mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
John Johansen e087db57b2 Allow the 'file' keyword to be optionally used on file rules. 
Add the optional 'file' keyword to the language/grammer.  The main reason
for doing this is to support false token injection.  Which is needed
to move towards the parser being broken out into an api that can be
used to parse individual rule types, separate from parsing the whole file.

Since we are adding the token to the grammar expose it to userspace with
the 'file' keyword.  While not needed it helps bring consistency, as all
the other rule types start with a keyword (capability, network, rlimit, ...).

Also allow the bare keyword to be used to represent allowing all file
operations, just as with network and capability.  Domain transitions are
defaulted to ix.  Thus

  file,

is equivalent to

  /** rwlkmix,

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
2012-02-16 08:06:04 -08:00
..
libapparmor_re Make second minimization pass optional 2012-02-16 07:43:02 -08:00
po Fix list email typo 2011-02-23 15:57:36 -08:00
tst Allow the 'file' keyword to be optionally used on file rules. 2012-02-16 08:06:04 -08:00
apparmor-parser.spec.in Add an example parser.conf file 2011-10-07 14:43:54 -07:00
apparmor.d.pod apparmor.d.pod: 2011-04-01 20:35:14 +02:00
apparmor.pod as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
apparmor.vim.pod as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
apparmor_parser.pod Add an option to allow setting the cache's location. 2012-01-11 17:25:18 +01:00
COPYING.GPL rpmlint complains about an outdated FSF address in parser/COPYING.GPL. 2011-11-27 13:52:06 +01:00
frob_slack_rc as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
immunix.h Update x conflict failure message 2011-02-22 03:47:03 -08:00
Makefile Author: Michael (kensington) 2011-11-10 09:36:52 -08:00
parser.conf Commit the example parser.conf file that was supposed to be part of 2011-10-09 20:15:03 -07:00
parser.h Remove setting of capabilities from the syntax 2012-02-16 08:04:04 -08:00
parser_alias.c as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
parser_common.c Track full permission set through all stages of DFA construction. 2012-02-16 07:41:40 -08:00
parser_include.c This patch adds a couple of additional lineno reporting testcases: 2010-06-25 12:43:48 -07:00
parser_include.h [v2: added clean-ups, backed off on some of the build silencing] 2011-05-13 02:12:49 -07:00
parser_interface.c Remove setting of capabilities from the syntax 2012-02-16 08:04:04 -08:00
parser_lex.l Enable the parser to pass the next token to be returned to the lexer 2012-02-16 07:59:23 -08:00
parser_main.c Make second minimization pass optional 2012-02-16 07:43:02 -08:00
parser_merge.c Fix compilation errors that slipped in. Yes, I realize this breaks the 2011-02-23 14:40:07 -08:00
parser_misc.c Allow the 'file' keyword to be optionally used on file rules. 2012-02-16 08:06:04 -08:00
parser_policy.c Remove setting of capabilities from the syntax 2012-02-16 08:04:04 -08:00
parser_regex.c [v2: added clean-ups, backed off on some of the build silencing] 2011-05-13 02:12:49 -07:00
parser_symtab.c [v2: added clean-ups, backed off on some of the build silencing] 2011-05-13 02:12:49 -07:00
parser_variable.c [v2: added clean-ups, backed off on some of the build silencing] 2011-05-13 02:12:49 -07:00
parser_yacc.y Allow the 'file' keyword to be optionally used on file rules. 2012-02-16 08:06:04 -08:00
rc.aaeventd.redhat as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.aaeventd.suse openSUSE patch to remove the "-f" parameter from startproc in rc.aaeventd.suse / 2011-08-13 14:22:35 +02:00
rc.apparmor.debian as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.functions Author: Michael (kensington) 2011-11-10 09:43:10 -08:00
rc.apparmor.redhat as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.slackware as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
rc.apparmor.suse It looks like rc.apparmor.functions renamed "aa_log_action_begin()" to 2011-09-15 20:20:23 +02:00
README Remove pcre and update tests where necessary 2010-07-31 16:00:52 -07:00
subdomain.conf Here's an update to rename another chunk of things that still used 2011-01-13 13:58:26 -08:00
subdomain.conf.pod as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
techdoc.tex From: Jeff Mahoney <jeffm@suse.com> 2011-02-09 14:29:05 -08:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at
<http://forge.novell.com/modules/xfmod/project/?apparmor>.

Please send all complaints, bug reports, feature requests, rants about the
software, and questions to apparmor-general@forge.novell.com. Security
issues should be directed to security@suse.de or secure@novell.com,
where we will attempt to conform to the RFP vulnerability disclosure
protocol: http://www.wiretrip.net/rfp/policy.html

Thanks.

-- The AppArmor development team