mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
John Johansen a29e232831 parser: feature abi: setup parser to intersect policy and kernel features 
The features abi adds the ability to track the policy abi separate
from the kernel. This allow the compiler to determine whether policy
was developed with a certain feature in mind, eg. unix rules.

This allows the compiler to know whether it should tell the kernel to
enforce the feature if the kernel supports the rule but the policy
doesn't use it.

To find if a feature is supported we take the intersection of what is
supported by the policy and what is supported by the kernel.

Policy encoding features like whether to diff_encode policy are not
influenced by policy so these remain kernel only features.

In addition to adding the above intersection of policy rename
--compile-features to --policy-features as better represents what it
represents. --compile-features is left as a hidden item for backwards
compatibility.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/491
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
2020-05-29 00:23:17 -07:00
..
libapparmor_re libapparmor_re: fix resource leaks detected by coverity.com 2020-01-02 18:09:40 -08:00
po Launchpad automatic translations update. 2020-02-24 09:59:44 -08:00
tst parser tests: convert makefile error tests to python script 2020-05-08 15:44:41 -07:00
aa-teardown aa-teardown: Replace /bin/bash with /bin/sh 2018-05-05 17:46:19 -07:00
aa-teardown.pod docs: update documentation to point bug reporting to gitlab 2020-05-05 00:10:53 -07:00
af_rule.cc parser: fix more gcc 5 compilation problems 2015-02-26 14:55:13 -08:00
af_rule.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
af_unix.cc parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
af_unix.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
apparmor.d.pod Docs: man apparmor.d: Document the profile header 2020-05-04 18:59:42 -07:00
apparmor.pod remove subdomainfs support 2018-11-08 18:23:21 -08:00
apparmor.service Adjust cache paths in apparmor.service 2018-06-16 23:14:19 +02:00
apparmor.systemd parser/apparmor.systemd: fix minor issues detected by shellcheck 2018-12-21 19:50:10 +01:00
apparmor_parser.pod parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
apparmor_xattrs.pod parser: add a man page for xattrs 2019-03-14 10:47:54 -07:00
common_optarg.c Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs 2014-04-23 11:10:41 -07:00
common_optarg.h Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs 2014-04-23 11:10:41 -07:00
COPYING.GPL rpmlint complains about an outdated FSF address in parser/COPYING.GPL. 2011-11-27 13:52:06 +01:00
dbus.cc parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
dbus.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
frob_slack_rc as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
immunix.h Rename AA_MAY_XXX permission bits that conflict with new layout 2015-06-06 01:25:49 -07:00
lib.c libapparmor: Use directory file descriptor in _aa_dirat_for_each() 2015-06-15 15:11:51 -05:00
lib.h libapparmor: Use directory file descriptor in _aa_dirat_for_each() 2015-06-15 15:11:51 -05:00
Makefile C Makefiles: make C warning flag usage consistent 2020-05-28 09:24:56 -07:00
mount.cc parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
mount.h Fix remount with bind 2015-09-21 12:20:19 -07:00
network.c Use the gcc cleanup extension attribute to handle closing temp files 2015-03-25 17:09:26 -05:00
network.h Remove unused net_find_af_val function, and network_families array 2015-02-27 16:20:31 +00:00
parser.conf parser: adjust parser.conf example Include statements 2015-03-09 10:43:13 -07:00
parser.h parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
parser_alias.c parser: provide typedefs for comparison_fn_t and __free_fn_t 2018-05-09 13:15:42 -07:00
parser_common.c parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
parser_include.c parser: fix warnings about unused functions 2019-01-24 02:36:42 -08:00
parser_include.h allow directories to be passed to the parser 2013-10-26 00:15:13 -07:00
parser_interface.c parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
parser_lex.l parser: support matching xattr keys but not values 2019-11-26 21:32:08 -08:00
parser_main.c parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
parser_merge.c parser: Stop splitting the namespace from the named transition targets 2016-03-18 17:28:51 -05:00
parser_misc.c parser: make sure xattr cond_entry_list is not leaked 2019-11-26 21:32:08 -08:00
parser_policy.c LSM stacking: add missing permissions for using new kernel interfaces 2020-05-03 01:00:18 -07:00
parser_regex.c parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
parser_symtab.c parser: provide typedefs for comparison_fn_t and __free_fn_t 2018-05-09 13:15:42 -07:00
parser_variable.c parser: fix memory leaks in unit tests 2016-01-25 12:05:50 -08:00
parser_yacc.y parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
policy_cache.c libapparmor: Add support for overlaycache directories 2018-04-14 15:51:23 -07:00
policy_cache.h libapparmor: Add support for overlaycache directories 2018-04-14 15:51:23 -07:00
policydb.h Add the ability to mediate signals. 2014-04-23 11:35:29 -07:00
profile.cc parser: make sure xattr cond_entry_list is not leaked 2019-11-26 21:32:08 -08:00
profile.h parser: make sure xattr cond_entry_list is not leaked 2019-11-26 21:32:08 -08:00
ptrace.cc parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
ptrace.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
rc.apparmor.debian as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.functions Fix and simplify setting SFS_MOUNTPOINT 2019-06-21 19:22:15 +02:00
rc.apparmor.redhat as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.slackware added missing functions to slackware init script 2019-11-08 13:49:48 +01:00
README README: Move project contact info into the main README 2018-09-13 16:54:09 +00:00
README.devel parser: add some developer documentation 2013-12-10 14:15:02 -08:00
rule.cc Move C++ files from .c suffix to .cc suffix 2014-05-09 15:34:34 -07:00
rule.h Add missing rule.[hc] files that should have been part of commit 2449 2014-04-07 11:41:25 -07:00
signal.cc parser: feature abi: setup parser to intersect policy and kernel features 2020-05-29 00:23:17 -07:00
signal.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
techdoc.tex various changes in building techdoc.tex: 2012-05-09 00:41:06 +02:00
unit_test.h Convert codomain to a class 2013-09-27 16:16:37 -07:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team