mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
a67d9be5a2
table
This patch adds the creation of an implicit set variable
@{profile_name} for use within policy. It expands to:
- a given profile name if specified; e.g. for
'profile flappy_bird /some/pattern/match* { [...] }'
@{profile_name} would expand to 'flappy_bird'
- if no given name, the match pattern; e.g. for
'/usr/bin/doge_bird { [...] }'
@{profile_name} would expand to '/usr/bin/doge_bird'
- hats and child profiles will include the fully qualified name; e.g.
the 'doge' hat in the /usr/bin/flappy_bird profile would cause
@{profile_name} to expand to '/usr/bin/flappy_bird//doge' within the
'doge' hat, and '/usr/bin/flappy_bird' outside of it in the profile.
There are some parsing tests added, but more tests are needed to verify
that expansion occurs properly (I've verified manually using parser
dumps of the added tests, but automated checks are needed).
The @{profile_name} variable is expected to be most useful in the
context of signal and ptrace rules (e.g. for specifying that an app
can send itself signals).
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
||
|---|---|---|
| .. | ||
| libapparmor_re | ||
| po | ||
| tst | ||
| apparmor-parser.spec.in | ||
| apparmor.d.pod | ||
| apparmor.pod | ||
| apparmor_parser.pod | ||
| common_optarg.c | ||
| common_optarg.h | ||
| COPYING.GPL | ||
| dbus.c | ||
| dbus.h | ||
| frob_slack_rc | ||
| immunix.h | ||
| lib.c | ||
| lib.h | ||
| Makefile | ||
| mount.c | ||
| mount.h | ||
| parser.conf | ||
| parser.h | ||
| parser_alias.c | ||
| parser_common.c | ||
| parser_include.c | ||
| parser_include.h | ||
| parser_interface.c | ||
| parser_lex.l | ||
| parser_main.c | ||
| parser_merge.c | ||
| parser_misc.c | ||
| parser_policy.c | ||
| parser_regex.c | ||
| parser_symtab.c | ||
| parser_variable.c | ||
| parser_yacc.y | ||
| policydb.h | ||
| profile.cc | ||
| profile.h | ||
| ptrace.c | ||
| ptrace.h | ||
| rc.aaeventd.redhat | ||
| rc.aaeventd.suse | ||
| rc.apparmor.debian | ||
| rc.apparmor.functions | ||
| rc.apparmor.redhat | ||
| rc.apparmor.slackware | ||
| rc.apparmor.suse | ||
| README | ||
| README.devel | ||
| rule.c | ||
| rule.h | ||
| signal.c | ||
| signal.h | ||
| subdomain.conf | ||
| subdomain.conf.pod | ||
| techdoc.tex | ||
| unit_test.h | ||
The apparmor_parser allows you to add, replace, and remove AppArmor policy through the use of command line options. The default is to add. `apparmor_parser --help` shows what the command line options are. You can also find more information at http://wiki.apparmor.net Please send all complaints, feature requests, rants about the software, and questions to the apparmor@lists.ubuntu.com mailing list. Bug reports can be filed against the AppArmor project on launchpad.net at https://launchpad.net/apparmor or reported to the mailing list directly for those who wish not to register for an account on launchpad. Security issues can be filed as security bugs on launchpad or directed to security@ubuntu.com. We will attempt to conform to the RFP vulnerability disclosure protocol: http://www.wiretrip.net/rfp/policy.html Thanks. -- The AppArmor development team