mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity
4,386 Commits 23 Branches 113 Tags
Commit Graph

1126 Commits

Author SHA1 Message Date
Steve Beattie
a64d8142c9 Add a 2 minute (by default, configurable) timeout to each testcase, this 
should prevent runaway apparmor_parser processes.
 2008-11-20 23:22:43 +00:00
Steve Beattie
e1a2c27cfd Update documentation on how many entries the 3rd stress test generates. 2008-11-20 17:38:38 +00:00
John Johansen
de3ed997a7 Add a test for dfa tree optimization. The test is a profile that could 
OOM a machine without dfa tree optimization.
 2008-11-20 17:27:32 +00:00
Steve Beattie
a8fea9babc With jjohansen@suse.de's latest optimisation commits, this test case is 
now feasible once again.
 2008-11-20 17:27:01 +00:00
John Johansen
b017899f12 Fix a bug in tree normalization, where it could get stuck in an infinite loop 
when doing Epsnode move, when cating or alting two epsnodes.
 2008-11-20 16:19:51 +00:00
John Johansen
0491e8d707 Add char node, and char node set merging. This does not have a substantive 
impact on performance but makes tree debugging nicer.
 2008-11-20 13:23:13 +00:00
John Johansen
c0533b390b Reintroduce calling back into tree simplification when any modifications have 
been made but only from the top level.  This allows us to get the
optimizations that were missed, while not causing the massive recursive call
explosion we had before.
 2008-11-20 13:21:23 +00:00
John Johansen
1855fde331 Reduce the use of simplify recursion, repeating the recursion of single 
changes is a waste especially as we get to larger subtrees.

Unfortunately this also means that a fair bit of optimization is lost.
 2008-11-20 13:18:30 +00:00
John Johansen
91eb71e9fa Improve tree normalization 
- reduce the amount it is called, and the amount of recursion it does
- fix a bug that would prevent trees from being fully normalized
 2008-11-19 16:54:26 +00:00
John Johansen
77eb67b5a0 Fix problem where named execute transitions were not being applied, for hats 
and local profiles.  bnc#446574
 2008-11-19 14:00:06 +00:00
Steve Beattie
6cfcb1a823 Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Description: fix compile on build

Patch from Gentoo community:
  - fix up a couple of missing semicolons in syntax (bison compensates
    by emitting it's own)
  - Fix yet another variable tyop in rc.apparmor.functions
  - dump stderr of ls in rc.apparmor.functions to /dev/null
  - add an install-unknown make target
 2008-11-18 17:33:38 +00:00
Steve Beattie
aed481debe Add simple testcase for alias duplicate detection. 2008-11-16 00:49:43 +00:00
Steve Beattie
96e124bf8d Bah, the last commit message was wrong; it added support for mixing 
alias rules and variable declarations within the preamble of a profile.

This commit adds another testcase for alias rules; one in which there is
an overlapping pair of aliases. The parser parses it, but based on -dd
output, I don't believe it's treating it properly.
 2008-11-14 16:46:16 +00:00
Steve Beattie
cc923edf3c - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-14 16:25:44 +00:00
Steve Beattie
6b793b1a8b Add a testcase for the alias handling 2008-11-13 23:48:11 +00:00
Steve Beattie
b07ec7d81b - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-13 23:28:38 +00:00
John Johansen
052c58403d fix init script dependency to use $null on stop 2008-11-07 14:11:34 +00:00
John Johansen
5b97455878 Improve dfa generation. 
Apply tree factoring and simplification techniques to reduce the number of
states used in computing the dfa.  This can have an exponential impact
on both space and time for dfa generation.
 2008-11-07 13:00:05 +00:00
John Johansen
8db35802f9 allow external hats to begin with ^ 2008-11-07 12:54:52 +00:00
John Johansen
6c39288cec fix init script functions so that they don't make use of utilities from 
/usr/bin, which will break /usr if they are on a remote filesystem
 2008-11-07 12:53:37 +00:00
John Johansen
ecf9412623 Update translation files 2008-11-07 12:01:08 +00:00
John Johansen
7d6b94b4c2 fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
John Johansen
6911dfd7d6 Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
John Johansen
42c43bb520 fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:33:57 +00:00
John Johansen
6b6c57887c Reverting previous commit. 2008-11-07 01:31:19 +00:00
John Johansen
1b0dd32cca fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:19:55 +00:00
John Johansen
fe07cb1e6c fix miss spell word transtion bnc383310 2008-09-12 06:52:39 +00:00
John Johansen
c149ae6097 Finish adding support to allow the parser to loaded dumped profiles 
generated using
  apparmor_parser profile -S >binary_profile

can now be loaded using
  apparmor_parser -B binary_profile
 2008-09-10 08:44:53 +00:00
John Johansen
ac88f71c63 Allow the parser to load opensuse 11.0 style hats and newer 2.3 style hats 2008-09-10 08:42:49 +00:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
John Johansen
2781d88abc update help message 2008-06-09 22:15:28 +00:00
John Johansen
58b8a58e86 Patch from zbyniu to allow parser to build on glibc (<2.4) 2008-06-09 21:17:41 +00:00
John Johansen
f670eaf464 output the names only list before post processing the policy 2008-06-09 21:15:17 +00:00
John Johansen
100ff7cabb Update to allow external hats by specifying the hat keyword in front of 
the profile name.
 2008-06-09 12:00:42 +00:00
John Johansen
d8df8830f1 add hat flag and add it automatically for embedded hats 
remove hat rules
 2008-06-09 11:48:13 +00:00
John Johansen
8f13e0d60d - fix rcapparmor stop. Have it dump the loaded profile list to a file before 
removing profiles, as the list is unstable after additions or removals.
- Add the ability to loaded precompiled policy by specifying the -B
  option, which can be combined with --add or --replace
 2008-06-09 10:00:28 +00:00
John Johansen
0c95606e03 let the parser add the change_hat rule 2008-06-08 09:32:12 +00:00
John Johansen
3b11aa9050 Remove hat rules. In large policies the number of hat rules becomes 
problematic, hat rules can be replaced with simple hat flag on a profile.
 2008-06-08 09:02:27 +00:00
John Johansen
b2f4863231 Fix to stop leaking the dfa ruleset. On large policies containing lots of 
hats this will result in a marked improvement on memory usage.
 2008-06-08 08:56:37 +00:00
John Johansen
be495f2125 fix 
- rc.apparmor.functions were not correctly removing profiles on replace and
  reload, also convert to using the module interface directly bypassing the
  parser.
- fix cx ->  named transitions
- fix apparmor_parser -N so that it emits hats as profiles under new kernel
  modules.  This is the correct behavior as hats are promoted to profiles.
 2008-06-04 07:24:38 +00:00
John Johansen
787cb39f81 fix profile unloading, and make it faster by skipping the parser and going 
directly to the unload interface.  This means that the init script will no
longer run on very old versions of AppArmor (pre 2.0)
 2008-05-29 23:10:27 +00:00
John Johansen
934e00a1de commit patch provided by arekm 
- remove bashism from initscript
- fix segfault in apparmor_parser on x86-64
 2008-05-29 18:58:18 +00:00
John Johansen
8c47189e19 update names output so that profile reload works correctly with hats and local profiles 2008-05-29 06:09:34 +00:00
John Johansen
84cd045d53 exclude AF_CAN for now 2008-05-26 10:22:56 +00:00
John Johansen
4dd8db05b8 fix previous patch to allow for white space seperating profile keyword and profile name 2008-05-22 20:11:03 +00:00
John Johansen
44e22c56f9 update translations 2008-05-22 09:26:15 +00:00
John Johansen
c207df96bb allow profile name following profile keyword to be any valid name. NOTE: this breaks namespaces currently 2008-05-22 09:16:46 +00:00
John Johansen
10a2b621f4 fix initscript removal of profiles without attachment specification 2008-04-24 18:34:21 +00:00
John Johansen
3efb4ea353 allow bare x in named transitions 2008-04-18 00:40:40 +00:00
Steve Beattie
c0275d06eb Fix up some dependencies in parser_misc.c's unit test build. 2008-04-16 16:27:23 +00:00