The last change in save_profiles() sorted() the order in which the
changed profiles get displayed. However, it did not honor the sorting
when displaying changes or saving the selected profile, leading to the
wrong profile displayed or saved.
This patch fixes picking the selected profile, and at the same time
replaces the duplicated code for doing this with a single instance.
I propose this patch for trunk and 2.11.
Note that the 2.11 branch needs a slightly different patch (different
indentation).
Also note that this regression made it into 2.11.1, so distributions
shipping 2.11.1 should add this patch.
ubuntu-browsers, ubuntu-helpers: add support for Google Chrome unstable (LP: #1730536).
See merge request apparmor/apparmor!9
Acked-by: Christian Boltz <apparmor@cboltz.de>
The RETURN VALUE section contained two typos where "kernel_features" was
used instead of "kernel_interface".
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Callers of aa_features_unref(), aa_kernel_interface_unref(), and
aa_policy_cache_unref() had to store off errno and restore it after
calling those functions in error paths. This patch preserves errno
across those *_unref() functions so that callers don't have to.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Ignoring cscope.* files allows users of cscope to not be bothered by
`git status` reporting that an unknown file is in the source tree.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
We never did a release with the JSON code, and YaST (the only known user
of the JSON interface) will work with the added 'changes' dialog type
from r3721 without needing changes.
Also add a better comment/reason why a response for 'changes' is
expected, but gets ignored.
Reviewed-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The python setup tools script is set to rewrite the shbang line of
scripts installed in ${PREFIX}/bin/ if the PYTHON environment variable
is set. Unfortunately, this (a) only covers the aa-easyprof script
as the rest are installed in ${PREFIX}/sbin/, and (b) we've deprecated
python 2 support, and hardcoded python3 as the interpreter for all of
the python scripts in the utils/ directory.
The only use for this feature would be if for some reason the utils did
not work properly with the default python3 interpreter and a specific
version was needed to be set, but I don't think that warrants keeping
the extra bit of code complexity around (and indeed, the snippet that
does this is forcibly disabled in Debian/Ubuntu).
Therefore, drop the shbang rewriting entirely.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
(2^22), which results in seven digit pids. Adjust the @{PID} variable in
tunables/global to accept this.
Acked-by: intrigeri <intrigeri@boum.org>
Acked-by: Steve Beattie <steve@nxnw.org>
Provides the filename in the json format, which can be
directly read by Yast. Increased the protocol version; perhaps
it should go in the next release.
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
[cboltz] fix "unused variable" warning and add a comment about ignoring
the JSON response
Acked-by: Christian Boltz <apparmor@cboltz.de>
This is a preparation patch to use for JSON mode of conveying
diff filename. In this patch we move diff generation functions to UI.
In the process, I have cleaned up the code to reduce code and enable reuse.
Remove unused function get_profile_diff().
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
[cboltz] Also adjust aa-mergeprof to the new function name/location
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The crash was caused by the more strict ProfileStorage in bzr trunk
(older versions use hasher() which is more forgiving, but also very
"useful" to hide quite some bugs)
Acked-by: Christian Boltz <apparmor@cboltz.de>
/etc/netconfig is required by the tirpc library which nscd and several
other programs use.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1062244
Acked-by: Seth Arnold <seth.arnold@canonical.com> for 2.9, 2.10, 2.11 and trunk
The added testcase for a ptrace target with an empty string
(ptrace_garbage_lp1689667_1.in) was causing the swig python test script
to fail. The generated python swig record for libapparmor ends up
setting a number of fields to None or other values that indicate the
value is unset, and the test script was checking if the value in the
field didn't evaluate to False in a python 'if' test.
Unfortunately, python evaluates the empty string '' as False in 'if'
tests, resulting in the specific field that contained the empty string
to be dropped from the returned record. This commit fixes that by
special case checking for the empty string.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
YaST has two issues in the "save changed profiles" dialog:
- when using "save selected", the list of profiles doesn't get updated.
Update q.options inside the loop to fix this.
- the list of profiles is displayed as "["/usr/bin/foo", true]" instead
of just "/usr/bin/foo". Use changed.keys() instead of changed to fix
this. (text-mode aa-logprof doesn't change, it always displayed
"/usr/bin/foo" and continues to do so.)
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1062667 part a)
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.11.
Note that 2.11 needs a slightly different patch (whitespace diff).
Merge fixes from Christian to address conflicting apparmor-utils
hotkeys in the Indonesian translation. Plus the usual lp timestamp
update.
Acked-by: Steve Beattie <steve@nxnw.org>
Updates to the following translations:
* binutils - add and update an entry to de.po
* utils
- de.po: add several entries
- en_GB.po: add many entries
- es.po: add non-existing(?) entry
- id.po: add many entries
- sv.po: update and add correct a number of entries
All other changes are the usual nonsense of launchpad updating
timestamps and export information.
Note one use of dbus is left because it is represnative of a unix
socket name used for communication with dbus
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
The macro `PATH_MAX` macro is typically defined in the <limits.h>
header by the system's libc implementation. While we do not
include it right now, glibc indirectly includes it via other
headers already and thus compilation of the file succeeds. For
other libc implementations this may not be the case, which would
then lead to a compilation error. This is the case for musl libc.
Explicitly include <limits.h> to fix this.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
The define `RLIMIT_OFILE` is a historic macro originating from
the BSDs, which is nowadays an alias for `RLIMIT_NOFILE`. On some
implementations, it has thus been dropped in favor of the new
define, but we still assume it will always be defined in our
rlimit keywords table. Wrap it in an `ifdef` to fix compilation
on systems where it does not exist.
For the second macro `RLIMIT_RTTIME`, we do check for its
existence in our keywords table, but then forgot to do so in the
YACC rules. Wrap it into an `ifdef`, as well.
Both patches serve the goal to fix compilation on musl libc.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
The macros __BEGIN_DECLS and __END_DECLS are not conforming to
any standard, but are a custom extension of the glibc library. As
such, it may not be available in other libc implementations, with
one example being musl libc. So compiling libapparmor won't work
with a strictly standards-conforming library.
These macros are typically used for header files which might be
included in a C++ project. Depending on whether the header is
seen by a C or C++ compiler, it will hint that functions have C
linkage. The macros themselves are rather simple:
#ifdef __cplusplus
# define __BEGIN_DECLS extern "C" {
# define __END_DECLS }
#else
# define __BEGIN_DECLS
# define __END_DECLS
#endif
To fix compilation with musl libc, simply expand those macros to
explicitly use `extern "C"`. This is already used in other parts
of apparmor and should thus be safe to use.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
