mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils
History
John Johansen 2416faac54 parser: support matching xattr keys but not values 
Support profiles that choose to match the presence of an extended
attribute without validating its value. This lets AppArmor target xattrs
with binary data, such as security.ima and security.evm values. For
example, it's now possible to write a profile such as:

        profile signed_binaries /** xattrs=(security.ima) {
                # ...
        }

Both presence and value matches can be used in the same profile. To
match a signed xattr, target both the xattr and the security.ima value:

        profile python_script /** xattrs=(
                security.evm
                security.apparmor="python"
        ) {
                # ...
        }

Updated to work using out of band matching instead of separate data
array.

Signed-off-by: Eric Chiang <ericchiang@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2019-11-26 21:32:08 -08:00
..
apparmor parser: support matching xattr keys but not values 2019-11-26 21:32:08 -08:00
easyprof Add aa-easyprof and easyprof.py and related pieces from the Ubuntu 2014-02-13 17:53:40 -08:00
po utils: remove conflicting action in Swedish translation 2019-06-13 15:03:06 -07:00
test libapparmor: logparse: fix RECORD_INVALID for valid log 2019-07-02 01:01:37 -07:00
vim Fix capability mispelling. 2019-09-17 10:38:09 +01:00
aa-audit Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-audit.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-autodep Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-autodep.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-cleanprof drop dead code from tools.py 2017-06-26 21:27:06 +02:00
aa-cleanprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-complain Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-complain.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-decode Rewrite aa-decode to use inline Python instead of to-be-deprecated Perl 2019-02-05 00:20:47 +02:00
aa-decode.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-disable Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-disable.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-easyprof Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-easyprof.pod utils: Add option to aa-easyprof to specify the apparmor_parser path 2017-03-02 21:24:05 +00:00
aa-enforce Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-enforce.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-genprof drop unused 'finishing' in do_logprof_pass() 2019-05-17 22:27:57 +02:00
aa-genprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-logprof json support for logprof and genprof 2017-06-15 18:22:43 +02:00
aa-logprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-mergeprof drop superfluous import apparmor.aamode from aa-mergeprof 2019-04-23 21:53:52 +02:00
aa-mergeprof.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-notify fix whitespace and indentation in several files 2019-08-12 23:58:04 +02:00
aa-notify.pod aa-notify man page: update user's configuration file path 2018-10-15 16:44:00 +03:00
aa-remove-unknown Don't print a literal '\n' in aa-remove-unknown help 2017-12-01 00:26:56 +01:00
aa-remove-unknown.pod utils: Add aa-remove-unknown utility to unload unknown profiles 2017-03-24 05:08:01 +00:00
aa-sandbox Switch utils to python3 2016-10-01 20:57:09 +02:00
aa-sandbox.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-status Merge branch 'cboltz-status-parenthesis' into 'master' 2019-09-23 18:55:22 +00:00
aa-status.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
aa-unconfined utils: Require apparmor.aa users to call init_aa() 2017-03-02 21:21:53 +00:00
aa-unconfined.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
check_po.pl Ignore untranslated texts in check_po.pl 2017-11-27 23:47:52 +01:00
logprof.conf add zsh to logprof.conf 2018-09-24 16:51:11 +00:00
logprof.conf.pod all: Use HTTPS links for apparmor.net 2018-09-13 16:41:32 +00:00
Makefile Re-implement aa-notify in Python (Closes: #16) 2019-04-21 18:37:10 +03:00
notify.conf comment out use_group to remove group restrictions 2018-03-18 19:56:29 +01:00
python-tools-setup.py utils: stop rewriting shbang lines in setup script 2017-10-26 00:52:31 -07:00
README.md Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
severity.db Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00

README.md

Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.