mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils
History
Christian Boltz c9a1a02c83 [41/38] let aa-mergeprof ask about new hats and subprofiles 
If a merged profile contains additional hats or subprofiles, the "old"
aa-mergeprof silently created them as additional hasher elements (partly
buggy, because subprofiles would end up as '^/subprofile' instead of
'profile /subprofile'). After switching to FileRule, aa-mergeprof crashes
on new hats or subprofiles.

This patch adds code to ask the user if the new hat or subprofile should
be added - which means this patch replaces two bugs (crash + silently
adding subprofiles and hats) with a new feature ;-)


The new questions also add a new text CMD_ADDSUBPROFILE in ui.py.

Finally, the new "button" combinations get added to test-translations.py.



If you want to test, try to aa-mergeprof this profile (the subprofile
and hat are dummies, nothing ping would really require):


#include <tunables/global>
/{usr/,}bin/ping {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>

  capability net_raw,
  capability setuid,
  network inet raw,
  network inet6 raw,

  /{,usr/}bin/ping mixr,
  /etc/modules.conf r,

  ^hat {
    /bin/hat r,
    /bin/bash px,
  }

  profile /subprofile {
    /bin/subprofile r,
    /bin/bash px,
 }

  # Site-specific additions and overrides. See local/README for details.
  #include <local/bin.ping>
}



Note that this patch is not covered by unittests, but it passed all my
manual tests.



Acked-by: Steve Beattie <steve@nxnw.org>

Bug: https://launchpad.net/bugs/1507469
2016-10-01 20:21:06 +02:00
..
apparmor [41/38] let aa-mergeprof ask about new hats and subprofiles 2016-10-01 20:21:06 +02:00
easyprof Add aa-easyprof and easyprof.py and related pieces from the Ubuntu 2014-02-13 17:53:40 -08:00
po translations: fix up msgfmt warnings 2016-05-24 13:08:06 -07:00
test [41/38] let aa-mergeprof ask about new hats and subprofiles 2016-10-01 20:21:06 +02:00
vim Update change_profile highlighting in apparmor.vim 2016-05-27 20:05:21 +02:00
aa-audit Improve exception handling 2015-07-06 22:02:34 +02:00
aa-audit.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-autodep Add --no-reload option to aa-autodep 2015-07-14 01:45:42 +02:00
aa-autodep.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-cleanprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-cleanprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-complain Improve exception handling 2015-07-06 22:02:34 +02:00
aa-complain.pod Add a note about still enforcing deny rules to aa-complain manpage 2016-06-05 23:43:29 +02:00
aa-decode speed up aa-decode by using a bash regex matching instead of calling egrep for each line. 2013-01-01 20:15:04 +01:00
aa-decode.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-disable Improve exception handling 2015-07-06 22:02:34 +02:00
aa-disable.pod utils: remove aa-enforce '--remove' option 2014-03-03 14:59:47 -08:00
aa-easyprof utils: Use apparmor.fail for AppArmorException handling in aa-easyprof 2015-12-16 16:12:43 -06:00
aa-easyprof.pod utils/aa-easyprof.pod: corrections for --show-templates and 2015-03-27 16:33:35 -05:00
aa-enforce Improve exception handling 2015-07-06 22:02:34 +02:00
aa-enforce.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-genprof Get rid of global variable 'logger' 2015-10-20 22:03:58 +02:00
aa-genprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-logprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-logprof.pod utils/aa-logprof.pod: fix typo in manpage 2015-08-25 14:53:55 -07:00
aa-mergeprof [41/38] let aa-mergeprof ask about new hats and subprofiles 2016-10-01 20:21:06 +02:00
aa-mergeprof.pod update the aa-mergeprof manpage to match the new commandline syntax 2014-10-16 20:26:45 +02:00
aa-notify aa-notify: also display notifications for complain mode events 2015-04-29 01:03:17 +02:00
aa-notify.pod add missing --display to aa-notify.pod 2014-09-08 20:40:33 +02:00
aa-sandbox Improve exception handling 2015-07-06 22:02:34 +02:00
aa-sandbox.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-status Add a JSON output option to aa-status 2016-03-24 10:59:45 -04:00
aa-status.pod Add a JSON output option to aa-status 2016-03-24 10:59:45 -04:00
aa-unconfined Improve exception handling 2015-07-06 22:02:34 +02:00
aa-unconfined.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
check_po.pl utitlity to look for problems in the po files. 2007-08-15 19:24:49 +00:00
logprof.conf Also add python 3.5 to logprof.conf 2015-11-19 20:22:40 +01:00
logprof.conf.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
Makefile binutils: Replace Perl aa-exec with C aa-exec 2015-12-17 19:19:23 -06:00
notify.conf Here is a patch to standardize on all utils using the "aa-" prefix instead 2010-11-03 17:03:52 -07:00
python-tools-setup.py utils: fix python install for rule/ subdirectory 2015-01-13 13:03:11 -08:00
README.md Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
severity.db Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00

README.md

Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.