mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
Georgia Garcia 9d3f8c6cc0 parser: fix parsing of source as mount point for propagation type flags 
Before 300889c3a, mount rules would compile policy when using source
as mount point for rules that contain propagation type flags, such as
unbindable, runbindable, private, rprivate, slave, rslave, shared, and
rshared. Even though it compiled, the rule generated would not work as
expected.

This commit fixes both issues. It allows the usage of source as mount
point for the specified flags, albeit with a deprecation warning, and
it correctly generates the mount rule.

The policy fails to load when both source and mount point are
specified, keeping the original behavior (reference
parser/tst/simple_tests/mount/bad_opt_10.sd for example).

Fixes: https://bugs.launchpad.net/bugs/1648245
Fixes: https://bugs.launchpad.net/bugs/2023025

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2023-06-07 20:16:50 -03:00
..
libapparmor_re parser: fix chfa quivalence class handling 2023-04-25 05:55:34 -07:00
po translations: update generated pot files 2020-10-14 03:56:38 -07:00
tst parser: fix parsing of source as mount point for propagation type flags 2023-06-07 20:16:50 -03:00
aa-teardown aa-teardown: Replace /bin/bash with /bin/sh 2018-05-05 17:46:19 -07:00
aa-teardown.pod docs: update documentation to point bug reporting to gitlab 2020-05-05 00:10:53 -07:00
af_rule.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
af_rule.h parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
af_unix.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
af_unix.h parser: convert valid_prefix and add_prefix to use const 2023-03-31 02:21:19 -07:00
apparmor.d.pod docs apparmor.d: add missing mount options to man page 2023-04-27 04:05:44 -07:00
apparmor.pod man: apparmor.7 add info about complain mode and kernel parameters 2021-03-15 15:24:43 -07:00
apparmor.service Adjust cache paths in apparmor.service 2018-06-16 23:14:19 +02:00
apparmor.systemd Make the systemd unit a no-op in containers with no internal policy 2022-02-12 10:23:39 +00:00
apparmor_parser.pod parser: fix --jobs so job scaling is applied correctly 2021-02-10 19:06:26 -08:00
apparmor_xattrs.pod apparmor_xattrs.7: fix whatis entry 2020-10-25 11:54:47 +00:00
base_af_names.h Add 'mctp' network domain keyword 2022-02-08 19:09:24 +01:00
base_cap_names.h parser: Add support for CAP_CHECKPOINT_RESTORE 2020-10-13 21:30:19 -07:00
capability.h parser/capability.h: add missing <cstdint> include 2022-05-23 23:13:14 +01:00
common_optarg.c parser: cleanup/fix flagtable display for the warn, dump, and Optimize options 2020-09-01 19:42:38 -07:00
common_optarg.h parser: add the ability to print what flags are set in option flag tables 2020-09-01 19:42:38 -07:00
COPYING.GPL rpmlint complains about an outdated FSF address in parser/COPYING.GPL. 2011-11-27 13:52:06 +01:00
dbus.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
dbus.h parser: convert valid_prefix and add_prefix to use const 2023-03-31 02:21:19 -07:00
default_features.c parser: Move to a pre-generated cap_names.h 2020-07-07 09:43:48 -07:00
file_cache.h Fix comment wording in file_cache.h 2021-05-02 11:29:41 +02:00
frob_slack_rc as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
immunix.h parser: int mode to perms 2023-03-29 10:45:44 -07:00
lib.c Fix comment typo in parser/lib.c 2021-12-05 18:16:53 +01:00
lib.h libapparmor: Use directory file descriptor in _aa_dirat_for_each() 2015-06-15 15:11:51 -05:00
Makefile parser: cleanup Makefile header dependencies 2023-03-29 10:45:44 -07:00
mount.cc parser: fix parsing of source as mount point for propagation type flags 2023-06-07 20:16:50 -03:00
mount.h parser: added nosymfollow mount option 2023-04-27 03:21:26 -07:00
mqueue.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
mqueue.h parser: convert valid_prefix and add_prefix to use const 2023-03-31 02:21:19 -07:00
network.c parser: int mode to perms 2023-03-29 10:45:44 -07:00
network.h parser: int mode to perms 2023-03-29 10:45:44 -07:00
parser.conf treewide: spelling/typo fixes in comments and docs 2020-12-01 12:47:11 -08:00
parser.h parser: convert deny flag from bool to rule_mode 2023-03-31 02:21:11 -07:00
parser_alias.c parser: make alias_ignore a bool 2023-03-31 02:17:28 -07:00
parser_common.c parser: add parser support for message queue mediation 2022-11-22 19:31:15 +00:00
parser_include.c parser: fix definitely and possibly lost memory leaks 2023-03-16 18:03:57 -03:00
parser_include.h parser: add include dedup cache to handle include loops 2021-04-27 20:26:57 -07:00
parser_interface.c parser: Add a set of debug flags that can be passed to the kernel 2022-11-22 19:31:15 +00:00
parser_lex.l Fix order of if conditions to avoid unreachable code 2023-05-29 21:33:54 +02:00
parser_main.c parser: fix definitely and possibly lost memory leaks 2023-03-16 18:03:57 -03:00
parser_merge.c parser: convert deny flag from bool to rule_mode 2023-03-31 02:21:11 -07:00
parser_misc.c parser: convert deny flag from bool to rule_mode 2023-03-31 02:21:11 -07:00
parser_policy.c parser: rename post_process() method and move code around 2023-03-31 02:17:28 -07:00
parser_regex.c Fix use-after-free of 'name' in parser_regex.c 2023-05-29 22:16:09 +02:00
parser_symtab.c treewide: spelling/typo fixes in code strings 2020-12-01 12:47:18 -08:00
parser_variable.c parser: add flags to rule_t 2023-03-31 02:21:19 -07:00
parser_yacc.y parser: cleanup: drop unused add_local_entry and associated vars 2023-03-31 02:21:19 -07:00
policy_cache.c Fix wording of some warnings 2020-10-11 12:22:23 +02:00
policy_cache.h drop unused extern int debug_cache 2021-02-07 16:02:20 +01:00
policydb.h parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
profile-load profile-load: use less ambiguous if/then construct 2022-02-15 07:34:17 +00:00
profile.cc parser: add a method for profiles to do rule merging 2023-03-31 02:21:19 -07:00
profile.h parser: cleanup: drop unused add_local_entry and associated vars 2023-03-31 02:21:19 -07:00
ptrace.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
ptrace.h parser: convert valid_prefix and add_prefix to use const 2023-03-31 02:21:19 -07:00
rc.apparmor.functions rc.apparmor.functions: only use systemd-detect-virt if it's present 2022-07-06 06:41:35 +00:00
rc.apparmor.slackware added missing functions to slackware init script 2019-11-08 13:49:48 +01:00
README README: Move project contact info into the main README 2018-09-13 16:54:09 +00:00
README.devel parser: add some developer documentation 2013-12-10 14:15:02 -08:00
rule.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
rule.h Fix missing uint32_t type declaration in rule.h 2023-05-29 21:24:31 +02:00
signal.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
signal.h parser: convert valid_prefix and add_prefix to use const 2023-03-31 02:21:19 -07:00
techdoc.tex treewide: spelling/typo fixes in comments and docs 2020-12-01 12:47:11 -08:00
unit_test.h Convert codomain to a class 2013-09-27 16:16:37 -07:00
userns.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
userns.h parser: convert valid_prefix and add_prefix to use const 2023-03-31 02:21:19 -07:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team