mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser/tst/simple_tests
History
Tyler Hicks 9b2aa90b06 parser: Allow AF_UNSPEC family in network rules 
https://launchpad.net/bugs/1546455

Don't filter out AF_UNSPEC from the list of valid protocol families so
that the parser will accept rules such as 'network unspec,'.

There are certain syscalls, such as socket(2), where the LSM hooks are
called before the protocol family is validated. In these cases, AppArmor
was emitting denials even though socket(2) will eventually fail. There
may be cases where AF_UNSPEC sockets are accepted and we need to make
sure that we're mediating those appropriately.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Suggested-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
[cboltz: Add 'unspec' to the network domain keywords of the utils]
2016-02-18 12:35:35 -06:00
..
bare_include_tests Add DESCRIPTION and EXRESULT to new simple_tests includes 2015-07-11 21:54:31 +02:00
capability Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
change_hat as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
change_profile Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
conditional Fix some parser test syntax errors 2015-07-06 13:25:38 +02:00
dbus Add some simple_tests ("deny dbus name=(SomeService)," and "deny file,") 2016-01-07 23:39:56 +01:00
file parser: Move failing test to TODO 2016-02-11 16:01:13 -06:00
include_tests include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
includes as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
includes-preamble Move preamble inclusions to a different directory since it was breaking 2008-11-25 19:05:40 +00:00
mount Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
network parser: Allow AF_UNSPEC family in network rules 2016-02-18 12:35:35 -06:00
profile split flags_bad.sd 2015-06-08 22:22:07 +02:00
ptrace Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
rewrite Allow for a location to alias to multiple locations. Ie. 2010-02-12 13:51:27 -08:00
rlimits Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
signal Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
unix Add tests for various rules outside of a profile 2015-10-19 21:13:48 +02:00
vars replace some spaces with newline in simple_tests 2015-07-12 00:23:40 +02:00
xtrans Add a parser testcase that triggered the match flags state issue that 2012-12-10 17:10:40 -08:00
readme Add missing files from my last 11 patches as I forgot to do bzr add before 2010-12-20 13:18:36 -08:00

readme 

Directory for auto generated x-transition tests