mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 05:17:59 +00:00
Code Issues Releases Wiki Activity
1,892 Commits 23 Branches 113 Tags
Commit Graph

500 Commits

Author SHA1 Message Date
John Johansen
636ee4a11a Update option parsing for help to add in Short flag form and Optimize 
help.
 2010-01-08 14:04:56 -08:00
John Johansen
fe08d62e91 Abort if bad option is passed to optimize option parsing 2010-01-08 12:48:10 -08:00
John Johansen
d87145ad23 Update trans table reporting to include some statistics 2010-01-08 05:29:25 -08:00
John Johansen
dce395e7ad Add basic controls for dfa optimization 2010-01-08 04:30:56 -08:00
John Johansen
926b0c72e8 Update the output of transtable creation 2010-01-08 03:18:59 -08:00
John Johansen
4f044e753c Add basic dfa stats and debug dumps for 
equivelence classes
expr tree (add stats, update parser switch)
dfa
transition table
 2010-01-08 02:17:45 -08:00
John Johansen
b69c5e9972 Fix -S so that it implies there is no kernel_load 2010-01-07 18:31:44 -08:00
John Johansen
fc597b736b Update what is considered an unprivileged op, so that only actual loading 
and writing of cache trigger the privilege messages
 2010-01-07 18:20:19 -08:00
John Johansen
56a9fded36 Update parser to allow for multiple debugs dump options 2010-01-07 18:09:37 -08:00
John Johansen
17a67d7227 Update parser to allow for multiple debug dump options via -D or --dump. 
This will allow turning on and off various debug dumps as needed.
Multiple dump options can be specified as needed by using multiple
options.
  eg. apparmor_parser -D variables
      apparmor_parser -D dfa-tree -D dfa-simple-tree


The help option has also been updated to take an optional argument
to display help about give parameters, currently only dump is supported.

  eg.  apparmor_parser -h       # standard help
       apparmor_parser -h=dump  # dump info about --dump options

Also Enable the dfa expression tree dumps
 2010-01-07 16:21:02 -08:00
Steve Beattie
09ced81ee5 Add debugging reporting for the other capability entry types (audit, 
deny).
 2010-01-07 15:48:14 -08:00
Steve Beattie
8304b7db87 * disable reading cache files when debugging 
* rearrange action ordering so that the symbol table can be dumped
  before and after exapansion
* formatting rearrangement.
 2010-01-07 14:44:42 -08:00
Steve Beattie
2f9259a215 Add debugging dump for Set Capabilities. 2010-01-07 14:17:07 -08:00
Steve Beattie
fd07a7b17a Remove obsolete data structure. 2010-01-07 14:15:36 -08:00
Kees Cook
369a280f64 Document the --skip-kernel-load parameter 2010-01-07 10:03:49 -08:00
Kees Cook
8d760811b8 do not load cache when using -S option 2010-01-06 09:04:04 -08:00
Kees Cook
b2952da4bd use ctime for profiles, to detect newly installed profiles 2009-11-11 15:08:09 -08:00
Kees Cook
b4c355e17e actually add caching tests 2009-11-11 11:07:50 -08:00
Kees Cook
4173f0a558 deal with socket types to ignore, handle backward compat for earlier AF_MAX value 2009-11-11 10:58:57 -08:00
Kees Cook
0d2518551f provide kernel version caching, along with ability to test caching subsystem 2009-11-11 10:56:04 -08:00
Kees Cook
6fa3406b0e update more documentation, update Debian start-up script for LSB, flip logprof repo 2009-11-11 10:51:05 -08:00
Kees Cook
da6c9246f5 clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
Jamie Strandboge
b0ae3243d5 use bits/socket.h rather than linux/socket.h, fixing FTBFS with newer 
kernels (ie >= 2.6.32)
 2009-11-04 17:40:20 -06:00
John Johansen
aced280818 Make cache warning respect the quiet flag 2009-08-20 23:48:32 +00:00
John Johansen
e43065cfe0 Add user side support for pux exec mode 2009-08-20 15:41:10 +00:00
John Johansen
6998f6fc3d Add 64bit capabilities 2009-08-20 15:27:12 +00:00
John Johansen
747d7da402 Revert broken 64bit capabilities patch 2009-08-20 15:26:12 +00:00
Kees Cook
7e962a409c expand short-option list to include -T 2009-08-19 15:07:53 +00:00
Kees Cook
bf7c9c8567 document missing options in the apparmor_parser man page 2009-08-19 14:45:05 +00:00
Kees Cook
07d3b17eb4 add --skip-read-cache to allow for --write-cache when -r should happen without reading the old cached profiles 2009-08-19 14:44:40 +00:00
John Johansen
9e27a95b8e Enable profile names with regular expressions. This requires a newer 
kernel.
 2009-07-30 06:09:19 +00:00
John Johansen
9c532c444b Add a couple capability tests 2009-07-25 03:57:22 +00:00
John Johansen
22d883b4d3 cleanup asprintf return value being ignored warnings 2009-07-24 23:47:46 +00:00
John Johansen
c8fa7815a6 Update capabilities to support 64 bit caps 2009-07-24 23:37:03 +00:00
Steve Beattie
b8cde97ab7 Bah, the whole using linux/socket.h get AF_* tokens versus sys/socket.h 
thing again. Fix to use the kernel's definition of AF_MAX in
linux/socket.h if it's larger than glibc's AF_MAX definition in
sys/socket.h and add a wrapper function so that we don't have include
af_names.h everywhere.

Also, fix memory leaks around the handling of network entries of
policies.
 2009-07-24 17:24:41 +00:00
Kees Cook
098598c98d update short-option list to match the long-option list 2009-07-24 14:57:10 +00:00
Steve Beattie
f9c5756b4d * fix a few more memory leaks 
* undocumented symbol table dumping short options weren't actually
   accepted by the parser.
 2009-07-24 13:24:53 +00:00
Steve Beattie
1b069745b3 * fix another small memory leak in #include handling 
* more code formatting changes because I'm a jerk whose mental lexer
   needs whitespace to properly tokenize code.
 2009-07-24 12:18:12 +00:00
Steve Beattie
5a8a692628 Bah, revert in-progress change that accidentally got committed in rev 
1421.
 2009-07-24 12:06:17 +00:00
Steve Beattie
da52731c75 * fix small memory leak in parser_main.c 
* fixup instances of my inability to spell separator
  * minor code formatting cleanup in parser_lex.l
 2009-07-24 11:56:07 +00:00
Steve Beattie
ed86641695 Fixup testcase description. 2009-07-24 11:34:30 +00:00
Steve Beattie
f579d5efe6 Add a couple more situations around include suffix ignoring. 2009-07-24 11:11:39 +00:00
John Johansen
a7a1cb3827 test for ignored suffixes 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:38:10 +00:00
John Johansen
ab3d7edcdc add loading from and writing to cache options 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:36:09 +00:00
John Johansen
33d01a980a allow multiple profiles to be parsed from the command line 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:39 +00:00
John Johansen
af902dddf1 during policy load, return errors instead of exiting 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:19 +00:00
John Johansen
1fd75ff4f4 actually use -q when loading 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:54 +00:00
John Johansen
c4c430dcd0 fix comments to be non-recursive 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:30 +00:00
John Johansen
627c044e4d add parser subsystem reset functions 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:11 +00:00
John Johansen
0137b992b4 move -D_GNU_SOURCE to Makefile for parser_lex.l to gain it 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:39 +00:00