this was a 
duplicate prompt after the repository changes to save_profiles.
 2007-09-17 01:56:14 +00:00
Dominic Reynolds
61d499c108 Add support for network toggles, append, and locking to the YaST2 
EditProfile wizard.
 2007-09-17 01:55:11 +00:00
Steve Beattie
2640f42273 Add a basic inode_permission testcase. 2007-09-15 06:02:13 +00:00
Steve Beattie
ee5391c6a4 Remove the magic token from the aa_change_profile() interface, as 
change_profile transitions ought to be uni-directional. If you want
bi-directional transitions, use aa_change_hat() instead.
 2007-09-15 05:41:44 +00:00
Steve Beattie
95625c6a39 Bump release version (+date) in specfile, and bump library minor 
version.
 2007-09-15 03:46:56 +00:00
Steve Beattie
793afcd06c Add support for an old style message hint "changing_profile" which 
indicates that the pid referenced is being placed in the null-complain
profile.
 2007-09-14 21:38:46 +00:00
David J Drewelow
935e7eb32f Fixes (#310454) to support new audit log format and new libapparmor1. 2007-09-14 21:23:08 +00:00
David J Drewelow
d46ba6ba79 Fixes (#310454) to support new audit log format and new libapparmor1. 2007-09-14 21:22:26 +00:00
Steve Beattie
fa6dce4c65 This patch fixes up the support for parsing old style messages generated 
on systems where auditd has not been compiled with --with-apparmor (i.e.
events are reported with an unknown type).
 2007-09-14 14:36:01 +00:00
Steve Beattie
6700630539 This patch fixes the parsing of old-style apparmor log messages that 
occur within a hat that's name does not begin with a '/'. New style
message parsing was not affected by this bug.
 2007-09-14 14:33:05 +00:00
Steve Beattie
2228421afd Stop printing "Error: syntax error" to stdout when the library has a 
problem parsing the log message.
 2007-09-14 14:29:07 +00:00