mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils
History
Steve Beattie 01b7969eee From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor-utils: Inherit flags in sub-profiles when generating profiles
References: bnc#496204

 When creating profiles with cx subprofiles, genprof will set the
 sub-profile in enforce mode. When genprof cycles multiple times, it
 prohibits the sub-profile from working correctly.

 e.g.

 # Last Modified: Mon Jan 24 13:52:26 2011
 #include <tunables/global>

 /home/jeffm/mycat flags=(complain) {
   #include <abstractions/base>
   #include <abstractions/bash>
   #include <abstractions/consoles>

   /bin/bash ix,
   /bin/cat cx,
   /home/jeffm/mycat r,

 profile /bin/cat {
     #include <abstractions/base>

     /bin/cat r,
     /home/jeffm/mycat r,

   }
 }

 This patch allows sub-profiles to inherit the flags from the parent
 profile, which allows it to be created in complain mode (if appropriate).
 The temporary complain flags are cleaned up at genprof completion as
 expected.

 This issue was reported at: https://bugzilla.novell.com/show_bug.cgi?id=496204

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

Bug: https://launchpad.net/bugs/707092
2011-02-15 16:24:33 -08:00
..
po From: Jeff Mahoney <jeffm@suse.com> 2011-02-08 16:19:25 -08:00
aa-decode add aa-decode and manpage 2010-01-12 07:19:20 -06:00
aa-decode.pod add aa-decode and manpage 2010-01-12 07:19:20 -06:00
aa-eventd Fixes (#310454) to support new audit log format and new libapparmor1. 2007-09-14 21:23:08 +00:00
aa-repo.pl clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
apparmor-utils.spec.in merge over update of .spec %changes from r1083 2008-02-19 18:49:35 +00:00
apparmor.vim Zbyniu Krzystolik <zbyniu@pld-linux.org> 2008-06-09 23:30:35 +00:00
apparmor_notify Merge from trunk rev 1485: Fix apparmor_notify memory leak for 2010-09-09 11:28:04 -07:00
apparmor_notify.pod apparmor_notify merges: r1391-r1396,r1401-r1402,r1405,r1407-r1408: 2010-06-21 15:36:21 -07:00
apparmor_status sort on profile names when reporting results from aa-status 2010-01-02 22:18:51 -08:00
apparmor_status.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
audit add missing ; to complain and enforce. copy fix over to audit 2008-04-24 18:24:02 +00:00
audit.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
autodep Refactor/cleanup reading/writing and handling of configuration options 2007-04-25 21:06:52 +00:00
autodep.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
check_po.pl utitlity to look for problems in the po files. 2007-08-15 19:24:49 +00:00
complain add missing ; to complain and enforce. copy fix over to audit 2008-04-24 18:24:02 +00:00
complain.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
Config.pm add missing files from previous set of commits 2008-02-26 12:28:42 +00:00
convert-profile.pl Some further bugfixes 2007-04-10 20:34:11 +00:00
enforce have "enforce" command clear out symlink directories, from Ubuntu 2009-11-11 11:38:26 -08:00
enforce.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
genprof From: Jeff Mahoney <jeffm@suse.com> 2011-02-08 16:19:25 -08:00
genprof.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
logprof Refactor/cleanup reading/writing and handling of configuration options 2007-04-25 21:06:52 +00:00
logprof.conf update more documentation, update Debian start-up script for LSB, flip logprof repo 2009-11-11 10:51:05 -08:00
logprof.conf.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
logprof.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00
Makefile From: Jeff Mahoney <jeffm@suse.com> 2011-02-08 10:35:10 -08:00
notify.conf Merge of trunk rev 1484: change notify.conf to default to enabling 2010-09-09 11:25:36 -07:00
rc.sd-event-dispatch.suse Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
repair_obsolete_profiles Import the rest of the core functionality of the internal apparmor 2006-04-11 21:52:54 +00:00
Reports.pm From: Jeff Mahoney <jeffm@suse.com> 2011-02-08 16:19:25 -08:00
Repository.pm add missing for 2008-06-04 11:36:13 +00:00
severity.db Fixes for BZ 179656, 233768. Add new capabilities rating to sverity.db, 2007-03-12 14:12:40 +00:00
Severity.pm used perltidy to clean up the formatting for the perl scripts in the 2007-03-20 21:58:38 +00:00
SubDomain.pm From: Jeff Mahoney <jeffm@suse.com> 2011-02-15 16:24:33 -08:00
unconfined 'unconfined' can appear to mix up process names eg. (/usr/bin/rsync vs. 2008-11-21 12:31:22 +00:00
unconfined.pod Merge from trunk revision 1582: update the man pages to: 2011-01-13 16:29:20 -06:00