mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
The AppArmor user space development project.
3186b09035
Attached is a patch to make the initscript not fail if /tmp is full by converting the comm(1) usage on temporary files to an embedded awk script. On both Ubuntu and OpenSUSE, a version of awk (mawk in Ubuntu, gawk in OpenSUSE) is either a direct or indirect dependency on the minimal or base package set, and the original reporter also mentioned that an awk-based solution would be palatable in a way that converting to bash, or using perl or python here would not be. In the embedded awk script, I've tried to avoid gawk or mawk specific behaviors or extensions; e.g. this is the reason for the call to sort on the output of the awk script, rather than using gawk's asort(). But please let me know if you see anything that shouldn't be portable across awk implementations. An additional issue that is fixed in both scripts is handling child profiles (e.g. hats) during reload. If child profiles are filtered out (via grep -v '//') of the list to consider, then on reloading a profile where a child profile has been removed or renamed, that child profile will continue to stick around. However, if the profile containing child profiles is removed entirely, if the initscript attempts to unload the child profiles after the parent is removed, this will fail because they were unloaded when the parent was unloaded. Thus I removed any filtering of child profiles out, but do a post-awk reverse sort which guarantees that any child profiles will be removed before their parent is. I also added the LC_COLLATE=C (based on the Ubuntu version) to the sort call to ensure a consistent sort order. To restate, the problem with the existing code is that it creates temporary files in $TMPDIR (by default /tmp) and if that partition is full, problems with the reload action ensue. Alternate solutions include switching the initscript to use bash and its <$() extension or setting TMPDIR to /dev/shm/. The former is unpalatable to some (particularly for an initscript), and for the latter, /dev/shm is only guaranteed to exist on GNU libc based systems (glibc apparently expects /dev/shm to exist for its POSIX shared memory implementation; see shm_overview(7)). So to me, awk (sans GNU extensions) looks to be the least bad option here. Nominated-By: Steve Beattie <sbeattie@ubuntu.com> Acked-By: John Johansen <john.johansen@canonical.com> Bug: https://launchpad.net/bugs/775785 |
||
|---|---|---|
| changehat | ||
| common | ||
| deprecated/management | ||
| kernel-patches | ||
| libraries/libapparmor | ||
| parser | ||
| profiles | ||
| tests | ||
| utils | ||
| .bzrignore | ||
| LICENSE | ||
| Makefile | ||
| README | ||
------------ Introduction ------------ AppArmor protects systems from insecure or untrusted processes by running them in restricted confinement, while still allowing processes to share files, exercise privilege and communicate with other processes. AppArmor is a Mandatory Access Control (MAC) mechanism which uses the Linux Security Module (LSM) framework. The confinement's restrictions are mandatory and are not bound to identity, group membership, or object ownership. The protections provided are in addition to the kernel's regular access control mechanisms (including DAC) and can be used to restrict the superuser. The AppArmor kernel module and accompanying user-space tools are available under the GPL license (the exception is the libapparmor library, available under the LGPL license, which allows change_hat(2) and change_profile(2) to be used by non-GPL binaries). For more information, you can read the techdoc.pdf (available after building the parser) and by visiting the http://apparmor.net/ web site. ------------- Source Layout ------------- AppArmor consists of several different parts: changehat/ source for using changehat with Apache, PAM and Tomcat common/ common makefile rules desktop/ empty kernel-patches/ compatibility patches for various kernel versions libraries/ libapparmor source and language bindings parser/ source for parser/loader and corresponding documentation profiles/ configuration files, reference profiles and abstractions tests/ regression and stress testsuites utils/ high-level utilities for working with AppArmor -------------------------------------- Important note on AppArmor kernel code -------------------------------------- While most of the kernel AppArmor code has been accepted in the upstream Linux kernel, a few important pieces were not included. These missing pieces unfortunately are important bits for AppArmor userspace and kernel interaction; therefore we have included compatibility patches in the kernel-patches/ subdirectory, versioned by upstream kernel (2.6.37 patches should apply cleanly to 2.6.38 source). Without these patches applied to the kernel, the AppArmor userspace will not function correctly. ------------------------------------------ Building and Installing AppArmor Userspace ------------------------------------------ To build and install AppArmor userspace on your system, build and install in the following order. libapparmor: $ cd ./libraries/libapparmor $ sh ./autogen.sh $ sh ./configure --prefix=/usr --with-perl # see below $ make $ make check [optional arguments to libapparmor's configure include --with-python and --with-ruby, to generate python and ruby bindings to libapparmor, respectively.] Utilities: $ cd utils $ make $ make install parser: $ cd parser $ make $ make tests # not strictly necessary as they are run during the # build by default $ make install Apache mod_apparmor: $ cd changehat/mod_apparmor $ make # depends on libapparmor having been built first $ make install PAM AppArmor: $ cd changehat/pam_apparmor $ make # depends on libapparmor having been built first $ make install Profiles: $ cd profiles $ make $ make check # depends on the parser having been built first $ make install ------------------- AppArmor Testsuites ------------------- A number of testsuites are in the AppArmor sources. Most have documentation on usage and how to update and add tests. Below is a quick overview of their location and how to run them. Regression tests ---------------- For details on structure and adding tests, see tests/regression/apparmor/README. To run: $ cd tests/regression/apparmor (requires root) $ make $ sudo make tests $ sudo bash open.sh -r # runs and saves the last testcase from open.sh Parser tests ------------ For details on structure and adding tests, see parser/tst/README. To run: $ cd parser/tst $ make $ make tests Libapparmor ----------- For details on structure and adding tests, see libraries/libapparmor/README. $ cd libraries/libapparmor $ make check Profile checks -------------- A basic consistency check to ensure that the parser and aa-logprof parse successfully the current set of shipped profiles. The system or other parser and logprof can be passed in by overriding the PARSER and LOGPROF variables. $ cd profiles $ make && make check Stress Tests ------------ To run AppArmor stress tests: $ make all Use these: $ ./change_hat $ ./child $ ./kill.sh $ ./open $ ./s.sh Or run all at once: $ ./stress.sh Please note that the above will stress the system so much it may end up invoking the OOM killer. To run parser stress tests (requires /usr/bin/ruby): $ ./stress.sh (see stress.sh -h for options) ----------------------------------------------- Building and Installing AppArmor Kernel Patches ----------------------------------------------- TODO