When answering a pop-up we generate the rule name based on the
properties of the connection.
When sending the rule to the daemon, the daemon verifies that the name
is unique and save it. If it's not, it generates a unique name.
However, if you responded to a pop-up and later modified any property of
the rule without changing the name, if the same connection tried to be
established again, you were prompted to allow/deny it, generating the
same name for the rule.
This could cause some confusion, because when sending the new rule to
the daemon the rule name was regenerated to be unique, but on the GUI
it was not updated, and even more, the old-personalized rule was
replaced with the new one.
When creating rules filtering by UID, there're 3 possible "modes":
- simple: 0, 1000, etc.
- user: root (0), opensnitch (1000)
- regexp: ^(0|1000)$
regexp was not being used correctly.
- Allow to use SSL certificates to secure unix sockets communications.
- Allow to use abstract users sockets for server and nodes.
Go gRPC doesn't seem to understand unix sockets addresses that start
with "unix-abstract:", and python gRPC doesn't seem to understand
"unix:@" addresses.
Therefore, on the server (python gRPC) we use the format "unix:@" to
specify the address where the server will listen on, and rewrite it to
"unix-abstract:" before starting the server.
Note about certs and abstract unix sockets:
When creating the SSL certificates, you'll have to specify the
address of the unix socket as the Common Name of the certificates:
Address: "unix:@my-abstract-socket"
Common Name: @my-abstract-socket
- Send errors to the server (GUI) if there's any error when reloading
the system fw rules (far from being perfect/optimal, needs a
rewrite).
- Don't load the configuration after saving it, let the watcher reload
it on write change to avoid double reload/duplicated errors.
- Allow to receive and display errors when deleting app rules.
- Fixed error displaying notifications on the main window.
- Improvements to receive notifications on the fw dialog.
When selecting a user from the dropdown list, it should set the uid of
the user in the text line. But sometimes, the format "user (uid)" was
set (instead of just "uid").
- Test that the default config is loaded properly.
- Test that changes to the config are saved to disk.
- Test that changes to the config file on disk are reloaded properly.
