mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/test
History
Exact
John Johansen 51d33c1a23 parser: fix rule flag generation change_mount type rules 
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1048
made it so rules like

  mount slave /snap/bin/** -> /**,

  mount /snap/bin/** -> /**,

would get passed into change_mount_type rule generation when they
shouldn't have been. This would result in two different errors.

1. If kernel mount flags were present on the rule. The error would
   be caught causing an error to be returned, causing profile compilation
   to fail.

2. If the rule did not contain explicit flags then rule would generate
   change_mount_type permissions based on souly the mount point. And
   the implied set of flags. However this is incorrect as it should
   not generate change_mount permissions for this type of rule. Not
   only does it ignore the source/device type condition but it
   generates permissions that were never intended.

   When used in combination with a deny prefix this overly broad
   rule can result in almost all mount rules being denied, as the
   denial takes priority over the allow mount rules.

Fixes: https://bugs.launchpad.net/apparmor/+bug/2023814
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1211989
Fixes: 9d3f8c6cc ("parser: fix parsing of source as mount point for propagation type flags")
Fixes: MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1048

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 86d193e183)
Signed-off-by: John Johansen <john.johansen@canonical.com>
2023-06-21 01:31:31 -07:00
..
cleanprof_test.in Add basic support for abi rules to the tools 2018-10-03 16:32:45 +02:00
cleanprof_test.out Add basic support for abi rules to the tools 2018-10-03 16:32:45 +02:00
common_test.py utils: Require apparmor.aa users to call init_aa() 2017-03-02 21:21:53 +00:00
easyprof.conf This patchset is broken into 4 parts: 2012-05-07 22:37:48 -07:00
fake_ldd usr merge fixups 2019-02-13 09:22:58 -08:00
logprof.conf utils: Update the logprof.conf in the test dir to point to in-tree paths 2017-03-02 21:21:21 +00:00
Makefile reviewed edits 2022-08-22 22:21:11 +02:00
minitools_test.py change_profile_flags: use ', ' as flags delimiter 2018-09-02 17:04:49 +02:00
runtests-py2.sh utils/tests: fix bashisms in runtests-py2.sh 2014-09-03 13:00:33 -07:00
runtests-py3.sh fix utils/test/runtests-py*.sh exitcode 2014-10-03 11:48:21 +02:00
severity.db Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00
severity_broken.db Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00
test-aa-decode.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-aa-easyprof.py Replace deprecated assertEquals with assertEqual 2020-03-17 13:25:02 -07:00
test-aa.py fix setting apparmor.aa.profile_dir in some tests 2020-06-17 13:16:36 +02:00
test-aamode.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-aare.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-baserule.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-capability.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-change_profile.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-common.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-config.py utils: Update the logprof.conf in the test dir to point to in-tree paths 2017-03-02 21:21:21 +00:00
test-dbus.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-example.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-file.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-libapparmor-test_multi.py libapparmor: logparse: fix RECORD_INVALID for valid log 2019-07-02 01:21:59 -07:00
test-logparser.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-mount_parse.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-network.py Revert "utils/test-network.py: fix failing testcase" 2020-03-31 20:55:27 +02:00
test-parser-simple-tests.py parser: fix rule flag generation change_mount type rules 2023-06-21 01:31:31 -07:00
test-pivot_root_parse.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-profile-list.py add ProfileList class to store list of profiles 2018-11-11 18:33:56 +01:00
test-profile-storage.py extend add_or_remove_flag() to handle str for old flags 2018-09-02 17:04:29 +02:00
test-ptrace.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-regex_matches.py Fix strip_quotes() to handle empty strings 2020-05-26 00:44:30 -07:00
test-rlimit.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-severity.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-signal.py make utils tests less verbose 2018-04-08 20:18:30 +02:00
test-translations.py Check hotkey conflicts case-insensitive 2020-11-01 22:39:49 +01:00
test-unix_parse.py make utils tests less verbose 2018-04-08 20:18:30 +02:00