mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
John Johansen a91c1e4329 parser: ignore feature abi rules 
AppArmor 3.0 requires policy to use a feature abi rule for access to
new features. However some policy may start using abi rules even if
they don't have rules that require new features.  This is especially
true for out of tree policy being shipped in other packages.

Add enough support to older releases that the parser will ignore the
abi rule and warn that it is falling back to the apparmor 2.x
technique of using the system abi.

If the profile contains rules that the older parser does not
understand it will fail policy compilation at the unknown rule instead
of the abi rule.

PR: https://gitlab.com/apparmor/apparmor/merge_requests/196
(backported form commit 83df7c4747)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2018-10-21 19:40:26 -07:00
..
libapparmor_re parser: Fix delete after new[] -- patch from Oleg Strikov <oleg.strikov@gmail.com> 2017-03-21 12:09:59 -07:00
po translations: fix up msgfmt warnings 2016-05-24 13:08:06 -07:00
tst parser: ignore feature abi rules 2018-10-21 19:40:26 -07:00
af_rule.cc parser: fix more gcc 5 compilation problems 2015-02-26 14:55:13 -08:00
af_rule.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
af_unix.cc Fix af_unix downgrade of network rules 2017-10-18 14:31:16 -07:00
af_unix.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
apparmor.d.pod all: Use HTTPS links for apparmor.net 2018-09-13 11:52:11 -07:00
apparmor.pod all: Use HTTPS links for apparmor.net 2018-09-13 11:52:11 -07:00
apparmor_parser.pod all: Use HTTPS links for apparmor.net 2018-09-13 11:52:11 -07:00
common_optarg.c Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs 2014-04-23 11:10:41 -07:00
common_optarg.h Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs 2014-04-23 11:10:41 -07:00
COPYING.GPL rpmlint complains about an outdated FSF address in parser/COPYING.GPL. 2011-11-27 13:52:06 +01:00
dbus.cc parser/dbus.cc: fix "accesss" typo. 2015-05-01 10:25:57 +02:00
dbus.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
frob_slack_rc as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
immunix.h Rename AA_MAY_XXX permission bits that conflict with new layout 2015-06-06 01:25:49 -07:00
lib.c libapparmor: Use directory file descriptor in _aa_dirat_for_each() 2015-06-15 15:11:51 -05:00
lib.h libapparmor: Use directory file descriptor in _aa_dirat_for_each() 2015-06-15 15:11:51 -05:00
Makefile Merge branch 'fix-bison' into 'master' 2018-10-05 19:04:07 +00:00
mount.cc And the related patch to fix globbing for af_unix abstract names 2015-02-12 10:19:16 -08:00
mount.h Fix remount with bind 2015-09-21 12:20:19 -07:00
network.c Use the gcc cleanup extension attribute to handle closing temp files 2015-03-25 17:09:26 -05:00
network.h Remove unused net_find_af_val function, and network_families array 2015-02-27 16:20:31 +00:00
parser.conf parser: adjust parser.conf example Include statements 2015-03-09 10:43:13 -07:00
parser.h parser: Check kernel stacking support when handling stacked transitions 2016-03-18 17:28:51 -05:00
parser_alias.c C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
parser_common.c parser: Check kernel stacking support when handling stacked transitions 2016-03-18 17:28:51 -05:00
parser_include.c Use the gcc cleanup extension attribute to handle closing temp files 2015-03-25 17:09:26 -05:00
parser_include.h allow directories to be passed to the parser 2013-10-26 00:15:13 -07:00
parser_interface.c libapparmor: Move the aa_kernel_interface API 2015-03-25 17:09:27 -05:00
parser_lex.l parser: ignore feature abi rules 2018-10-21 19:40:26 -07:00
parser_main.c parser: do not output cache warning for stdin if not using cache 2018-10-11 22:17:25 -07:00
parser_merge.c parser: Stop splitting the namespace from the named transition targets 2016-03-18 17:28:51 -05:00
parser_misc.c parser: ignore feature abi rules 2018-10-21 19:40:26 -07:00
parser_policy.c parser: Stop splitting the namespace from the named transition targets 2016-03-18 17:28:51 -05:00
parser_regex.c parser: Allow change_profile rules to accept an exec mode modifier 2016-05-31 15:32:08 -05:00
parser_symtab.c C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
parser_variable.c parser: fix memory leaks in unit tests 2016-01-25 12:05:50 -08:00
parser_yacc.y parser: ignore feature abi rules 2018-10-21 19:40:26 -07:00
policy_cache.c parser: fix parser so that cache creation failure doesn't cause load failure 2018-01-05 01:26:48 -08:00
policy_cache.h Set cache file tstamp to the mtime of most recent policy file tstamp 2015-06-06 01:22:53 -07:00
policydb.h Add the ability to mediate signals. 2014-04-23 11:35:29 -07:00
profile.cc parser: first step implementing fine grained mediation for unix domain sockets 2014-09-03 13:22:26 -07:00
profile.h Fix: parser: incorrect output of child profile names 2016-04-18 13:26:53 -07:00
ptrace.cc And the related patch to fix globbing for af_unix abstract names 2015-02-12 10:19:16 -08:00
ptrace.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
rc.apparmor.debian as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.functions parser: Preserve unknown profiles when restarting apparmor init/job/unit 2017-03-24 05:06:07 +00:00
rc.apparmor.redhat as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.slackware as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.suse Fix aa_log_end_msg() in rc.apparmor.suse 2015-07-24 00:06:57 +02:00
README README: Move project contact info into the main README 2018-09-13 11:52:11 -07:00
README.devel parser: add some developer documentation 2013-12-10 14:15:02 -08:00
rule.cc Move C++ files from .c suffix to .cc suffix 2014-05-09 15:34:34 -07:00
rule.h Add missing rule.[hc] files that should have been part of commit 2449 2014-04-07 11:41:25 -07:00
signal.cc And the related patch to fix globbing for af_unix abstract names 2015-02-12 10:19:16 -08:00
signal.h C tools: rename __unused macro to unused 2014-10-02 12:58:54 -07:00
subdomain.conf Here's an update to rename another chunk of things that still used 2011-01-13 13:58:26 -08:00
subdomain.conf.pod all: Use HTTPS links for apparmor.net 2018-09-13 11:52:11 -07:00
techdoc.tex various changes in building techdoc.tex: 2012-05-09 00:41:06 +02:00
unit_test.h Convert codomain to a class 2013-09-27 16:16:37 -07:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team