logprof/genprof and related utilities in python. Because the branch that
was worked on was not based on the apparmor tree, not all of the history
can be maintained for files that are not newly created or entirely
rewritten in the branch.
(This merge also includes a subsequent commit to the branch
I was merging from which includes my missed bzr add of
utils/apparmor/translations.py)
perl utilities to the deprecated to directory; a couple of perl
utilities remain, but they are still useful and do not depend on the
Immunix module (just the LibAppArmor perl module).
pep8 --ignore=E501,E302
on individual files. This uncovered a bug where the type of an object
was being compared to a type of a list. However, a python string is a
list of characters, and so would cause the test to be true.
the utility python modules to be used inside another tool with another
textdomain binding and still have the translations for that tool and the
stuff internal to the apparmor module convert properly.
When passing an include directory on the command line to
apparmor_parser, valgrind emits a warning:
Invalid read of size 4
at 0x404DA6: add_search_dir(char const*) (parser_include.c:152)
by 0x40BB37: process_arg(int, char*) (parser_main.c:457)
by 0x403D43: main (parser_main.c:590)
Address 0x572207c is 28 bytes inside a block of size 29 alloc'd
at 0x4C2A420: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x53E31C9: strdup (strdup.c:42)
by 0x404D94: add_search_dir(char const*) (parser_include.c:145)
by 0x40BB37: process_arg(int, char*) (parser_main.c:457)
by 0x403D43: main (parser_main.c:590)
This patch quiets the warning by removing strlen() calls on the t char
array. Instead, it only calls strlen() on the dir char array. t is a
dupe of dir and strlen(dir) does not trigger the valgrind warning.
Additionally, this patch adds a bit of defensive programming to the
while loop to ensure that index into the t array is never negative.
Finally, the valgrind suppression is removed from valgrind_simple.py.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
With commit 2364 addressing one of valgrind's false positives, we can
remove the related valgrind suppression entry from the test script.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
strlen() assumes that it can read an entire word but when a char array
does not end on a word boundary, it reads past the end of the array.
This results in the following valgrind warning:
Invalid read of size 4
at 0x40A162: yylex() (parser_lex.l:277)
by 0x40FA14: yyparse() (parser_yacc.c:1487)
by 0x40C5B9: process_profile(int, char const*) (parser_main.c:1003)
by 0x404074: main (parser_main.c:1340)
Address 0x578d870 is 16 bytes inside a block of size 18 alloc'd
at 0x4C2A420: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x53E31C9: strdup (strdup.c:42)
by 0x40A145: yylex() (parser_lex.l:276)
by 0x40FA14: yyparse() (parser_yacc.c:1487)
by 0x40C5B9: process_profile(int, char const*) (parser_main.c:1003)
by 0x404074: main (parser_main.c:1340)
This patch quiets the warning by not using strlen(). This can be done
because yyleng already contains the length of string.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
When the --cache-loc option was added in trunk commit 1916, it was
intended that -L would be the short form of the option (based on
documentation and usage changes). However, the commit mistakenly
did not include the short option in the list include in the call
to getopt_long(3). This patch adds it along with the indicator
that it requires an argument (the different cache location) to the
getopt_long() call.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
includes come out like
#include
##included <tunables/home>
which is wrong because #include by itself is broken, and since -p is
supposed to be removing includes, it should not be directly echoed
any keyword in the keyword table is double echoed
ownerowner /{run,dev}/shm/pulse-shm* rwk
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
abstractions/mysql.
This binary/profile seems to be the only one that needs to do this, so
add it to this profile (instead of abstractions/mysql) to avoid superfluous
permissions for other programs with abstractions/mysql
Acked-by: John Johansen <john.johansen@canonical.com>
after testing the dovecot profiles on a new server, I noticed
/usr/sbin/dovecot needs some more permissions:
- mysql access
- execution permissions for /usr/lib/dovecot/dict and lmtp
- write access to some postfix sockets, used to
- provide SMTP Auth via dovecot
- deliver mails to dovecot via LMTP
- and read access to /proc/filesystems
Acked-by: John Johansen <john.johansen@canonical.com>
logprof.conf contains a list of binaries in the [qualifiers] section
that should for example never have their own profile.
Since some distributions moved lots of files from /bin/ to /usr/bin/
("UsrMove"), this list is outdated.
The patch adds copies of all /bin/ (and /sbin/) lines with /usr
prepended.
Acked-by: John Johansen <john.johansen@canonical.com>
The usr.sbin.dovecot profile needs several updates for dovecot 2.x,
including
- capability dac_override and kill
- Px for various binaries in /usr/lib/dovecot/
The patch also adds a nice copyright header (I hope I got the bzr log
right ;-)
Acked-by: John Johansen <john.johansen@canonical.com>
dovecot 2.x comes with several new binaries in /usr/lib/dovecot.
This patch adds profiles for
/usr/lib/dovecot/anvil
/usr/lib/dovecot/auth
/usr/lib/dovecot/config
/usr/lib/dovecot/dict
/usr/lib/dovecot/dovecot-lda
/usr/lib/dovecot/lmtp
/usr/lib/dovecot/log
/usr/lib/dovecot/managesieve
/usr/lib/dovecot/ssl-params
References: https://bugzilla.novell.com/show_bug.cgi?id=851984
Acked-by: John Johansen <john.johansen@canonical.com>
Introduces tunables/dovecot (with @{DOVECOT_MAILSTORE}) and replace
the mail storage location in various dovecot-related profiles with
this variable.
Also add nice copyright headers (I hope I got the bzr log right ;-)
Acked-by: John Johansen <john.johansen@canonical.com>
From: Felix Geyer <debfx@ubuntu.com>
AppArmor requires read and write permission to connect to
unix domain sockets but the nameservice abstraction only
grants write access to the avahi socket.
As a result mdns name resolution fails.
Acked-by: John Johansen <john.johansen@canonical.com>
