mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity
1,529 Commits 23 Branches 113 Tags
3e8a61d6263bb38babf23ee72c97a5582713c110
Commit Graph

1529 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Johansen
636ee4a11a Update option parsing for help to add in Short flag form and Optimize 
help.
 2010-01-08 14:04:56 -08:00
John Johansen
fe08d62e91 Abort if bad option is passed to optimize option parsing 2010-01-08 12:48:10 -08:00
John Johansen
d87145ad23 Update trans table reporting to include some statistics 2010-01-08 05:29:25 -08:00
John Johansen
dce395e7ad Add basic controls for dfa optimization 2010-01-08 04:30:56 -08:00
John Johansen
926b0c72e8 Update the output of transtable creation 2010-01-08 03:18:59 -08:00
John Johansen
4f044e753c Add basic dfa stats and debug dumps for 
equivelence classes
expr tree (add stats, update parser switch)
dfa
transition table
 2010-01-08 02:17:45 -08:00
John Johansen
b69c5e9972 Fix -S so that it implies there is no kernel_load 2010-01-07 18:31:44 -08:00
John Johansen
fc597b736b Update what is considered an unprivileged op, so that only actual loading 
and writing of cache trigger the privilege messages
 2010-01-07 18:20:19 -08:00
John Johansen
56a9fded36 Update parser to allow for multiple debugs dump options 2010-01-07 18:09:37 -08:00
John Johansen
17a67d7227 Update parser to allow for multiple debug dump options via -D or --dump. 
This will allow turning on and off various debug dumps as needed.
Multiple dump options can be specified as needed by using multiple
options.
  eg. apparmor_parser -D variables
      apparmor_parser -D dfa-tree -D dfa-simple-tree


The help option has also been updated to take an optional argument
to display help about give parameters, currently only dump is supported.

  eg.  apparmor_parser -h       # standard help
       apparmor_parser -h=dump  # dump info about --dump options

Also Enable the dfa expression tree dumps
 2010-01-07 16:21:02 -08:00
Steve Beattie
09ced81ee5 Add debugging reporting for the other capability entry types (audit, 
deny).
 2010-01-07 15:48:14 -08:00
Steve Beattie
8304b7db87 * disable reading cache files when debugging 
* rearrange action ordering so that the symbol table can be dumped
  before and after exapansion
* formatting rearrangement.
 2010-01-07 14:44:42 -08:00
Steve Beattie
2f9259a215 Add debugging dump for Set Capabilities. 2010-01-07 14:17:07 -08:00
Steve Beattie
fd07a7b17a Remove obsolete data structure. 2010-01-07 14:15:36 -08:00
Kees Cook
369a280f64 Document the --skip-kernel-load parameter 2010-01-07 10:03:49 -08:00
Kees Cook
8d760811b8 do not load cache when using -S option 2010-01-06 09:04:04 -08:00
Kees Cook
8b54df93dd make note of the trailing slash requirement in the home.d/site.local example 2010-01-05 15:43:32 -08:00
Jamie Strandboge
2d8246668c fix typo in profiles/apparmor.d/tunables/home.d/site.local 2010-01-05 16:16:16 -06:00
Jamie Strandboge
ebedab89e5 add local site configuration for HOMEDIRS tunable 
- add commented profiles/apparmor.d/tunables/home.d/site.local
- profiles/apparmor.d/tunables/home: include tunables/home.d
- profiles/Makefile: adjust for home.d sub-directory and install
  site.local
 2010-01-05 15:58:43 -06:00
Kees Cook
a0e8bf9661 update php5 abstraction, add more details to apache hat documentation, include a common apache2 abstraction for use with hats 2010-01-03 13:16:38 -08:00
Kees Cook
938385db40 sort on profile names when reporting results from aa-status 2010-01-02 22:18:51 -08:00
Jamie Strandboge
45dc9d4d08 add /opt/google/chrome/google-chrome to ubuntu-browsers (TODO: abstract 
out to third-party-browsers)
 2009-12-04 11:37:10 -06:00
Kees Cook
b2952da4bd use ctime for profiles, to detect newly installed profiles 2009-11-11 15:08:09 -08:00
Kees Cook
d6a2f8258f remove profile complain flags -- it is up to a distribution to decide how to use a profile 2009-11-11 11:55:29 -08:00
Kees Cook
92b9063527 update KDE abstraction, from Ubuntu 2009-11-11 11:45:49 -08:00
Kees Cook
40e8c9f6e6 merge profiles from Ubuntu, including change_hat apache2 template 2009-11-11 11:42:30 -08:00
Kees Cook
3c43ce869c have "enforce" command clear out symlink directories, from Ubuntu 2009-11-11 11:38:26 -08:00
Kees Cook
190329745d handle new null profile logs, handle new include directories. from ubuntu branch 2009-11-11 11:37:30 -08:00
Kees Cook
b4c355e17e actually add caching tests 2009-11-11 11:07:50 -08:00
Kees Cook
4173f0a558 deal with socket types to ignore, handle backward compat for earlier AF_MAX value 2009-11-11 10:58:57 -08:00
Kees Cook
0d2518551f provide kernel version caching, along with ability to test caching subsystem 2009-11-11 10:56:04 -08:00
Kees Cook
6fa3406b0e update more documentation, update Debian start-up script for LSB, flip logprof repo 2009-11-11 10:51:05 -08:00
Kees Cook
da6c9246f5 clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
Jamie Strandboge
84565d5407 abstractions/gnome: add /etc/gnome/defaults.list 2009-11-10 14:04:26 -06:00
Jamie Strandboge
b0ae3243d5 use bits/socket.h rather than linux/socket.h, fixing FTBFS with newer 
kernels (ie >= 2.6.32)
 2009-11-04 17:40:20 -06:00
Jamie Strandboge
6e42e18191 have dnsmasq in enforce mode 2009-11-04 14:30:43 -06:00
Jamie Strandboge
694c9916b9 pull in Ubuntu updates to profiles/apparmor.d 2009-11-04 14:25:42 -06:00
Steve Beattie
4265cecdfa From: Marc Deslauriers <marc.deslauriers@ubuntu.com> 
Acked-By: Steve Beattie <steve@ubuntu.com>
Ref: https://bugs.launchpad.net/bugs/431929

Parse log entries containing an ouid.

(I added a testcase to Marc's fix.)
 2009-09-18 21:13:04 +00:00
Kees Cook
317a3a0ad2 load test profiles from commandline instead of stdin 2009-08-25 00:26:57 +00:00
John Johansen
0018491c1e Add basic changeprofile re test and enable changeprofile tests by default 2009-08-21 20:39:45 +00:00
John Johansen
aced280818 Make cache warning respect the quiet flag 2009-08-20 23:48:32 +00:00
John Johansen
0320e0e849 Update changeprofile tests 
Have the parser skip the caches
 2009-08-20 23:46:48 +00:00
John Johansen
e43065cfe0 Add user side support for pux exec mode 2009-08-20 15:41:10 +00:00
John Johansen
6998f6fc3d Add 64bit capabilities 2009-08-20 15:27:12 +00:00
John Johansen
747d7da402 Revert broken 64bit capabilities patch 2009-08-20 15:26:12 +00:00
John Johansen
c80b2c9766 Fix library resolution when linux-vdso.so.1 is used instead of 
linux-vdso32.so.1 or linux-vdso64.so.1
 2009-08-20 12:33:29 +00:00
John Johansen
ed8530d9b6 start of some changeprofile tests 2009-08-20 04:13:08 +00:00
Kees Cook
7e962a409c expand short-option list to include -T 2009-08-19 15:07:53 +00:00
Kees Cook
bf7c9c8567 document missing options in the apparmor_parser man page 2009-08-19 14:45:05 +00:00
Kees Cook
07d3b17eb4 add --skip-read-cache to allow for --write-cache when -r should happen without reading the old cached profiles 2009-08-19 14:44:40 +00:00