mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-09 02:41:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser/tst/simple_tests
History
John Johansen 40e193e623 Fix: make sure overlapping safe and unsafe exec rules conflict 
BugLink: https://launchpad.net/bugs/1588069

Currently

  change_profile /** -> A,
  change_profile unsafe /** -> A,

do not conflict because the safe rules only set the change_profile
permission where the unsafe set unsafe exec. To fix this we have the
safe version set exec bits as well with out setting unsafe exec.
This allows the exec conflict logic to detect any conflicts.

This is safe to do even for older kernels as the exec bits off of the
2nd term encoding in the change_onexec rules are unused.

Test files
  tst/simple_tests/change_profile/onx_no_conflict_safe1.sd
  tst/simple_tests/change_profile/onx_no_conflict_safe2.sd
by Christian Boltz <apparmor@cboltz.de>

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
2016-06-02 22:24:22 -07:00
..
bare_include_tests Add DESCRIPTION and EXRESULT to new simple_tests includes 2015-07-11 21:54:31 +02:00
capability Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
change_hat as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
change_profile Fix: make sure overlapping safe and unsafe exec rules conflict 2016-06-02 22:24:22 -07:00
conditional Fix some parser test syntax errors 2015-07-06 13:25:38 +02:00
dbus Add some simple_tests ("deny dbus name=(SomeService)," and "deny file,") 2016-01-07 23:39:56 +01:00
file parser: Support stacking in exec and change_profile rules 2016-03-18 17:28:51 -05:00
include_tests include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
includes as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
includes-preamble Move preamble inclusions to a different directory since it was breaking 2008-11-25 19:05:40 +00:00
mount Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
network parser: Allow AF_UNSPEC family in network rules 2016-02-18 12:35:35 -06:00
profile parser: Allow the profile keyword to be used with namespaces 2016-02-18 15:58:06 -06:00
ptrace Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
rewrite Allow for a location to alias to multiple locations. Ie. 2010-02-12 13:51:27 -08:00
rlimits Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
signal Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
unix Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
vars replace some spaces with newline in simple_tests 2015-07-12 00:23:40 +02:00
xtrans Add a parser testcase that triggered the match flags state issue that 2012-12-10 17:10:40 -08:00
readme Add missing files from my last 11 patches as I forgot to do bzr add before 2010-12-20 13:18:36 -08:00

readme 

Directory for auto generated x-transition tests