mount -o loop fails when the loopback module is not loaded with
permission denied. Add a check if /dev/loop0 exists. If not, load
the loop module.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/781
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
libapparmor performs a test for the new stacking interface, however
how it does this test is problematic as it requires all confined
tasks to be given read access to the task introspection interface.
This results in tasks needing to be given read access to the interface
even if they don't need it. Making it possible for tasks to discover
their confinement even if they are not supposed to be able to.
Instead change the check to using state on the parent directory.
This will generate a getattr request instead of read and make it
on the directory instead of on any interface file that could be
used to obtain information.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen john.johansen@canonical.com
Acked-by: Timeout
Understacking AppArmor if it is not the major LSM may set the enabled
field to false, to keep userspace from hitting the old shared proc
interfaces. The parameter "available" is added to indicate apparmor
is available but not present on the older interfaces.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
Adjust the interface check and fallback. Unfortunately there is no
solution that will fix all failure cases. Instead try to minimize
the failure cases and bias towards failures that don't cause a
regression under an old parser/policy.
Note: In cases where we absolutely know the interface should not
be accessed fail those accesses imediately instead of relying
on what ever LSM active to handle it.
While we are at it document the interfaces and failure cases.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
Make it easier to separate errors from an actual answer, and ensure
we do a fallback check if there was an error.
Also fix the error code returned from aa_is_enabled() which got
broken by the addition of the private_enabled() check.
Finally make sure the private enabled error code is documented.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
The parameter that is landing upstream in "available" not
"private_enabled".
Also set the correct variable, as previously we were not.
Note: that skipping checking available for the private apparmor
proc interfaces is okay, as the dedicated apparmor interfaces will
fail correctly if available is False.
This just gives a clear way for userspace to query this info without
having to resort to error codes that access to the private interfaces
would return.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
libapparmor performs a test for the new stacking interface, however
how it does this test is problematic as it requires all confined
tasks to be given read access to the task introspection interface.
This results in tasks needing to be given read access to the interface
even if they don't need it. Making it possible for tasks to discover
their confinement even if they are not supposed to be able to.
Instead change the check to using stat on the parent directory.
This will generate a getattr request instead of read and make it
on the directory instead of on any interface file that could be
used to obtain information.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
This resolves an issue in the parser's job handling when running on a machine with >8 CPU cores. The test library was updated to resolve failures in the caching tests caused by the features directory entries being unsorted in the tests.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/775
Acked-by: John Johansen [john@jjmx.net](mailto:john@jjmx.net)
Currently for directory includes the directory timestamp is ignored.
This is wrong as operations like removing a file from the dir won't
be considered in the timestamp check.
Fix this by updating the timestamp check to include the included
directories timestamp.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/760
Signed-off-by: John Johansen <john@jjmx.net>
Acked-by: Georgia Garcia <georgia.garcia@canonical.com>
add abstractions/crypto, allowing reading @{etc_ro}/gcrypt/random.conf r, and move several rules around
See merge request apparmor/apparmor!772
Acked-by: John Johansen <john.johansen@canonical.com>
crypto allows reading /etc/gcrypt/random.conf, which is possibly needed
for all programs that use libgcrypt.
Reported by darix, he has seen it with vivaldi.
Test if active and extra profiles can be parsed by the tools
See merge request apparmor/apparmor!677
Acked-by: John Johansen <john.johansen@canonical.com>
If a profile uses features not supported by the tools yet, add a
skiplist to (hopefully temporarily) exclude it from the tests.
This is meant to avoid blocking usage of new features in profiles.
When doing a release, the skip lists should be empty.
The added test makes sure that the python code can parse all profiles
shipped with AppArmor. If this fails, read_profiles() /
read_inactive_profiles() will raise an exception.
Checking for the number of read profiles is mostly done to ensure
*something* is read (to make sure an empty or non-existing directory
won't make the test useless).
We sometimes have random coverage changes that are not reproducible and
therefore hard to debug.
Generate html coverage as part of make coverage-regression, and keep the
resulting utils/test/htmlcov/ as artifact to make debugging easier.
coverage-html needs JS files from various libjs-* packages, install them
in before_script
The parser was not compiling on older versions of Ubuntu
(trusty) because the capability CAP_AUDIT_READ that was
defined on base_cap_names.h was not available until
kernel version 3.16.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/767
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Unfortunately the parser was doing ifdef checks for capabilities
in two places. Move all the capability ifdefs into capability.h
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/768
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Georgia Garcia <georgia.garcia@canonical.com>
The regression tests are failing on some older kernels due to
commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 being cherry-picked
back to them without the corresponding apparmor patch
34c426acb75cc21bdf84685e106db0c1a3565057.
This means we can not rely on a simple features/flag check to determine
how the kernel is behaving with regard to mmap. Since this test is
not concerned with testing mmap, instead of adding a more complex
conditional simplify by always adding the m permission.
Fixes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830984
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Georgia Garcia <georgia.garcia@canonical.com>
ask_exec still uses aa[profile][hat], therefore
- use full_profile when accessing hashlog
- correctly split the merged profile name to profile and hat
- avoid accidently initializing non-existing aa[profile][hat]
This fixes a regression from converting lots of code to use flat
profile//hat array keys.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/763
Acked-by: John Johansen <john@jjmx.net>
It's used like a plain dict, therefore no further code changes are
needed.
Also simplify generating the 'context' key that is used with
'transitions'.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/764
Acked-by: John Johansen <john@jjmx.net>
See https://gitlab.com/redhat-crypto/fedora-crypto-policies for details.
Reported by darix and also my own audit.log - the actual denial was for
/usr/share/crypto-policies/DEFAULT/openssl.txt.
Also allow the /etc/crypto-policies/ counterpart.
(I'm aware that the crypto policies are not really certificates, but
since they are used by several crypto libraries, ssl_certs is probably
the best place for them even if the filename doesn't match.)
The following errors are happening on the regression tests
of i18n.sh on arm64 hirsute/impish:
Error: open failed. Test 'i18n (194) OPEN (octal) "/tmp/sdtest.3654-6536-J2ZwFM/file__post" RW' was expected to 'pass'. Reason for failure 'FAIL: open /tmp/sdtest.3654-6536-J2ZwFM/file__post failed - Permission denied'
...
The cause is a bash bug handling UTF-8 on subshells.
Fixes: https://bugs.launchpad.net/apparmor/+bug/1932331
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/765
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
ask_exec still uses aa[profile][hat], therefore
- use full_profile when accessing hashlog
- correctly split the merged profile name to profile and hat
- avoid accidently initializing non-existing aa[profile][hat]
This fixes a regression from converting lots of code to use flat
profile//hat array keys.
The check-logprof test in the profiles Makefile specifies
the configuration directory as --configdir ../utils/test,
but when aa-logprof looks for severity.db in the configdir,
it cannot find it.
This fix points the configdir to utils. Note that the
logprof.conf on utils uses the configuration for files
created during the libapparmor installation on the system.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/177
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
All the calling code (directly or indirectly) uses write_flags=True,
therefore drop the parameter to simplify the code.
See the individual commits for details. Also, reviewing the individual commits is probably easier than reviewing the full diff (especially the test changes).
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/759
Acked-by: John Johansen <john@jjmx.net>
Drop unused write_flags parameter from AaTest_get_header and
AaTest_get_header_01. This is a cleanup for the previous commit.
While on it, add xattrs parameter to AaTest_get_header, and add two
tests with non-empty xattrs.
All the calling code (directly or indirectly) uses write_flags=True,
therefore drop the parameter to simplify the code.
A few tests called get_header() with write_flags=False. Adjust or drop
those tests.
Note: to keep the diff readable, the test changes are as small as
possible. The next commit will cleanup the now-superfluous write_flags
values in the tests.
... instead of "manually" creating a ProfileStorage object
Also preserve profile keyword and comment in ProfileStorage.parse()
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/758
Acked-by: John Johansen <john@jjmx.net>
