mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
John Johansen 1ec39fd437 parser: support multiple mount conditionals in a single rule 
Now that flag processing for mount rules with single option
conditionals are fixed e-enable multiple mount conditionals on a
single mount rule. The mount conditionals are equivalent to specifying
multiple rules.

      mount options=(a,b,c) options=(c,d),
    is the same as
      mount options=(a,b,c),
      mount options=(c,d),

    and
      mount options in (a,b,c) options in (c,d),
      is the same as
        mount options in (a,b,c),
        mount options in (c,d),

    when multiple options= and options in are combined in a single rule
    it is the same as the cross product of the options.

    where
      mount options=(a,b,c) options in (d,e),
    is a single rule.

      mount options=(a,b,c) options=(d,e) options in (f),
    is equivalent to
      mount options=(a,b,c) options in (f),
      mount options=(d,e) options in (f),

    and while it is not recommended that multiple options= and options in
    conditions be used in a single rule.
      mount options=(a,b,c) options=(d,e) options in (f) options in (g),
    is equivalent to
      mount options=(a,b,c) options in (f),
      mount options=(a,b,c) options in (g),
      mount options=(d,e) options in (f),
      mount options=(d,e) options in (g),

Bug Link: https://bugs.launchpad.net/apparmor/+bug/1597017

Signed-off-by: John Johansen <john.johansen@canonical.com>
- rebased to bba1a023bf
- fixed infinite loop in mnt_rule::gen_policy_re
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
2023-03-28 20:05:15 -07:00
..
libapparmor_re parser: Fix invalid reference to transitions when building the chfa 2022-12-09 16:11:26 -08:00
po translations: update generated pot files 2020-10-14 03:56:38 -07:00
tst Add missing comma to tuple 2023-02-19 17:13:15 -05:00
aa-teardown aa-teardown: Replace /bin/bash with /bin/sh 2018-05-05 17:46:19 -07:00
aa-teardown.pod docs: update documentation to point bug reporting to gitlab 2020-05-05 00:10:53 -07:00
af_rule.cc treewide: spelling/typo fixes in comments and docs 2020-12-01 12:47:11 -08:00
af_rule.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
af_unix.cc Fix mode not being printed when debugging AF_UNIX socket rules. 2023-02-02 11:10:04 +13:00
af_unix.h Fix mode not being printed when debugging AF_UNIX socket rules. 2023-02-02 11:10:04 +13:00
apparmor.d.pod parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
apparmor.pod man: apparmor.7 add info about complain mode and kernel parameters 2021-03-15 15:24:43 -07:00
apparmor.service Adjust cache paths in apparmor.service 2018-06-16 23:14:19 +02:00
apparmor.systemd Make the systemd unit a no-op in containers with no internal policy 2022-02-12 10:23:39 +00:00
apparmor_parser.pod parser: fix --jobs so job scaling is applied correctly 2021-02-10 19:06:26 -08:00
apparmor_xattrs.pod apparmor_xattrs.7: fix whatis entry 2020-10-25 11:54:47 +00:00
base_af_names.h Add 'mctp' network domain keyword 2022-02-08 19:09:24 +01:00
base_cap_names.h parser: Add support for CAP_CHECKPOINT_RESTORE 2020-10-13 21:30:19 -07:00
capability.h parser/capability.h: add missing <cstdint> include 2022-05-23 23:13:14 +01:00
common_optarg.c parser: cleanup/fix flagtable display for the warn, dump, and Optimize options 2020-09-01 19:42:38 -07:00
common_optarg.h parser: add the ability to print what flags are set in option flag tables 2020-09-01 19:42:38 -07:00
COPYING.GPL rpmlint complains about an outdated FSF address in parser/COPYING.GPL. 2011-11-27 13:52:06 +01:00
dbus.cc parser: call filter slashes for the dbus path conditional 2020-09-29 04:14:35 -07:00
dbus.h parser: replace duplicate warn_once() with common function 2020-08-09 17:56:31 -04:00
default_features.c parser: Move to a pre-generated cap_names.h 2020-07-07 09:43:48 -07:00
file_cache.h Fix comment wording in file_cache.h 2021-05-02 11:29:41 +02:00
frob_slack_rc as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
immunix.h parser: convert commented out fprintf() in immunix.h to PDEBUG() 2020-09-05 09:38:53 -04:00
lib.c Fix comment typo in parser/lib.c 2021-12-05 18:16:53 +01:00
lib.h libapparmor: Use directory file descriptor in _aa_dirat_for_each() 2015-06-15 15:11:51 -05:00
Makefile parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
mount.cc parser: support multiple mount conditionals in a single rule 2023-03-28 20:05:15 -07:00
mount.h parser: support multiple mount conditionals in a single rule 2023-03-28 20:05:15 -07:00
mqueue.cc parser: send key as integer on the dfa of sysv mqueue 2023-01-11 21:58:03 +00:00
mqueue.h parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
network.c Use the gcc cleanup extension attribute to handle closing temp files 2015-03-25 17:09:26 -05:00
network.h parser: add support for kernel 4.17 v8 networking 2020-09-29 03:33:55 -07:00
parser.conf treewide: spelling/typo fixes in comments and docs 2020-12-01 12:47:11 -08:00
parser.h parser: support multiple mount conditionals in a single rule 2023-03-28 20:05:15 -07:00
parser_alias.c parser: provide typedefs for comparison_fn_t and __free_fn_t 2018-05-09 13:15:42 -07:00
parser_common.c parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
parser_include.c parser: add include dedup cache to handle include loops 2021-04-27 20:26:57 -07:00
parser_include.h parser: add include dedup cache to handle include loops 2021-04-27 20:26:57 -07:00
parser_interface.c parser: Add a set of debug flags that can be passed to the kernel 2022-11-22 19:31:15 +00:00
parser_lex.l parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
parser_main.c parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
parser_merge.c parser: Stop splitting the namespace from the named transition targets 2016-03-18 17:28:51 -05:00
parser_misc.c parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
parser_policy.c parser: Add a set of debug flags that can be passed to the kernel 2022-11-22 19:31:15 +00:00
parser_regex.c parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
parser_symtab.c treewide: spelling/typo fixes in code strings 2020-12-01 12:47:18 -08:00
parser_variable.c parser: fix memory leaks in unit tests 2016-01-25 12:05:50 -08:00
parser_yacc.y parser: Add a set of debug flags that can be passed to the kernel 2022-11-22 19:31:15 +00:00
policy_cache.c Fix wording of some warnings 2020-10-11 12:22:23 +02:00
policy_cache.h drop unused extern int debug_cache 2021-02-07 16:02:20 +01:00
policydb.h parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
profile-load profile-load: use less ambiguous if/then construct 2022-02-15 07:34:17 +00:00
profile.cc parser: support enforce, kill and unconfined profile modes 2020-06-10 05:35:37 -07:00
profile.h parser: Add a set of debug flags that can be passed to the kernel 2022-11-22 19:31:15 +00:00
ptrace.cc parser: replace duplicate warn_once() with common function 2020-08-09 17:56:31 -04:00
ptrace.h parser: replace duplicate warn_once() with common function 2020-08-09 17:56:31 -04:00
rc.apparmor.functions rc.apparmor.functions: only use systemd-detect-virt if it's present 2022-07-06 06:41:35 +00:00
rc.apparmor.slackware added missing functions to slackware init script 2019-11-08 13:49:48 +01:00
README README: Move project contact info into the main README 2018-09-13 16:54:09 +00:00
README.devel parser: add some developer documentation 2013-12-10 14:15:02 -08:00
rule.cc parser: replace duplicate warn_once() with common function 2020-08-09 17:56:31 -04:00
rule.h parser: replace duplicate warn_once() with common function 2020-08-09 17:56:31 -04:00
signal.cc treewide: spelling/typo fixes in comments and docs 2020-12-01 12:47:11 -08:00
signal.h parser: replace duplicate warn_once() with common function 2020-08-09 17:56:31 -04:00
techdoc.tex treewide: spelling/typo fixes in comments and docs 2020-12-01 12:47:11 -08:00
unit_test.h Convert codomain to a class 2013-09-27 16:16:37 -07:00
userns.cc parser: add support for user namespace creation 2022-10-27 17:54:42 +00:00
userns.h parser: add support for user namespace creation 2022-10-27 17:54:42 +00:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team