mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
Steve Beattie 2207e0b264 Fix two x transition conflict bugs. 
The is_merged_x_consistend macro was incorrect in that is tested for
USER_EXEC_TYPE to determine if there was an x transition.  This fails
for unconfined execs so an unconfined exec would not correctly conflict
with another exec type.

The dfa match flag table for xtransitions was not large enough and not
indexed properly for pux, and cux transitions.  The index calculation did
not take into account the pux flag so that pux and px aliased to the same
location and cux and cx aliased to the same location.

This would result in the first rule being processed defining what the
transition type was for all following rules of the type following.  So
if a px transition was processed first all pux, transitions in the profile
would be treated pux.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

Add auto generation of xtransition conflict tests

All the combiniation of xtransition conflics where not well represented in
the regression test suite.  Instead of relying on multiple static test
files, automatically generate all possible conflicts.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
2011-01-07 12:46:15 -08:00
..
libapparmor_re Fix two x transition conflict bugs. 2011-01-07 12:46:15 -08:00
pcre Add an 'all' target for the pcre subdir. 2007-03-30 16:30:15 +00:00
po Update translation files 2009-02-07 12:16:03 +00:00
tst Fix two x transition conflict bugs. 2011-01-07 12:46:15 -08:00
apparmor-parser.spec.in clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
apparmor.d.pod add commented, but blank tunables/alias 2010-01-11 14:19:35 -06:00
apparmor.pod update more documentation, update Debian start-up script for LSB, flip logprof repo 2009-11-11 10:51:05 -08:00
apparmor.vim.pod update copyright dates 2007-04-11 08:12:51 +00:00
apparmor_parser.pod Partial merge r1419: add the -p flag to support the output of 2010-07-17 18:39:37 -07:00
COPYING.GPL Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
frob_slack_rc Update keywords attribute, svn:ignore attribute, update Makefile to 2006-04-12 03:09:10 +00:00
immunix.h Fix two x transition conflict bugs. 2011-01-07 12:46:15 -08:00
Makefile Merge from trunk rev 1514: Have the parser makefile honor CFLAGS 2010-10-09 14:19:13 -07:00
parser.h Merge from trunk revs 1495 and 1496: Update how cache validation is 2010-09-15 12:01:21 -07:00
parser_alias.c Allow for a location to alias to multiple locations. Ie. 2010-02-12 13:51:27 -08:00
parser_include.c Merge in r1413 and r1418: report correct filename/line number on errors 2010-06-25 12:58:17 -07:00
parser_include.h Merge in r1413 and r1418: report correct filename/line number on errors 2010-06-25 12:58:17 -07:00
parser_interface.c Much pared down version of trunk commit 1497: fix error checking so that 2010-09-15 09:33:01 -07:00
parser_lex.l Merge from trunk revs 1495 and 1496: Update how cache validation is 2010-09-15 12:01:21 -07:00
parser_main.c When loading without the 2.4 compatibility patch, the parser needs the 2010-09-16 10:13:11 -07:00
parser_merge.c update for ptrace rules 2008-04-09 23:56:31 +00:00
parser_misc.c Add some unit tests for processunquoted() -- sadly it handles octals 2010-03-08 20:38:54 -08:00
parser_policy.c Add 64bit capabilities 2009-08-20 15:27:12 +00:00
parser_regex.c Update aliases so that they apply properly to profile names. 2010-02-12 13:49:58 -08:00
parser_symtab.c * fix a few more memory leaks 2009-07-24 13:24:53 +00:00
parser_variable.c cleanup asprintf return value being ignored warnings 2009-07-24 23:47:46 +00:00
parser_yacc.y Cherry picked elements from trunk commit 1437: fix serious compiler 2010-09-15 10:24:55 -07:00
rc.aaeventd.redhat clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
rc.aaeventd.suse Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
rc.apparmor.debian fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
rc.apparmor.functions include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
rc.apparmor.redhat fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
rc.apparmor.slackware fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
rc.apparmor.suse fix init script dependency to use $null on stop 2008-11-07 14:11:34 +00:00
README Kill some bogus readme text 2007-04-25 20:50:21 +00:00
subdomain.conf Update keywords attribute, svn:ignore attribute, update Makefile to 2006-04-12 03:09:10 +00:00
subdomain.conf.pod update copyright dates 2007-04-11 08:12:51 +00:00
techdoc.tex Move the techdoc to the apparmor-parser package. 2007-04-12 06:01:40 +00:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at
<http://forge.novell.com/modules/xfmod/project/?apparmor>.

Please send all complaints, bug reports, feature requests, rants about the
software, and questions to apparmor-general@forge.novell.com. Security
issues should be directed to security@suse.de or secure@novell.com,
where we will attempt to conform to the RFP vulnerability disclosure
protocol: http://www.wiretrip.net/rfp/policy.html

The parser uses the PCRE (Perl Compatible Regular Expression) engine,
which was written by Philip Hazel and is copyright by the University
of Cambridge, England. For more information on the PCRE engine, see
<ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/>

Thanks.

-- The AppArmor development team