mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: mir:apparmor-2.1
Branches Tags
mir:master mir:apparmor-4.0 mir:apparmor-4.1 mir:apparmor-3.1 mir:apparmor-3.0 mir:apparmor-2.13 mir:fix-priority2 mir:apparmor-2.12 mir:apparmor-2.11 mir:fix-dirtest mir:check-if-systemd-detect-virt-is-present mir:250-what-is-the-minimum-kernel-version-required-for-apparmor-3 mir:160-the-trash-abstraction mir:apparmor-2.10 mir:cherry-pick-d257afd3 mir:cherry-pick-d4296d21 mir:apparmor-2.9 mir:apparmor-2.8 mir:apparmor-2.7 mir:apparmor-2.6 mir:apparmor-2.5 mir:apparmor-2.3 mir:apparmor-2.1
mir:v5.0.0-alpha1 mir:v4.1.1 mir:v4.1.0 mir:v4.1.0-cherry-pick-point mir:v4.1.0-beta5 mir:v4.1.0-beta4 mir:v4.1.0-beta3 mir:v4.1.0-beta2 mir:v4.1.0-beta1 mir:v4.0.3 mir:v4.0.2 mir:v4.0.1 mir:v4.0.0 mir:v4.0.0-beta4 mir:v4.0.0-beta3 mir:v4.0.0-beta2 mir:v4.0.0-beta1 mir:v2.13.11 mir:v3.0.13 mir:v3.1.7 mir:v4.0.0-alpha4 mir:v4.0.0-alpha3 mir:v4.0.0-alpha2 mir:v4.0.0-alpha1 mir:v2.13.10 mir:v3.0.12 mir:v3.1.6 mir:v3.1.5 mir:v3.0.11 mir:v2.13.9 mir:v2.13.8 mir:v3.0.10 mir:v3.1.4 mir:v3.0.9 mir:v3.1.3 mir:v3.0.8 mir:v2.13.7 mir:v2.12.4 mir:v3.1.2 mir:v3.1.1 mir:v3.1.0 mir:v3.0.7 mir:v3.0.6 mir:v3.0.5 mir:v3.0.4 mir:v3.0.3 mir:v3.0.2 mir:v2.10.6 mir:v2.13.6 mir:v3.0.1 mir:v2.13.5 mir:v3.0.0 mir:v2.13.4 mir:v2.10.5 mir:v2.11.3 mir:v2.12.3 mir:v2.13.3 mir:v2.10.4 mir:v2.11.2 mir:v2.12.2 mir:v2.13.2 mir:v2.12.1 mir:v2.13.1 mir:v2.13 mir:v2.12 mir:git-conversion mir:v2.11.95 mir:v2.11.1 mir:v2.10.3 mir:v2.9.5 mir:v2.8.5 mir:v2.11-branchpoint mir:v2.11.0 mir:v2.10.2 mir:v2.9.4 mir:v2.10.1 mir:v2.9.3 mir:v2.10.95 mir:v2.10-branchpoint mir:v2.10 mir:v2.9.2 mir:v2.9.1 mir:v2.9.0 mir:v2.8.98 mir:v2.9-beta4 mir:v2.8.4 mir:v2.9-beta3 mir:v2.8.97 mir:v2.9-beta2 mir:v2.8.95 mir:v2.8.3 mir:v2.8.2 mir:v2.8.1 mir:v2.8.0 mir:v2.8-beta5 mir:v2.8-beta4 mir:v2.8-beta3 mir:v2.8-beta2 mir:v2.7.99 mir:v2.7.1 mir:v2.7.0 mir:v2.7.0-rc2 mir:v2.7.0-rc1 mir:v2.7.0-beta2 mir:v2.7.0-beta1 mir:v2.6.1 mir:v2.6.1-rc1 mir:v2.6-branchpoint mir:v2.5.2 mir:v2.6.0 mir:v2.6.0-rc1 mir:v2.5.2-rc1 mir:v2.5.1
...
compare: mir:v2.6.0
Branches Tags
mir:master mir:apparmor-4.0 mir:apparmor-4.1 mir:apparmor-3.1 mir:apparmor-3.0 mir:apparmor-2.13 mir:fix-priority2 mir:apparmor-2.12 mir:apparmor-2.11 mir:fix-dirtest mir:check-if-systemd-detect-virt-is-present mir:250-what-is-the-minimum-kernel-version-required-for-apparmor-3 mir:160-the-trash-abstraction mir:apparmor-2.10 mir:cherry-pick-d257afd3 mir:cherry-pick-d4296d21 mir:apparmor-2.9 mir:apparmor-2.8 mir:apparmor-2.7 mir:apparmor-2.6 mir:apparmor-2.5 mir:apparmor-2.3 mir:apparmor-2.1
mir:v5.0.0-alpha1 mir:v4.1.1 mir:v4.1.0 mir:v4.1.0-cherry-pick-point mir:v4.1.0-beta5 mir:v4.1.0-beta4 mir:v4.1.0-beta3 mir:v4.1.0-beta2 mir:v4.1.0-beta1 mir:v4.0.3 mir:v4.0.2 mir:v4.0.1 mir:v4.0.0 mir:v4.0.0-beta4 mir:v4.0.0-beta3 mir:v4.0.0-beta2 mir:v4.0.0-beta1 mir:v2.13.11 mir:v3.0.13 mir:v3.1.7 mir:v4.0.0-alpha4 mir:v4.0.0-alpha3 mir:v4.0.0-alpha2 mir:v4.0.0-alpha1 mir:v2.13.10 mir:v3.0.12 mir:v3.1.6 mir:v3.1.5 mir:v3.0.11 mir:v2.13.9 mir:v2.13.8 mir:v3.0.10 mir:v3.1.4 mir:v3.0.9 mir:v3.1.3 mir:v3.0.8 mir:v2.13.7 mir:v2.12.4 mir:v3.1.2 mir:v3.1.1 mir:v3.1.0 mir:v3.0.7 mir:v3.0.6 mir:v3.0.5 mir:v3.0.4 mir:v3.0.3 mir:v3.0.2 mir:v2.10.6 mir:v2.13.6 mir:v3.0.1 mir:v2.13.5 mir:v3.0.0 mir:v2.13.4 mir:v2.10.5 mir:v2.11.3 mir:v2.12.3 mir:v2.13.3 mir:v2.10.4 mir:v2.11.2 mir:v2.12.2 mir:v2.13.2 mir:v2.12.1 mir:v2.13.1 mir:v2.13 mir:v2.12 mir:git-conversion mir:v2.11.95 mir:v2.11.1 mir:v2.10.3 mir:v2.9.5 mir:v2.8.5 mir:v2.11-branchpoint mir:v2.11.0 mir:v2.10.2 mir:v2.9.4 mir:v2.10.1 mir:v2.9.3 mir:v2.10.95 mir:v2.10-branchpoint mir:v2.10 mir:v2.9.2 mir:v2.9.1 mir:v2.9.0 mir:v2.8.98 mir:v2.9-beta4 mir:v2.8.4 mir:v2.9-beta3 mir:v2.8.97 mir:v2.9-beta2 mir:v2.8.95 mir:v2.8.3 mir:v2.8.2 mir:v2.8.1 mir:v2.8.0 mir:v2.8-beta5 mir:v2.8-beta4 mir:v2.8-beta3 mir:v2.8-beta2 mir:v2.7.99 mir:v2.7.1 mir:v2.7.0 mir:v2.7.0-rc2 mir:v2.7.0-rc1 mir:v2.7.0-beta2 mir:v2.7.0-beta1 mir:v2.6.1 mir:v2.6.1-rc1 mir:v2.6-branchpoint mir:v2.5.2 mir:v2.6.0 mir:v2.6.0-rc1 mir:v2.5.2-rc1 mir:v2.5.1

762 Commits
apparmor-2 ... v2.6.0

Author SHA1 Message Date
Steve Beattie
d1789d1469 Merge fix from 2.5 branch to leave timestamps alone when exporting 
tarball.
 2011-02-24 01:32:08 -08:00
Steve Beattie
2fed7cdb61 Adjust the python setup to actually match what swig expects so it will work 2011-02-23 23:34:36 -08:00
Steve Beattie
cd97402779 Update project info in libapparmor's setup.py.in. 2011-02-23 21:10:20 -08:00
Steve Beattie
ca4906c0a3 Fix list email typo 2011-02-23 15:57:36 -08:00
Steve Beattie
a28e39cd06 Prep for 2.6.0 release 2011-02-23 15:55:03 -08:00
Steve Beattie
3768096308 Fix compilation errors that slipped in. Yes, I realize this breaks the 
one translation string that was intended for regexp.y, sorry.
 2011-02-23 14:40:07 -08:00
Steve Beattie
3dde3d5322 libraries/libapparmor/: more license cleanups, adjust my email address 
in the AUTHORS file.
 2011-02-23 14:02:45 -08:00
John Johansen
9df0a29e9e Update the copyright message in apparmor_parser --version 2011-02-22 14:58:49 -08:00
Jamie Strandboge
da1e958eb9 parser/rc.apparmor.functions: Don't unload libvirt's dynamic profiles on 
reload. For now just special-case libvirt's profiles. If more applications
use dynamic profiles, this should be generalized in some way to flag profiles
as dynamic. (LP: #702774)
 2011-02-22 16:24:29 -06:00
John Johansen
52ca88141a Fix previously committed translation patch that didn't correctly add the 
new apparmor-parser.pot file
 2011-02-22 11:36:14 -08:00
Jamie Strandboge
4cd73b7a93 parser/rc.apparmor.functions: Don't unload libvirt's dynamic profiles on 
reload. For now just special-case libvirt's profiles. If more applications
use dynamic profiles, this should be generalized in some way to flag profiles
as dynamic. (LP: #702774)
 2011-02-22 11:29:33 -06:00
Jamie Strandboge
fb188972dc parser/rc.apparmor.functions: Don't unload libvirt's dynamic profiles on 
reload. For now just special-case libvirt's profiles. If more applications
 use dynamic profiles, this should be generalized in some way to flag profiles
 as dynamic.
 2011-02-22 11:14:34 -06:00
John Johansen
6e6b57fbd1 Sync apparmor.vim to the latest version from Christian Boltz 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:57:37 -08:00
John Johansen
ee0d5b7d50 Update documentation for change_hatv, change_hat_varags and change_onexec 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:55:53 -08:00
John Johansen
6d62a3634e Update change_hatv and change_hat_vargs prototypes to use long 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:55:16 -08:00
John Johansen
54fd453d35 Update swig to export all current interface fns 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:54:35 -08:00
John Johansen
18537e6c38 Rename change_hat.c to kernel_interface.c 
Rename change_hat.c to kernel_interface.c to better reflect that it
is providing multiple kernel_interfaces.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:53:39 -08:00
John Johansen
7e78ee6363 Update licencing in libapparmor 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:51:16 -08:00
John Johansen
d788969c25 Update apparmor_parser translation files 
The apparmor_parser translation files where using the old subdomain_parser
domain, but the parser was binding to apparmor-parser.  Create a new
apparmor-parser.pot file and remove the subdomain_parser.pot file.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:48:03 -08:00
John Johansen
db70a37621 Update x conflict failure message 
Output a better failure message when a conflict of x permissions cause
policy compilation to fail.  We don't have enough information available
to output which rules during the dfa compilation so just improve the
message to let people know that it means there are conflicting x modifiers
in the rules.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2011-02-22 03:47:03 -08:00
Steve Beattie
b8be715227 Remove deprecated kernel patches, no longer needed as the kernel 
portion of apparmor has gone upstream. These patches had already been
dropped from the 2.5.x tree.

The compatibility kernel patches are still provided.
 2011-02-18 10:42:08 -08:00
Steve Beattie
24a47e2faa Update version to prepare for impending 2.6.0 release. 2011-02-16 10:38:28 -08:00
Steve Beattie
c56ec9eea7 top-level Makefile: 
- adjust snapshot versioning to be less than the upcoming version yet
  still embed the bzr repo version
 2011-02-16 09:41:14 -08:00
Steve Beattie
a39d6e36e8 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor-utils: Inherit flags in sub-profiles when generating profiles
References: bnc#496204

 When creating profiles with cx subprofiles, genprof will set the
 sub-profile in enforce mode. When genprof cycles multiple times, it
 prohibits the sub-profile from working correctly.

 e.g.

 # Last Modified: Mon Jan 24 13:52:26 2011
 #include <tunables/global>

 /home/jeffm/mycat flags=(complain) {
   #include <abstractions/base>
   #include <abstractions/bash>
   #include <abstractions/consoles>

   /bin/bash ix,
   /bin/cat cx,
   /home/jeffm/mycat r,

 profile /bin/cat {
     #include <abstractions/base>

     /bin/cat r,
     /home/jeffm/mycat r,

   }
 }

 This patch allows sub-profiles to inherit the flags from the parent
 profile, which allows it to be created in complain mode (if appropriate).
 The temporary complain flags are cleaned up at genprof completion as
 expected.

 This issue was reported at: https://bugzilla.novell.com/show_bug.cgi?id=496204

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

Bug: https://launchpad.net/bugs/707092
 2011-02-15 16:26:05 -08:00
Steve Beattie
4e01f55a81 From: Jeff Mahoney <jeffm@suse.com> 
Subject: Subdomain.pm: Fix for null path
References: bnc#407959

When handling the following log entry, logprof will spew perl errors and
ultimately generate an invalid config: "r,"

Since there is nothing to do with a null path, just skip to the next entry.

type=APPARMOR_DENIED msg=audit(1214497030.421:39): operation="inode_permission" info="Failed name resolution - object not a valid entry" requested_mask="r" denied_mask="r" pid=31367 profile="/usr/sbin/httpd2-worker

Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-02-15 14:45:04 -08:00
Jamie Strandboge
6c7492af89 dd LibreOffice to ubuntu-browsers.d/productivity abstraction 2011-02-15 15:54:48 -06:00
Steve Beattie
4c8d4490cb From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor: Subdomain.pm: Fix handling of audits of unconfined processes

 The version of AppArmor that was accepted into the mainline kernel
 issues audit events for things like change_hat while unconfined.
 Previous versions just returned -EPERM without the audit.

 This results in logprof and friends spewing uninitialized value errors
 when it hits events like:
 type=AVC msg=audit(1291742101.899:220): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=28005 comm="cron

 ... which happen any time an unconfined process does something with pam
 when pam_apparmor is installed.

 This patch skips those events.

[Note that the second half of the OpenSUSE patch had already been applied.]

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-02-15 11:16:28 -08:00
Steve Beattie
5a56604f99 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor: Fix incorrect /proc/*/sys usage in usr.sbin.ntpd
References: bnc#634801

 /proc/sys/kernel exists, but /proc/*/sys/kernel doesn't. This patch
 fixes the profile.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-02-15 10:54:30 -08:00
Steve Beattie
f471bc4018 Author: Jamie Strandboge <jamie@canonical.com> 
Description: the Ubuntu buildds do not have the AppArmor securityfs mounted, so
the cache tests fail. This patch skips these tests if the introspection
directory is not mounted, but runs them if it is. This should allow testing of
local builds while still allowing builds on the official buildds.

Acked-By: Steve Beattie <sbeattie@ubuntu.com> - both Ubuntu and
OpenSUSE were carrying patches that disabled the caching test,
though OpenSUSE's disabled it completely rather than checking. The
parser builds need to complete even when the kernel it's building on
doesn't support AppArmor or all the extensions that the parser needs
at runtime.
 2011-02-15 10:41:29 -08:00
Steve Beattie
596cba37e8 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor-docs: Fix grammar error in techdoc.pdf
References: bnc#588235

This patch fixes a grammar error in techdoc.pdf.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-02-09 14:29:05 -08:00
Steve Beattie
3c8538c0c6 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor-utils: Translation unification
References: bnc#586072

 This patch removes small inconsistencies between identical strings to
 allow for easier translation.

Reported-by: Isis Binder <isis.binder@gmail.com>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-02-08 16:29:59 -08:00
Steve Beattie
4df8c4c09c Purge utils/severity.pl due to incorrect license/copyright statement. It 
should have been covered under both the Immunix acquisition by Novell
Inc and by the open sourcing of the apparmor tree by Novell Inc.
 2011-02-08 15:50:51 -08:00
Steve Beattie
bf9a559dcc From: Jeff Mahoney <jeffm@suse.com> 
Subject: [PATCH] apparmor-utils: cleanup after abort in genprof
References: bnc#307067

 The initial generation of the base profile is required to be written out
 to put the process in complain mode for observation. If the user
 decides to abort the profiling session, that base profile is left
 behind.

 This patch removes all profiles created during the run up to an abort.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
 2011-02-08 14:50:43 -08:00
Steve Beattie
974d0a33b0 Remove obsolete rc.sd-event-dispatch.suse; was replaced by not nearly 
but almost as obsolete aa-eventd and controlled by the main apparmor
initscript.

Acked-by: John Johansen <john.johansen@canonical.com>
 2011-02-08 14:21:51 -08:00
Steve Beattie
b5cd93aa2f Purge deprecated gnome apparmor applet, aa-notify is the preferred 
notification mechanism nowadays.

Acked-by: John Johansen <john.johansen@canonical.com>
 2011-02-08 14:18:39 -08:00
Steve Beattie
ef2fa2c895 From: Jeff Mahoney <jeffm@suse.com> 
utils/Immunix/Reports.pm: s/SubDomain/AppArmor/ in header comment
 2011-02-08 13:58:52 -08:00
Steve Beattie
4ff5b80ee8 From: Jeff Mahoney <jeffm@suse.com> 
Fix compilation in deprecated gnome apparmor applet.
 2011-02-08 12:52:26 -08:00
Steve Beattie
fb8d5d05dc From: Jeff Mahoney <jeffm@suse.com> 
utils/Makefile: abstract out the perl vendor location for distros to
override if necessary
 2011-02-08 10:39:44 -08:00
Steve Beattie
cef7289d75 From: Jeff Mahoney <jeffm@suse.com> 
Fix grammar in in utils UI text.
 2011-02-08 10:25:05 -08:00
Steve Beattie
94dfe15b28 From: Jeff Mahoney <jeffm@suse.com> 
libapparmor: remove LD_RUN_PATH from swig generated makefile as it
results in an rpath binding in the library.
 2011-02-08 09:27:32 -08:00
Steve Beattie
788bdcafb9 From: Jeff Mahoney <jeffm@suse.com> 
Fix up tomcat build, also use in-tree libapparmor.
 2011-02-08 08:22:46 -08:00
Steve Beattie
0cfa2b2cf8 From: Jeff Mahoney <jeffm@suse.com> 
Rip out a little bit of crufty old compatibility code with immunix.h and
support directly building with in-tree libapparmor.
 2011-02-08 08:18:36 -08:00
Steve Beattie
37ac8ede4f From: Jeff Mahoney <jeffm@suse.com> 
Subject: adjust includes for pam_apparmor to point at the intree version
of libapparmor, rather than depend on an external version to be
installed.
 2011-02-08 07:21:20 -08:00
Steve Beattie
09edd269aa Makefile: make setup target work independently 2011-02-08 07:05:39 -08:00
Jamie Strandboge
61e7aac455 make aa-disable executable 2011-02-07 21:02:57 -06:00
Jamie Strandboge
bf02536fa3 Description: add aa-disable 
aa-enforce and aa-complain exist to put a profile into enforce or
 complain mode respectively. The /etc/apparmor.d/disable directory
 already exists to drop files into it to disable profile load via
 apparmor_parser (and therefore via the apparmor initscript). What
 doesn't exist is aa-disable to add a file to the disable/ directory and
 unload the profile. This patch does that. This version of aa-disable is
 based on aa-complain (in fact doing a diff between aa-complain and
 aa-disable might make review easier) and works as well as aa-enforce and
 aa-complain. In other words, aa-disable has the same limitations of not
 handling the specified binary properly if the specified attachment does
 not match the path naming scheme (eg, the profile doesn't use the
 conventional path.to.binary naming scheme, globbing is used for
 attachment within the profile, etc). Also adjust documentation to
 reference aa-disable.
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-02-07 20:48:50 -06:00
Jamie Strandboge
74b2fdc52c update documentation for aa-disable 2011-02-07 17:39:54 -06:00
Jamie Strandboge
1459c9eb20 add aa-disable 2011-02-07 17:39:36 -06:00
Steve Beattie
1005bfdf7e Subject: logprof - variable definitions should not have trailing commas. 
This patch fixes a logprof bug where when profiles with variable
declarations at the top level (not hidden in an include) were written
back to a file, a trailing comma was being added to the declaration
statement, which is invalid apparmor policy syntax. This patch corrects
this and no longer adds the trailing comma.
 2011-02-04 21:20:58 -08:00
John Johansen
52453313c1 Update to latest version of apparmor.vim from Chritian Boltz 2011-01-26 06:43:39 -08:00
Steve Beattie
6f620e9247 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor: Fix network event parsing
References: bnc#665483

 The upstream version of AppArmor had network mediation but it was
 removed. There's a compability patch floating around that both openSUSE
 and Ubuntu have applied to their kernels. Unfortunately, one part was
 overlooked. The socket operation event names where changed from the
 socket_ prefixed names they had when AppArmor was out-of-tree and
 utils/SubDomain.pm was never updated to understand them.

 This patch adds an operation-type table so that the code can just
 do a optype($operation) call to discover what type of operation a
 particular name refers to. It then uses this in place of the socket_
 checks to decide whether an event is a network operation.

 This allows genprof and logprof to work with networking rules again.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

Bug: https://launchpad.net/bugs/706733
 2011-01-24 15:49:46 -08:00
Steve Beattie
1c2591de1e This patch removes all of the old log parsing code from libapparmor. 
The testcases that were in place for the old style log messages have
had their expected output modified such that they are expected to
return invalid results, rather than deleting the testcases outright.
 2011-01-21 11:47:54 -08:00
Steve Beattie
93ae7808cb From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor-parser: Fix up translations
References: bnc#586070

Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-14 17:44:51 -06:00
Kees Cook
14d8bac7b2 Here's an update to rename another chunk of things that still used 
"SubDomain" in some way. This leaves only "subdomain.conf" and the
function names internally.

Additionally, I added a "make check" rule to the utils/Makefile to do a
simple "perl -c" sanity check just for good measure.
 2011-01-13 13:58:26 -08:00
Kees Cook
dd3a964249 drop /var/log/apparmor, stop installing Reports.pm, use LOGPROF_DEBUG as the debugging target instead of /var/log/apparmor 2011-01-13 09:13:34 -08:00
Steve Beattie
d088727bdf Support newer auditd formatted messages. Patch from mancha on irc. 
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2011-01-12 13:57:19 -06:00
Jamie Strandboge
0807a74490 The example firefox profile in extras has been pretty out of date. Also, it 
allows write to the ~/Desktop directory, which could conceivably allow writing
of .desktop files which could be clicked on and executed by the user. This is
based on the firefox base profile as included in Ubuntu. Notable features:
- allows for using the browser to navigate through directories
- allows reads from @{HOME}/Public/**
- allows writes to @{HOME}/Downloads/**

The intent of this profile is to restrict code execution, writes to $HOME
and information leaks while allowing basic web browsing and reading of
system documentation. It does not allow for plugins, extensions or other
helpers (but these can be added via the local/ mechanism).
 2011-01-12 11:51:22 -06:00
Jamie Strandboge
b12d93a739 Attached is an updated dnsmasq profile that fixes the following: 
- allow net_admin capability for DHCP server
- allow net_raw and network inet raw for ICMP pings when used as a DHCP
server
- allow read and write access to libvirt pid files for dnsmasq

See the FAQ in the dnsmasq source for details. This fixes
https://launchpad.net/bugs/697239
 2011-01-12 11:47:04 -06:00
John Johansen
2796c58eca Refresh kernel compatibility patches for 2.6.36.2 and 2.6.37 2011-01-09 21:03:19 -08:00
Jamie Strandboge
22f912b9f1 abstractions/private-files: don't allow wl to autostart directories 
abstractions/private-files-strict: don't allow access to:
  - chromium
  - thunderbird
  - evolution
  - kmail
  - kwallet
 2011-01-07 21:05:59 -06:00
Steve Beattie
0e87acb318 Change the compilation ordering in the regression testsuite as the 
toolchain has gotten stricter about linking order; in short, linked
libraries need to come after the objects referring to them. Adding to
LDLIBS is the correct solution for this.

See https://wiki.ubuntu.com/NattyNarwhal/ToolchainTransition for more
details.
 2011-01-07 10:35:47 -08:00
Jamie Strandboge
f7c6a848bb abstractions/private-files: don't allow wl to autostart directories 
abstractions/private-files-strict: don't allow access to:
- chromium
- thunderbird
- evolution
- kmail
- kwallet
 2011-01-07 10:44:47 -06:00
Steve Beattie
cb96345f21 From: Jeff Mahoney <jeffm@suse.com> 
dynamically link in libapparmor library in libapparmor's testsuite.
 2011-01-05 14:41:11 -08:00
Jamie Strandboge
d03c2e681f abstractions/freedesktop.org updates: 
- require owner match for files in @{HOME}
- add new path for @{HOME}/.local/share/recently-used.xbel*
- add the following, confirmed via specifications:
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/*.desktop r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/*.desktop r,

References:
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-0.9.4.html
http://www.freedesktop.org/wiki/Specifications/mime-actions-spec
 2010-12-23 18:39:28 -06:00
Jamie Strandboge
73c1283e98 abstractions/X: allow access to /usr/lib32 and /usr/lib64 for dri modules 
(LP: #658135)
 2010-12-23 18:39:02 -06:00
Jamie Strandboge
e400b296d8 abstractions/freedesktop.org updates: 
- require owner match for files in @{HOME}
- add new path for @{HOME}/.local/share/recently-used.xbel*
- add the following, confirmed via specifications:
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/*.desktop r,
  owner @{HOME}/.local/share/applications/defaults.list r,
  owner @{HOME}/.local/share/applications/mimeinfo.cache r,
  owner @{HOME}/.local/share/applications/mimeapps.list r,
  owner @{HOME}/.local/share/applications/*.desktop r,

References:
http://standards.freedesktop.org/basedir-spec/basedir-spec-0.6.html
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-0.9.4.html
http://www.freedesktop.org/wiki/Specifications/mime-actions-spec
 2010-12-23 07:52:47 -06:00
Jamie Strandboge
8180aa0bd3 abstractions/base: allow access to /usr/lib32 and /usr/lib64 for dri modules 
(LP: #658135)
 2010-12-23 07:46:55 -06:00
Jamie Strandboge
e356c4b19e add enchant abstraction. Enchant is a frontend for spellcheckers and in 
use by more and more applications, including empathy and evolution. It
is listed on freedesktop.org. See:
http://www.abisource.com/projects/enchant/

This abstraction gives access to enchant itself, files in the user's home
directory for enchant and various dictionaries for:
- aspell
- ispell
- hunspell
- myspell
- hspell
- zemberek
- voikko
 2010-12-22 16:59:44 -06:00
Jamie Strandboge
5c040c6149 allow 'rw' to /var/log/samba/cores/ (LP: #652562) 2010-12-22 16:58:23 -06:00
Jamie Strandboge
d097df8226 add preliminary ibus abstraction. Will likely need more once more ibus users 
start to use it. Additionally, the 'rw' on the @{HOME}/.config/ibus/bus/
probably only needs 'create' and 'chmod', so that could be tightened up once
those are exposed in the tools. LP: #649497.
 2010-12-22 16:57:35 -06:00
Jamie Strandboge
add5d47fc3 abstractions/user-manpages: require owner match for files in @{HOME} and /tmp 2010-12-22 16:55:50 -06:00
Jamie Strandboge
2227de709b abstractions/user-mail: 
- use character globbing
- require owner match for files in @{HOME}
 2010-12-22 16:55:18 -06:00
Jamie Strandboge
84b5f6e441 abstractions/user-write: 
- require owner match
- add @{HOME}/Public/
 2010-12-22 16:54:40 -06:00
Jamie Strandboge
1f2b4a5a19 abstractions/user-download: 
- fix typo for Desktop (should be Desktop/)
- require owner match
- allow writes to @{HOME}/[dD]ownload{,s}
 2010-12-22 16:52:13 -06:00
Jamie Strandboge
1b78752db6 utils/Config.pm: disable the repository by explicitly setting 
$config->{repository}{enabled} = "no" (LP: #692406). We need to do this
since opensuse's site is down and there is no current alternative. Can
reenable once we have an alternative.
 2010-12-21 22:08:28 -06:00
Jamie Strandboge
ca30e18692 utils/Config.pm: disable the repository by explicitly setting 
$config->{repository}{enabled} = "no" (LP: #692406). We need to do this
since opensuse's site is down and there is no current alternative. Can
reenable once we have an alternative.
 2010-12-21 16:56:21 -06:00
Jamie Strandboge
36f6da62aa update ubuntu abstractions to use '# vim:syntax=apparmor' 2010-12-21 12:54:57 -06:00
Jamie Strandboge
046cfe305f update ubuntu abstractions to use '# vim:syntax=apparmor' 2010-12-21 12:53:33 -06:00
Jamie Strandboge
5272c9ef0a utils/apparmor.vim: update comments on how to use 2010-12-21 10:55:24 -06:00
Jamie Strandboge
aa7304f01e utils/apparmor.vim: remove trailing whitespace 2010-12-21 10:45:33 -06:00
Kees Cook
acfcdfe750 ignore generated manpages 2010-12-20 14:02:03 -08:00
Kees Cook
39b5240966 mark parser/tst/simple_tests/xtrans/minimize-x-conflict.sd as "TODO" and hook up parser/tst/Makefile "clean" to parser/Makefile "clean" rule 2010-12-20 13:44:14 -08:00
Kees Cook
b11fd82d96 make gen-xtrans executable 2010-12-20 13:25:54 -08:00
John Johansen
3973387295 Add missing files from my last 11 patches as I forgot to do bzr add before 
committing.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 13:18:36 -08:00
Kees Cook
a6dc414f57 adjust line offset now that $Id$ was removed 2010-12-20 13:06:54 -08:00
Kees Cook
723a20ba7d as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
Kees Cook
46e96476d8 add python2.7 to python abstraction, LP: #644983 
Bug: https://launchpad.net/bugs/644983
 2010-12-20 12:10:52 -08:00
Jamie Strandboge
b3c6ec3ded add aa_change_profile.pod manpage and reference it in aa_change_hat.pod 2010-12-20 14:01:58 -06:00
Kees Cook
319777962b update RPM spec, thanks to Christian Boltz. See https://bugzilla.novell.com/show_bug.cgi?id=619893 2010-12-20 12:01:23 -08:00
John Johansen
283abda83c Default permission-hashing for dfa creation to on, to fix a bug 
When doing permission merging in the dfa minimization phase the information
about whether a rule is dominant or not has been lost so the merge of
xtransitions can not be handled correctly.

When two conflicting x transitions are merged the results are unpredicitable
and not currently detected.  So default dfa minimization to set up its
initial partitions with permission hashing, this ensures that dfa states
that have different xtransitions in the minimization stage will never
be merged thus will not result in a conflict.

x permission checking is still enforced at the dfa creation phase where
the originial information is available to check whether the conflicting
permissions came from exact match or re rules so that conflict resolution
can be properly applied.

The end result is that dfa minimization does not result in a truely minimal
dfa (the minimization phase is also slightly faster).

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:58:44 -08:00
John Johansen
77be2c450f Add the safe xtransition key word 
Currently apparmor provides the unsafe keyword to indicate an xtransition
is not scrubbing its environment variables.  This can be used to be
explicit about which transition are unsafe instead of relying on people
remembering which of px Px is safe or unsafe.

Add the orthogonal keyword safe to allow specifying a transition is
safe.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:58:05 -08:00
John Johansen
4eea3ae073 Make meaning of leading permissions consistent with trailing permissions 
x Permissions when specified as a the start of the rule had a differnt
meaning than when they appeared at the tail of a rule.

Specifically px,cx,ux were not treated as unsafe when they appeared at
the start of the rule.
  px /foo,
instead of at the tail of the rule
  /foo px,

the keyword unsafe had to be used to force the rule to cause the x transitio
to be its unsafe variant.

Fix leading permissions so that they are consistent with file rules that
use trailing permissions.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:56:57 -08:00
John Johansen
c059224811 Merge parsing of file rules with leading permissions into a single rule 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:56:30 -08:00
John Johansen
a29078ac04 Add auto generation of tests to verify leading and trailing perms for xrules 
Test the leading permission form of an xrule against its trailing permission
form, to verify that they are generating the same xtransition and thus
don't conflict (assumes xtransition conflict checking is working).
  eg.
    px /foo,
    /foo px,

should generate the same rule and thus not result in any conflicts

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:54:27 -08:00
John Johansen
851b7655c1 Add auto generation of xtransition conflict tests 
All the combiniation of xtransition conflics where not well represented in
the regression test suite.  Instead of relying on multiple static test
files, automatically generate all possible conflicts.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:53:52 -08:00
John Johansen
bdea9e5678 Fix two x transition conflict bugs. 
The is_merged_x_consistend macro was incorrect in that is tested for
USER_EXEC_TYPE to determine if there was an x transition.  This fails
for unconfined execs so an unconfined exec would not correctly conflict
with another exec type.

The dfa match flag table for xtransitions was not large enough and not
indexed properly for pux, and cux transitions.  The index calculation did
not take into account the pux flag so that pux and px aliased to the same
location and cux and cx aliased to the same location.

This would result in the first rule being processed defining what the
transition type was for all following rules of the type following.  So
if a px transition was processed first all pux, transitions in the profile
would be treated pux.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:52:53 -08:00
John Johansen
6d6df2a16b Make libaare built depend on immunix.h 
The dfa engine uses the defines from immunix.h for permission conflict
checking, so make the build depend on it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:52:10 -08:00
John Johansen
240c4e3674 Fix error checking of conflicting x-trans during dfa construction. 
During some of the dfa cleanups, the checks for conflicting xtransition
was removed.  This adds the conflict checking back in and makes it part
of dfa creation.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:51:20 -08:00
John Johansen
fb61ea7635 Fix xtrans tests 
Several of the x-trans tests where failing because of the include file was
bad.  This kept the test from testing what it was supposed as the test
was expected to fail.  Thus hidding a bug :(

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:50:31 -08:00
John Johansen
d4ca9f3ba0 Add profile names that are independent of attachment specification 
Add the ability to specify the name and attachment of the profile
separately. It does not allow for the attachment specification to
begin with a variable however since variables in profile names is not
currently support this shouldn't be and issue.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-12-20 11:49:42 -08:00
Jamie Strandboge
49f27414e0 update the man pages to: 
* add Canonical to the headers of the pod files touched
  * use aa_change_hat() instead of change_hat() (LP: #692216)
  * use http://wiki.apparmor.net in the SEE ALSO
  * use http://https://bugs.launchpad.net/apparmor/+filebug for bugs
  * prefix 'aa-' in SEE ALSO section for utilities (eg, 'aa-complain' for
    'complain')
 2010-12-20 13:47:09 -06:00
Jamie Strandboge
77b864527a changehat/mod_apparmor/mod_apparmor.pod: make several clarifications and 
add a summary for the order of operations
 2010-12-20 13:45:56 -06:00
Jamie Strandboge
e5f4aa4140 parser/apparmor.d.pod: more fully document child profiles, including: 
- cx and Cx
  - change_profile()
 2010-12-20 13:40:59 -06:00
Jamie Strandboge
289dcfb492 add [^] 2010-12-20 12:50:53 -06:00
Jamie Strandboge
79828d1f10 LP: #349049: document audit, deny and owner rule qualifiers 2010-12-20 12:48:26 -06:00
Jamie Strandboge
7296af3f39 mod_apparmor.pod: adjust for Canonical, launchpad and Ubuntu binaries and tools 2010-12-20 08:35:00 -06:00
Jamie Strandboge
2ade2782d4 parser/apparmor.d.pod: clarify alias rules 2010-12-20 08:34:12 -06:00
John Johansen
34c78d34b1 Combine hat and local profile parsing into the same base rule as profile 
parsing.
 2010-12-13 16:29:16 -08:00
John Johansen
7c1f5fd932 Merge profile and :namespace:profile parsing into a single rule. 
clean up profile parsing by merging profile and :namespace:profile parsing
into a single rule.

This also fixes a bug where the profile	keyword was not allowed to proceed
profiles with a namespace declaration.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
 2010-12-13 16:26:38 -08:00
Steve Beattie
810f54ffdd Bug: https://bugzilla.novell.com/show_bug.cgi?id=510740 
Short summary: Unloading of profiles with a space in the name fails,
therefore "rcapparmor stop" (or restart) causes a funny message - and
the profile is still loaded.

Thanks to Christian Boltz <apparmor@cboltz.de>
 2010-11-29 13:40:45 -08:00
Steve Beattie
8740fd517d This patch fixes the parser's lexer to not passthrough other invalid 
characters in variable declarations. It also adds testcases
demonstrating the issue.
 2010-11-19 02:27:33 -08:00
Steve Beattie
7ef28d9fdc This patch fixes the parser to return an error when variable declaration 
statements contain trailing commas, instead of passing them through to
STDOUT. It also adds parser testcases demonstrating the issue.
 2010-11-19 01:42:04 -08:00
Steve Beattie
83c4a5132e This minor patch updates the compilation dependencies for bits of the 
parser that interact with the regex DFA generation library, and thus
need to be recompiled when the header file changes.

(This patch isn't particularly of interest to distros, as they
typically won't be doing incremental compilation.)
 2010-11-12 13:38:21 -08:00
John Johansen
85c133cd84 Rework the code so that update for nodes is now a function 
The other changes have made it so that using a macro really isn't justified
so rework the code to get rid of the hiddeous update_for_nodes macro.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:20:32 -08:00
John Johansen
d551a1a9ab Make the work_queue be a work_queue of states that need finished computing 
With the addition of the nodes field to the state we can make the work
queue, be based off of the state instead of the node, and avoid doing
the node to map lookup to get back to the state.

This means that the NodeMap is now only used for duplicate elimination.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:19:47 -08:00
John Johansen
e87e45c0a2 Factor updating the state transitions into its own fn 
Factoring the updating of the state transitions doesn't save on any code
but it provides a nice logical seperation and makes the dfa work_queue
loop and the updating of the state transitions easier to understand as
units.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:18:48 -08:00
John Johansen
72aa490e49 Factor adding a new state to the dfa the map into its own function 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:16:38 -08:00
John Johansen
35d55fce81 Move state label, nodes, and permission setting into the State constructor 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:14:12 -08:00
John Johansen
5578299445 Group dfa stats into a single structure. 
Move the dfa stats into a structure to provide a single access point to
them.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:12:50 -08:00
John Johansen
99a7991664 Rename the match_count variable to duplicates 
The match_count variable is a sum of the number of duplicates node sets
that have been encountered and discarded.  Rename it to better reflect what
it is doing.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:09:05 -08:00
John Johansen
15567a55dc Embedded the temporary computed nodes as part of the state 
Embedding the nodes are part of the state gives fast back reference from
the state to the nodes that created it.  This is useful for the state to
nodes mapping dump as it lets us output the states in order.  It will also
let us avoid certain nodemap lookup in the future.

Overlay the nodes field (used only in dfa construction) with the partition
field which is only used during dfa minimization to avoid making the state
any larger.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:08:02 -08:00
John Johansen
5b68e0f7c4 Fix comment about what state information is being dumped 
Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-11-11 16:06:52 -08:00
Kees Cook
eaa6a3c297 This cleans up a number of warnings that appeared after the parser rework 
commits were made (as well as a few other minor warnings elsewhere).

The Makefile change is to avoid passing -Wstrict-prototypes and
-Wnested-externs to the C++ compiler, which the compiler yells about and
then ignores.

Since we compile with -Wmissing-field-initializers I dropped the
unreferenced zero-width fields in the header structs, and then explicitly
initialized the remaining fields.

I tagged several unused function parameters to silence those warnings.

And finally, I dropped the unused filter_escapes() too.
 2010-11-09 13:39:18 -08:00
John Johansen
d53bb7f811 Embedded the State to partition mapping into the State. 
Embedding the the partition mapping into the State structure significantly
speeds up dfa minimization, by converting rbtree finds to straight direct
references when checking for same mappings.

The overall time improvement is small but it can half the time spent in
minimization.
 2010-11-09 11:57:43 -08:00
John Johansen
29c6f7e3ac Re-enable the ability to invoke remove-unreachable-states. 
Now that removing unreachable states is not on by default re-enable the
ability to turn it on.
 2010-11-09 11:56:58 -08:00
John Johansen
14e7d94701 Add ability to dump unique permission sets 2010-11-09 11:56:28 -08:00
John Johansen
318351376c Add the ability to dump NodeSet to dfa state mapping 2010-11-09 11:55:40 -08:00
John Johansen
af8b3b84ef Use nodemap.size() to label state node 
The nodemap.size() increases by one with each node added, every time we
add a state we label it so this provides the proper labeling without needing
a separate variable.
 2010-11-09 11:55:05 -08:00
John Johansen
b64921a5ec Add tracking of the node set (proto state) max, and average size 2010-11-09 11:54:20 -08:00
John Johansen
f1a3f66515 Add -D stats and -D progress options 
add short options to turn on all stats, and all progress indicators,
also allow adding "no-" prefix to dump options to allow subtracting
individual options when short options are used.

eg.
  -D stats -D no-expr-simplify
 2010-11-09 11:53:38 -08:00
John Johansen
6b4dff4bee Move -O and -D options and documentation into tables 
Move the -O and -D options into tables, that keep the option and its
description.  This will help keep the options consistent and the description
up to date, as all information is now in one place.

Previously the options, and descriptions kept getting out of sync as all
relavent parts were spread out.
 2010-11-09 11:52:38 -08:00
John Johansen
de2dec2bec Reduce the number of -O flag options by factoring our no- prefix 
Factor out the "no-" prefix so that optimization flags and their no-
counter parts are handled by the same code.
 2010-11-09 11:50:13 -08:00
John Johansen
fae7cac15c Rename trans-XXXX transition to compress- compression 
trans- isn't a very good name for this phase of compilation.  It is the
compression phase, rename to trans- to compress- to reflect this.
 2010-11-09 11:49:18 -08:00
John Johansen
8972e4f577 Generic cleanup pass of -D and -O options 2010-11-09 11:48:53 -08:00
John Johansen
0ad84d93f9 Factor out expr tree rotation into its own function 2010-11-09 11:48:29 -08:00
John Johansen
ac9553de19 Rework tests against Epsnodes to compare to the singleton 
Dynamic casts are slower than plain comparisons so rework epsnode comparison
to use comparisons to the singleton epsnode instead of dynamic_casts.
 2010-11-09 11:47:37 -08:00
John Johansen
6801346b81 Add cnode class as a base class of all expr nodes that contain character info 2010-11-09 11:46:05 -08:00
John Johansen
04d6c727e1 Add a leafnode class to clearly indicate what node types are leaf nodes 2010-11-09 11:44:26 -08:00
John Johansen
aec77cecde Move nodes around to put one child node together and two child nodes together 2010-11-09 11:38:20 -08:00
John Johansen
0f26d8f097 Further split up innernode, to be able to better identify the types of 
inner nodes.

This is part of a serious of patches to cleanup expr nodes, by separating
out functionality and reducing the number of dynamic casts.
 2010-11-09 11:36:14 -08:00
John Johansen
cb2ebc3102 Rework the depth first traversal of expr trees, to remove the use of the 
unneeded visited table, and give a little speed up and cleanup.
 2010-11-09 11:35:38 -08:00
John Johansen
d2581332db This is part of a serious of patches to cleanup expr nodes, by separating 
out functionality and reducing the number of dynamic casts.
 2010-11-09 11:34:59 -08:00
John Johansen
adb0973d61 Update Makefile to pass CFLAGS into libapparmor_re 2010-11-09 11:33:40 -08:00
John Johansen
7f987f93d1 As from a library pov they should be seperately callable fns, and this will 
help reduce peak memory usage in some cases.

Also disbale remove_unreachable, as the current dfa code isn't generating
unreachable states, and minimization removes any states that are connected
but redundant.
 2010-11-09 11:28:56 -08:00
John Johansen
c5fa0e98b3 Reference counting of Nodes exists to shared the special accept nodes that 
hold permission information.  We currently keep them in a table with a
refcount so that they don't go away, until we delete the table.

We can simulate this by getting rid of the refcount, and making dup and release
virtual, and overriding it for the special accept nodes.
 2010-11-09 11:28:22 -08:00
John Johansen
a84844cea5 Do not use permission hashing for minimization by default. While this 
improves minimization performance, it can slow down total creation time and
result in larger compressed dfas.

This is because it results in the dfa not being completely minimized which
with the current O(n2) dfa table compression algorithm can result in slower
compressed dfa generation.
 2010-11-09 11:27:36 -08:00
John Johansen
51f443c7b6 Update state progress/stats output to dump the number of accepting 
states/partitions occur in the minimized dfa.
 2010-11-09 11:26:50 -08:00
John Johansen
c2601dbd30 Cleanup the perm_map as soon as it is no longer needed. Cleaning up the map 
before the end of the functions reduces the peak memory of the function
 2010-11-09 11:26:18 -08:00
John Johansen
2fb64fa85e When hashing Nodes ensure that cases.otherwise == NULL is treated the same 
as pointing to the nonmatching state.  Having this mix shouldn't currently
exist but adding the extra check makes the code more robust.
 2010-11-09 11:25:44 -08:00
John Johansen
4e80416a4f Do permission accumulation in dfa minimization. This is necessary if accept 
states with different permissions are to ever share a partition.
 2010-11-09 11:24:51 -08:00
John Johansen
a949b075b4 The dfa flags currently are a weird mix of position and negative assertions. 
Its cleaner just to have them all assert one way and let the cmd line
options apply them correctly.
 2010-11-09 11:23:45 -08:00
John Johansen
36e99af7fb Split dfa minimizing hashing into two seperately controllable hashes. The 
first hash does hashing on state just state transitions, which always results
in a performance improvement.

The second does hashing based off of accept permissions, which can create
more initial states but can result in not being able to achieve a true
minimum dfa.  This can also lead to slowing down total dfa creation because
while minimization, compression can take longer if the dfa isn't completely
minimized.

permission hashing is currently required, as minimization does not accumulate
redundant Node permissions.
 2010-11-09 11:22:54 -08:00
John Johansen
9b99039fdb Convert Nodemap comparision to use a hash value. This uses a little more 
memory than just using the NodeSet size to short circuit comparison but it
improves on the case where compared sets have the same size.  It is possible
that this will slow down small dfa generation slightly but the trade off for
large dfa's (which are the slow ones to generate) is worth it.

This results in another performance bump over using the NodeSize is NodeSet
comparison, and the amount of improvement increases with larger dfas
 2010-11-09 11:20:08 -08:00
John Johansen
344e11a539 Use set size as part of set comparison, short circuiting comparing sets 
of pointers when it isn't necessary.  This results in a nice little
performance increase in dfa creation.

This is more of a proof of concept patch, and is replaced by the next
patch which does better short circuiting via hashing
 2010-11-09 11:18:46 -08:00
John Johansen
ca1d891799 This patch reworks the internal structures used to compute the dfa. It is on 
the large side, and I experimented with different ways to split this up but in
the end, anything I could do would result in a series of dependent patches
that would require all of them to be applied to get meaningful functional
changes.

The patch structural reworks the dfa so that
- there is a new State class, it takes the place of sets of nodes in the
  dfa, and allows storing state information within the state
- removes the dfa transition table, which mapped sets of nodes to a
  transition table, by moving the transition into the new state class
- computes dfa state permissions once (stored in the state)
- expression tree nodes are independent from a created dfa.  This allows
  computed expression trees, and sets of Nodes (used as protostates when
  computing the dfa).  To be managed independent of the dfa life time.
  This will allow reducing the amount of memory used, in the future,
  and will also allow separating the expression tree logic out into
  its own file.


The patch has some effect on reducing peak memory usage, and computation
time.  The actual amount of reduction is dependent on the number of states
in the dfa with larger saving being achieved on larger dfas.  Eg. for
the test evince profile I was using it makes the parser about 7% faster with a
peak memory usage about 12% less.

This patch changes the initial partition hashing of minimization resulting
in slightly smaller dfas.
 2010-11-09 11:14:55 -08:00
Kees Cook
485df894ab This fixes a few typos in documentation that lintian noticed. 2010-11-04 14:27:30 -07:00
Kees Cook
38cefc358a add symlink for manpage as well 2010-11-04 13:36:38 -07:00
Kees Cook
6d2d55057c retain one backward compat symlink for the heavily-documented "apparmor_status" command 2010-11-04 11:52:33 -07:00
Kees Cook
4b9a2683ed include release version in manpage 2010-11-04 11:32:06 -07:00
Kees Cook
06b4d7db0d Make the manpage release distro agnostic though configurable. 2010-11-03 23:49:41 -07:00
Kees Cook
225c779225 This patch cleans up the testsuite output harder, and removes a bashism in 
another clean target.
 2010-11-03 17:04:43 -07:00
Kees Cook
6717e29909 Here is a patch to standardize on all utils using the "aa-" prefix instead 
of a mix of symlinks to non-prefixed comands, and "apparmor_" prefixed
commands.

This also refactors the manpage generation slightly since we no longer
need special cases for the manpages, and drops aa-eventd from the default
list of tools to install (it also lacks a manpage).
 2010-11-03 17:03:52 -07:00
Jamie Strandboge
7f1b117675 abstractions/ubuntu-browsers: adjust sensible browser to use Pixr 2010-10-22 07:43:23 -05:00
John Johansen
632b6aaf1f Add the compatibility patches for the 2.6.36 upstream kernel version of 
AppArmor.
 2010-10-21 10:58:18 -07:00
John Johansen
3e8a61d626 Move kernel patches for old versions of the module to deprecated 2010-10-21 10:56:01 -07:00
Jamie Strandboge
fb418015e3 add /usr/bin/emacs-snapshot-gtk PUxr to ubuntu-browsers.d/text-editors 2010-10-21 09:03:09 -05:00
Steve Beattie
db30c2bc19 This patch fixes the common/Make.rules file to not do bzr versioninfo 
on every make invocation; instead it defines a command as a variable
that then is evaluated into shell variables when needed.
 2010-10-18 12:12:37 -07:00
Steve Beattie
f6b043b434 Bump version up to prevent confusion at the request of jjohansen. 2010-10-18 11:18:03 -07:00
Steve Beattie
abcd1f2975 This patch makes the parser's makefile honor CFLAGS that have been 
exported in the environment. Without it, merely setting the CFLAGS
environment variable would not affect the compilation of the parser,
though it was still possible to override it by passing the variable
as an argument (e.g. make all CFLAGS="-Oinsane -Wextra-special").

It also makes the default CFLAGS for the parser consistent with
the default for the C++ dfa library, and passes the flags on to
the library.

An audit of the other bits of C showed that they either supported
CFLAGS during configure or were otherwise honoring CFLAGS when set
as environment variable.
 2010-10-09 14:15:59 -07:00
Steve Beattie
5849c7ab78 This patch removes a bunch of crufty old stuff, including some 
subversion deritrus, the slackware tarball build support as well as
the aborted attempt to make auto building debian packages.
 2010-10-07 15:42:36 -07:00
Steve Beattie
19fa8a3ed9 This patch takes the revision info from the stamp file if things are 
being built outside of a working bzr tree.
 2010-10-07 15:39:55 -07:00
Steve Beattie
875a06b9d7 This corrects a couple of build issues on openSUSE, as the version 
of rpm there no longer defines %{_host_vendor}.
 2010-10-07 15:38:31 -07:00
Steve Beattie
c90b199488 This patch moves the overall version definition of the software out of 
the common/Make.rules file into common/Version so that libapparmor's
configure.in can make use of it, meaning there's one less thing to
adjust when updating the version. It also bumps the trunk version
from 2.5 to 2.5.90 in (perhaps excessively long) preparation for the
2.6.0 release, and to indicate that it's newer than the 2.5.x branch.
 2010-10-07 15:37:30 -07:00
Steve Beattie
0e1158c71d This patch adds a toplevel target to add a bzr tag in a consistent 
format.
 2010-10-07 15:33:11 -07:00
Steve Beattie
b19f77d5c7 This patch adds toplevel support for creating release and snapshot 
tarballs and converts some of the common/Make.rules targets to get
version information from bzr. As part of this, the tarball generation
creates a .stamp_rev file in the common directory which contains both
the name of the bzr repo exported from as well as the revision.
 2010-10-07 15:25:21 -07:00
Steve Beattie
7e0969bf82 From: Jesse Michael <jesse@lonelyrhinoceros.com> 
This just adds prototypes to all functions to make further cleanup
slightly easier by getting perl to complain if not enough args are
passed to a function.  Perl doesn't appear to complain about this in
every case even with prototypes, which is kind of annoying.
 2010-10-06 13:06:05 -07:00
Steve Beattie
8e51a7b31e From: Jesse Michael <jesse@lonelyrhinoceros.com> 
One of the uses of eval { } wasn't checking $@ for errors, so if
something bad happened, it'd be silently ignored.  This just adds in
an extra check to die if we hit a failure.
 2010-10-06 12:21:56 -07:00
Steve Beattie
317197a6b5 This patch modifies the xattr regression test to use a separate 
loopback mounted filesystem to operate on, to guarantee that the mount
option user_xattr is enabled (it's disabled by default on Ubuntu).

With this change, a number of the user xattr testcases that were
expected to pass but weren't started working; however, some of the
ones that were failing as expected are now passing. I've touched up
the expectations as well.
 2010-09-30 10:49:26 -07:00
Jamie Strandboge
39902eff28 abstractions/ubuntu-email: adjustment for ever-changing path of thunderbird 
(LP: #648900)
 2010-09-27 08:47:08 -05:00
Jamie Strandboge
2cb3463cc8 add ubuntu-integration-xul for firefox-notify 2010-09-23 08:16:56 -05:00
Steve Beattie
60b014667a When loading without the 2.4 compatibility patch, the parser needs the 
following patch or it will explode when it can't find the "features"
file.

Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/626984
From: Kees Cook <kees@ubuntu.com>
 2010-09-16 10:24:50 -07:00
Steve Beattie
d7fde9d109 Reorders the timstamp check to move it to the beginning of the 
script and add an additional sleep before the parser invocation that
generates the cache file for the first time, to avoid failures in the
"Profiles are cached when requested:" test on ext3 and other filesystems
without fine-grained enough timestamps.
 2010-09-15 14:28:35 -07:00
Kees Cook
72701bd2a0 drop duplicate extern from rev 1496 2010-09-15 12:24:12 -07:00
Jamie Strandboge
6b81b50d36 ubuntu-browsers.d/multimedia: allow lpr and lpstat for printing from flash 
plugin
 2010-09-15 08:20:21 -05:00
Kees Cook
862836548d Fix write_cache to not be a privileged operation so that the caching tests 
can be added to the build. Update caching tests to detect non-ns-resolution
filesystems and back off on the timing test.
 2010-09-14 12:45:34 -07:00
Kees Cook
feb70284bc Effectively revert revno 1471, and fix the misdetected error condition 
so that caching will work again without needing kernel_load.
 2010-09-14 12:38:38 -07:00
Kees Cook
3a1fbb49f4 fix up typo and add extern for update_mru_tstamp 2010-09-14 12:37:59 -07:00
John Johansen
02e86864da This patch changes how cache validation is done, by moving it post 
parsing, and precompilation of policy.  This allows finding the most
recent text time stamp during parsing and this is then compared to
the cache file time stamp.

While this is slightly slower than the cache file check that only
validated against the profile file it fixes the bug where abstraction
updates do not cause the cache file to become invalid.
 2010-09-14 12:22:02 -07:00
Jamie Strandboge
b465b91ec9 exported smbd files need to have 'k' to work properly with certain applications 2010-09-14 14:12:49 -05:00
Jamie Strandboge
7aac7a23a3 profiles/apparmor.d/local/README: use commented text since aa-genprof is pretty 
grumpy without it
 2010-09-10 09:39:29 -05:00
Steve Beattie
8fd1f15ae7 Add testcases for trunk commits 1486-1490. 2010-09-09 17:14:25 -07:00
John Johansen
5c43890b31 Change the second key_capability entry into a comment and document why 
its there and what to do with it once the old entry types are cleaned up.
 2010-09-09 16:51:44 -07:00
John Johansen
073064bdb0 The new apparmor module uses has added a target key that is used to report 
the target of an operation instead of name2 used in previous kernels
 2010-09-09 12:22:02 -07:00
John Johansen
59597775e5 Status messages have and offset field used to debug why and where a policy 
load failed.  For now just ignore it.
 2010-09-09 12:21:19 -07:00
John Johansen
4c666b4d2f The kernel can return negative error codes for error= 2010-09-09 12:20:30 -07:00
John Johansen
1e098b5928 The capability operation picked up the capability and capname fields. 
capability is reported by LSM_AUDIT and is just the capability number.
capname is reported by the apparmor module and is the name the kernel
knows the capability as.

For now just use capname and silently drop capability when it is found.
 2010-09-09 12:19:08 -07:00
John Johansen
4fcd7e94f5 If encountered the scanner will dump unmatched text from <audit_id>. 2010-09-09 12:17:03 -07:00
John Johansen
513611ff92 Fix memory leak where apparmor_notify is not freeing up messages that 
are not reported.
 2010-09-09 10:40:38 -07:00
John Johansen
fe3cce7828 Default apparmor_notify to report messages, when it is installed and 
started.  Since apparmor_notify is not installed by default and not started
by default, the act of installing and starting it implies the desire to
get messages.
 2010-09-09 10:31:45 -07:00
Jamie Strandboge
edb1ae1798 allow mmap of font cache files in @{HOME}/.fontconfig/ for sun-java6 2010-09-08 13:56:19 -05:00
Jamie Strandboge
85c20fb564 update ubuntu-browsers.d/java for latest sun-java6 (LP: #633369) 2010-09-08 12:27:09 -05:00
Jamie Strandboge
834efc7b2c fix LP: #626451 (GoogleTalk in ubuntu-browsers.d/multimedia) 2010-09-08 08:51:06 -05:00
Jamie Strandboge
d2c61794ea update fonts abstraction to add '/var/lib/ghostscript/** r,' 2010-09-03 08:38:14 -05:00
Jamie Strandboge
b56e654f26 abstractions/ubuntu-browsers: add '/usr/bin/sensible-browser PUxr' 2010-08-30 07:52:20 -05:00
John Johansen
d256e1f9c0 The upstream 2.6.36 kernel is missing the /sys/kernel/security/apparmor/profiles file, so introspection of which profiles are loaded is not possible. 
Make testing of profiles loaded conditional on introspection being present.
 2010-08-26 10:38:27 -07:00
John Johansen
8762c1dcfb The upstream 2.6.36 version of apparmor doesn't support network rules. 
Add a flag to the parser controlling the output of network rules,
and warn per profile when network rules are not going to be enforced.
 2010-08-26 10:37:46 -07:00
John Johansen
1f1a303457 The upstream 2.6.36 version of apparmor is missing the match file, 
so the parser doesn't set matching options correctly.

Set minimal defaults with that will allow the parser to load policy,
on 2.6.36 kernels.
 2010-08-26 10:36:45 -07:00
Steve Beattie
046e1fb215 This is an incomplete fix for bug 
https://bugs.launchpad.net/apparmor/+bug/623467

This patch adds some additional testcases to the log parsing
testsuite, to cover rejections for operations that aren't covered by
other testcase (truncate, rename_src, rename_dest, mkdir) as well
as fixing SubDomain.pm to take those operations into account when
parsing log files.

The operations link, unlink, and possibly setattr still need to be
covered by SubDomain.pm
 2010-08-25 09:53:39 -07:00
Steve Beattie
341877416e Creating lame empty error files that dejagnu needs for its tests. 
Apologies for not getting an ACK on this commit.
 2010-08-23 22:34:51 -07:00
Steve Beattie
6c31d0d894 This commit teaches pam_apparmor about the current errno returned by the 
kernel when the hat that was passed does not exist in the profile (but
other hats exist). It also removes the very old EPERM case, which hasn't
been accurate for a while. (LP: #619521)
 2010-08-19 08:24:41 -07:00
Jamie Strandboge
40751c2ed3 abstractions/ubuntu-browsers.d/ubuntu-integration: update for kmozillahelper 
and gnome-appearance-properties (LP: #514356, LP: #573344)
abstractions/ubuntu-browsers.d/user-files: update for /net (LP: #593413)
 2010-08-18 10:06:40 -05:00
John Johansen
d72422b369 When doing debugging/building dfa graphs, generally I use -QT however 
this results in

Unable to open output file - Success

to be output to standard error.

This occurs because despite specifying kernel_load = 0, the kernel load
parts are still being done, and failing.
 2010-08-17 08:03:07 -07:00
John Johansen
291066dcbd On certain graphs the dfa graph dump output can become messed up as it isn't properly handling non-printing characters in the case of single character 
output.  Drop the cast to signed character which messes up the output.
 2010-08-17 08:02:27 -07:00
Jamie Strandboge
c96c8a391f profiles/apparmor.d/abstractions/ubuntu-browsers.d/java: generalize names 
of child profiles
 2010-08-11 14:10:16 -05:00
Jamie Strandboge
7536899894 create ubuntu-feed-readers abstraction and have ubuntu-browsers.d/multimedia 
use it instead of specifying liferea directly
 2010-08-11 09:58:34 -05:00
Jamie Strandboge
44f2e73d1b update X abstraction for gdm's new placement of XAUTHORITY (LP: #601583) 2010-08-11 09:57:54 -05:00
Jamie Strandboge
9e99dfc8b2 add ca-certificates to ssl_certs abstraction (LP: #605835) 2010-08-11 09:15:56 -05:00
Jamie Strandboge
42cd946ff2 update ubuntu-browsers.d/kde to use PUx for kde4-config 2010-08-10 17:57:42 -05:00
Jamie Strandboge
cbbf3ea75e update abstractions/ubuntu-browsers.d/java for icedtea 2010-08-10 16:45:23 -05:00
Jamie Strandboge
23a77d70e8 adjust profiles/Makefile for abstractions/ubuntu-browsers.d 2010-08-10 16:42:00 -05:00
Jamie Strandboge
e1e85f285c remove kde4-config from the kde abstraction 2010-08-10 15:38:58 -05:00
Jamie Strandboge
6988cd07a0 adjust profiles/apparmor.d/local/README to codify the intended usage of local/ 2010-08-10 14:28:10 -05:00
Jamie Strandboge
1bdb6069da fix whitespace abstractions/ubuntu-browsers.d/* 
add 'owner' match to abstractions/ubuntu-browsers.d/java
 2010-08-10 14:18:21 -05:00
Jamie Strandboge
0978a1ad8a update ubuntu-* abstractions to use PUx instead of Ux 2010-08-10 14:11:04 -05:00
John Johansen
350520a650 Add check to the regression tests that verifies the expected profiles 
are loaded.
 2010-08-10 09:24:41 -04:00
Jamie Strandboge
2a3aae6d57 'owner' match in commit 1406 too strict for /tmp/ and /var/tmp/ 2010-08-09 09:56:31 -05:00
Jamie Strandboge
d472cf13b1 add Ubuntu-specific profiles/apparmor.d/abstractions/ubuntu-browsers.d/* 
for use with browser profiles
 2010-08-06 16:01:57 -05:00
Jamie Strandboge
eace04e2e7 profiles/Makefile: use LOCAL_ADDITIONS using filter-out in clean target, which 
is much cleaner.
 2010-08-05 16:00:23 -05:00
Jamie Strandboge
f9187ac661 profiles/Makefile: use same logic in 'clean' target as we did in 'local' 2010-08-05 15:53:07 -05:00
Jamie Strandboge
9c3fb960e8 implement 'local/' mechanism to aid in packaging: 
- create profiles/apparmor.d/local/README to explain it all
- adjust shipped profiles in profiles/apparmor.d to include the local changes
- adjust profiles/Makefile for local files
 2010-08-05 15:30:43 -05:00
Jamie Strandboge
b550fa291c adjust profiles/Makefile for local files 2010-08-05 15:10:33 -05:00
Jamie Strandboge
6fb3f5c4a6 move profiles/local to profiles/apparmor.d/local 2010-08-05 14:15:56 -05:00
Jamie Strandboge
f25949cf84 start on 'local/' mechanism to aid in packaging: 
- add profiles/local/README
- adjust profiles/apparmor.d/{bin,sbin,usr}* to include a file from local/
- adjust profiles/apparmor.d/{bin,sbin,usr}* for for copyright, some whitespace
  and svn conventions
 2010-08-05 14:00:02 -05:00
Kees Cook
cc434a1c7f Fixes "deleted" test case to match the documentation for the expected 
outcome. Adds additional positive test, fixes spelling.
 2010-08-04 12:22:48 -07:00
John Johansen
5c8581a345 Update the regression test suite to test chmod, chown and chgrp on directories. 2010-08-04 10:25:44 -07:00
John Johansen
6259edac38 Update and expand comments on regex tree normalization 2010-08-04 10:23:22 -07:00
John Johansen
f0220611aa Epsnodes carry no information beyond the node type. Convert to using 
a single static node, which will reduce allocations and peak memory
use slightly.
 2010-08-04 09:53:46 -07:00
John Johansen
5c8051994b Make -q quiet can not update cache warnings 2010-08-04 09:52:54 -07:00
Jamie Strandboge
62f2e7f06e fix for LP: #611248 (gdk pixbug loaders) 
tighten up the dbus abstractions
 2010-08-03 12:06:29 -05:00
Jamie Strandboge
24e3b5296e tighten up the dbus abstractions 2010-08-03 12:04:37 -05:00
Jamie Strandboge
9533ac3405 fix for LP: #611248 2010-08-03 09:13:34 -05:00
John Johansen
b5c780d2a1 Remove pcre and update tests where necessary 2010-07-31 16:00:52 -07:00
Kees Cook
06ebb0b6d6 use wildcards correctly for utils subdirectory ignores 2010-07-26 11:02:42 -07:00
Kees Cook
5f76ba2ae3 Cleanups in libapparmor that should have been part of commit 1437. These 
were part of the ACKed patch on the mailing list.
 2010-07-26 10:58:07 -07:00
Kees Cook
32d899eb6d The coredump regression test existed in the tree, but was not hooked up to 
the testsuite. It looks like coredump mediation may have been removed,
since it is rather a corner-case, so I have currently marked it as XFAIL.

In hooking it back up, the "prologue.inc" was reviewed, dead code dropped,
and the "image=" argument changed to correctly handle the imageperms
syntax used elsewhere. It was working in other tests out of coincidence.
 2010-07-26 10:55:00 -07:00
Kees Cook
b30b4c1877 Fixes several warnings, typos, clarifies a subtest description and starts 
to try to get rid of programmatic use of $Id$ in kernel regression tests.
 2010-07-26 10:50:33 -07:00
Kees Cook
0d357a892b Actually fail "make tests" if any of the tests fail to run. 2010-07-26 10:46:03 -07:00
Kees Cook
e180ed4ccb There didn't seem to be a way to see individual test successes, so I added 
a check for "VERBOSE=1" in the kernel regression testsuite.
 2010-07-26 09:30:36 -07:00
Kees Cook
27ce962708 Rename "subdomain" to "apparmor" in kernel regression tests. 
Includes spelling fixes, drops of old documentation, and removal of notes on
tests that no longer fail.
 2010-07-26 09:26:26 -07:00
Kees Cook
084f975d5e Drop unused file descriptor. 2010-07-26 09:25:00 -07:00
Kees Cook
624aee531a Fix many compile-time warnings. 
Start replacing RPM with lsb-release.
Drop old references to CVE.
Remove unused code.
 2010-07-26 09:22:45 -07:00
Kees Cook
a92f9e67b3 Add "comm" string to the parser structure and testsuite runner. Update 
testsuite output to include "comm" report.
 2010-07-26 09:20:02 -07:00
Kees Cook
5649f5237b Add testcases for new LSM-audit log messages. 
Update log parser grammar to handle new LSM-audit log messages.
 2010-07-26 09:16:23 -07:00
Kees Cook
24a05b0bf5 add kernel regression test build-time by-products to ignore list 2010-07-25 19:00:51 -07:00
Kees Cook
359514432f add more build-time by-products to the ignore list 2010-07-25 18:59:58 -07:00
Kees Cook
cf706a37f0 add build-time by-products to the .bzrignore for libapparmor 2010-07-25 18:52:19 -07:00
John Johansen
4be07c3265 This adds a basic debug dump for the conversion of each rule in a profile to its expression 
tree.  It is limited in that it doesn't currently handle the permissions of a rule.

conversion output presents an aare -> prce conversion followed by 1 or more expression
tree rules, governed by what the rule does.
eg.
  aare: /**   ->   /[^/\x00][^\x00]*
  rule: /[^/\x00][^\x00]*  ->  /[^\0000/]([^\0000])*

eg.
echo "/foo { /** rwlkmix, } " | ./apparmor_parser -QT -D rule-exprs -D expr-tree

aare: /foo   ->   /foo
aare: /**   ->   /[^/\x00][^\x00]*
rule: /[^/\x00][^\x00]*  ->  /[^\0000/]([^\0000])*

rule: /[^/\x00][^\x00]*\x00/[^/].*  ->  /[^\0000/]([^\0000])*\0000/[^/](.)*


DFA: Expression Tree
(/[^\0000/]([^\0000])*(((((((((((((<513>|<2>)|<4>)|<8>)|<16>)|<32>)|<64>)|<8404992>)|<32768>)|<65536>)|<131072>)|<262144>)|<524288>)|<1048576>)|/[^\0000/]([^\0000])*\0000/[^/](.)*((<16>|<32>)|<262144>))


This simple example shows many things
1. The profile name under goes pcre conversion.  But since no regular expressions where found
   it doesn't generate any expr rules
2. /** is converted into the pcre expression /[^\0000/]([^\0000])*
3. The pcre expression /[^\0000/]([^\0000])* is converted into two rules that are then
   converted into expression trees.

   The reason for this can not be seen by the output as this is actually triggered by
   permissions separation for the rule.  In this case the link permission is separated
   into what is shown as the second rule: statement.
4. DFA: Expression Tree dump shows how these rules are combined together

You will notice that the rule conversion statement is fairly redundant currently as it just
show pcre to expression tree pcre.  This will change when direct aare parsing occurs,
but currently serves to verify the pcre conversion step.


It is not the prettiest patch, as its touching some ugly code that is schedule to be cleaned
up/replaced. eg. convert_aaregex_to_pcre is going to replaced with native parse conversion
from an aare straight to the expression tree, and dfaflag passing will become part of the
rule set.
 2010-07-23 13:29:35 +02:00
John Johansen
837f47c921 This is the user space fix for launchpad.net/busgs/599450 
It changes the table resizing so that there is always sufficient
high entries in the table, preventing bounds violations from
occurring.

Previously the resize allocation was always based on the character
set range for a state, which could be more or less than actually
required, and packing would waste some space when over allocation
was done.

As a result this patch in general results in slightly smaller
transition tables even though it enforcing the minimum required
padding to avoid bounds violations.
 2010-07-23 04:30:31 +02:00
John Johansen
bfb96638f6 This is a preparatory patch for the fix to launchpad.net/bugs/599450. 
It combines the two separate table resize code segments into a single
functionally equivalent segment.  It does not fix the bug.
 2010-07-23 04:29:54 +02:00
John Johansen
6453a41a28 Add extra transition table labeling to help with interpretation of the 
dump output.
 2010-07-23 04:29:29 +02:00
Steve Beattie
1d9ca54cec Minor touchups to the README. 2010-07-22 17:07:10 +02:00
Jamie Strandboge
1cc6ef54d0 added README file 2010-07-22 15:29:07 +02:00
John Johansen
af3476afb9 The templatization of deref_less_than is unnecessary and complicates the code 
replace it with its none templatized version.
 2010-07-10 17:53:04 -07:00
John Johansen
4f8e01ff36 expression tree node labeling is used during debugging dumps. Currently the node labels 
are computed and stored in a map, that is not cleaned up.  This means that the labeling
is retained across different dfas.

Move the labeling into expr node as this takes less memory than using a map and will
also separates node labeling so its per dfa instead of global.  In addition this means
the labeling is cleanedup/freed when the expr tree is freed without any extra work.
 2010-07-10 17:52:13 -07:00
John Johansen
d0dcab10f1 Make the transition table dump easier to understand by labeling each entry with its 
index.
 2010-07-10 17:49:32 -07:00
John Johansen
1004f039ec When creating the dfa the sets firstpos, lastpos, and followpos are computed for 
each expression tree node and then used as input to create the dfa states.

Currently they are not being freed until the nodes are destroyed, but the information
is no longer needed once the dfa has been created.  Cleaning them up early reduces
peak memory usage.
 2010-07-10 17:47:25 -07:00
John Johansen
da6df9fdc5 The apparmor parser applies the disabled and complain mode directories even when just 
dumping the preprocessor output to stdout.

Add a flag to test whether to skip forcing the mode and use it with -p (dump preprocessed
profile).
 2010-07-10 17:46:06 -07:00
John Johansen
a30ecbfe3c Add the -o flag to allow specifying the output file instead of loading 
to the kernel.

Signed-off-by: John Johansen <john.johansen@canonical.com>
 2010-06-26 13:14:56 -07:00
John Johansen
49530d5fe5 This patch adds back in the -p flag, allowing the dumping of a 
flattened profile to stdout.

It currently does not do anymore than flattening the include
files.  The expansions of variables etc can be added later.
 2010-06-26 13:13:52 -07:00
Steve Beattie
2d2897f426 This patch adds a couple of additional lineno reporting testcases: 
* a non-include related syntax error (errors/modefail.sd)
  * multiple successful includes followed by a failed include
    (errors/multi_include.sd)

It also fixes two issues with the parser's line counting:

  * the count began at 0 (demonstrated by the first testcase's error
    being reporting on one line less than it should be), and

  * an extra line increment when includes were detected (demonstrated
    by the second testcase's error being reported at a line beyond the
    correct linenumber.

The existing testcases did not catch these because they were all
based on the first include in the file failing and so the start of
the count from 0 counteracted the extra counted line.
 2010-06-25 12:43:48 -07:00
Jamie Strandboge
d744377f4a abstractions/dbus-session: use Pix instead of Ux for dbus-launch since in 
addition to setting up a dbus session it can be used to launch applications
 2010-06-22 11:50:31 -05:00
Jamie Strandboge
23bc2980c6 ubuntu-media-players: add gmplayer 2010-06-08 14:33:31 -05:00
Jamie Strandboge
f8c7cee59c allow thunderbird 3 in abstractions/ubuntu-email 2010-06-07 08:30:34 -05:00
Kees Cook
6737031eb9 hrm, since I added code, I need to update the copyright details. 2010-06-04 18:57:01 -07:00
Kees Cook
7cfc7e1133 add correct line number and filename tracking for error conditions (LP: #588014) 
Bug: https://launchpad.net/bugs/588014
 2010-06-04 18:47:44 -07:00
Kees Cook
67bd489ba8 add generated files from parser/ to ignore list 2010-06-04 18:39:20 -07:00
Kees Cook
34f5510faf network interface enumeration 2010-06-04 17:44:59 -07:00
Kees Cook
0e07298340 update for font/icon/mime locations in current gnome 2010-06-04 17:44:30 -07:00
Kees Cook
a7fd5abe37 statvfs allowed by default 2010-06-04 17:43:11 -07:00
Jamie Strandboge
a029b16066 apparmor_notify: 
- verify $opt_s is initialized (LP: #582075)
- don't show summary if $opt_s < 1
 2010-05-27 09:08:12 -05:00
Jamie Strandboge
ea4756a802 ##rmor_notify: show last date when using -s # -v 2010-05-14 00:08:31 +02:00
Jamie Strandboge
7d76eea05a apparmor_notify: show last date when using -s # -v 2010-05-14 00:07:32 +02:00
Jamie Strandboge
7d22b5bdce abstractions/user-tmp: require 'owner' matching 2010-05-12 10:52:23 +02:00
Jamie Strandboge
8e97e4a405 apparmor_notify: add long options. Your welcome Steve ;) 2010-05-12 10:46:22 +02:00
Steve Beattie
d6713e49cd First, readlink is in /bin/ on ubuntu, not /usr/bin - checked both 
paths. Secondly, the /lib64 -> /lib symlink would mean the
/lib64/ld-linux symlink would incorrectly be generated as
/lib64/ld-N.NN.so which still has a symlink in its path, and thus
apparmor wouldn't permit the access. Fixing by having readlink
canonicalize the entire path.

ack thppt.
 2010-04-27 02:37:30 -07:00
Jamie Strandboge
369e18202f add dbus-session abstraction 2010-04-19 12:38:17 -05:00
Jamie Strandboge
96b1328967 apparmor_notify: adjust '(3 total)' to '(3 found)' 2010-04-08 23:00:52 -05:00
Jamie Strandboge
0254d63fdc apparmor_notify: group like entries together when using -v with -s. Eg: 
$ sudo apparmor_notify -s 1 -v
 Profile: /usr/lib/firefox-3.6.3/firefox-*bin
 Operation: exec
 Name: /usr/bin/apturl
 Denied: ::x
 Logfile: /var/log/audit/audit.log

 Profile: /usr/sbin/ntpd
 Operation: open
 Name: /var/lib/ntp/ntp.conf.dhcp
 Denied: r::
 Logfile: /var/log/audit/audit.log
 (3 total)

 AppArmor denials: 4 (since Wed Apr  7 22:57:56 2010)
 For more information, please see: https://wiki.ubuntu.com/DebuggingApparmor
 2010-04-08 22:57:04 -05:00
John Johansen
b0a9f46bb7 Update parser man page to include dump and optimize flags 2010-04-03 16:24:06 -07:00
John Johansen
d295e3b444 Update several flags to not preclude there using with writing the cache, 
they will however still skip reading the cache.
 2010-04-03 15:41:40 -07:00
Jamie Strandboge
6186118aa0 adjust cgi path for php5 abstraction (LP: #538661) 2010-03-30 12:34:32 -05:00
Jamie Strandboge
98d20bf257 adjust path to extensions in php5 abstraction, since the extensions directory 
is more free-form than once thought
 2010-03-30 12:31:26 -05:00
Jamie Strandboge
c38f0f22bc apparmor_notify: remove stray print 2010-03-30 12:26:32 -05:00
Jamie Strandboge
24446dd1d0 apparmor_notify.pod: add -u and -w options 2010-03-30 10:48:51 -05:00
Jamie Strandboge
cd90674f37 apparmor_notify: fix reopening logfile after dropping privileges (ie, notice 
when auditd logs get rotated)
- use getgrnam() with setgid when dropping to nobody_group
- add '-u USER' option to drop to this user when running priviliged but
  not under sudo. Useful for starting when logged in as root.
- add a read access check before get_logfile_inode() so we don't have to
  wait for the timeout in get_logfile_inode()
- set euid only when dropping privileges, instead of using POSIX::setuid()
  which sets uid, euid and saved id when starting privileged
- create send_message() function which fork/execs so that we can set the
  real uid before calling notify-send (notify-send looks at the real uid
  when trying to connect to dbus)
- adjust reopen_logfile() to raise privileges (via euid) before accessing
  logfile when $< != $>. Drop them again after open().
 2010-03-30 10:31:23 -05:00
Jamie Strandboge
4cfe8e9d48 apparmor_notify.pod: update for -f 2010-03-27 09:16:38 -05:00
Jamie Strandboge
5ceb1fa1c9 apparmor_notify: 
- also check for inode change
- update size to use stat
- treat logfile_size like logfile_inode
- update logfile_size and logfile_inode in reopen_logfile()
 2010-03-27 09:14:33 -05:00
Jamie Strandboge
4fb9a702f0 apparmor_notify: 
- add -f option to optionally specify the logfile
- when polling, check to see if the logfile size decreased, and if so, reopen
  it. Currently this only works if you can read the file after dropping
  privileges
 2010-03-27 08:28:07 -05:00
Marc Deslauriers
daffe30e47 - utils/SubDomain.pm: get rid of warnings 2010-03-26 09:51:21 -04:00
Jamie Strandboge
f0b380fe5e add 'k' to /var/lib/samba/**.tdb in the samba abstraction 2010-03-25 18:13:00 -05:00
Steve Beattie
4e039d07f3 - Break out make targets so that distributors that don't want full docs 
can pick targets they want. Patch from Arkadiusz Miskiewicz <arekm at
  maven.pl>.

- Comment out debug dump of generate af_names.h
 2010-03-16 15:18:55 -07:00
Steve Beattie
b403bbdf82 Fix perl swig bindings so that libapparmor can be built when configured 
without perl. Thanks to Arkadiusz Miskiewicz <arekm at maven.pl>.
 2010-03-16 15:00:26 -07:00
Steve Beattie
8c7fea39d4 Expand parser stress test to included regexs and rlimit rules. 2010-03-15 11:31:38 -07:00
John Johansen
9efd526f6f Fix memory leak during dfa minimization. 
Dfa minimization wasn't deleting the states it eliminated during the
minimization process, and hence leaking memory.
 2010-03-13 02:23:23 -08:00
Steve Beattie
4ab92b62f5 Fix debug options so they don't go through the dfa engine, significantly 
speeding up the time to emit debugging information.
 2010-03-12 15:26:32 -08:00
Steve Beattie
bd1b72ad42 *whimper* last portiong of the strict-aliasing fix. 2010-03-12 15:20:22 -08:00
Steve Beattie
bccd45a22e Bah, managed to forget part of the last commit. The other half of fixing 
the strict-aliasing bit, the portion that I don't like.
 2010-03-12 15:16:06 -08:00
Steve Beattie
3b9b2158c1 Fix strict aliasing issue that triggered a bug in the parser_symtab unit 
tests. I don't like the solution because it exposes a data structure
definition outside of the only file that should know it's layout.

Also, fixed the Makefile to fail the build when one of the unit test
programs fails. :-(
 2010-03-12 14:41:58 -08:00
Steve Beattie
2a0df39961 Ease memory usage by collating rules in string form rather than as Rule 
objects. Add randomly generating profile flags.
 2010-03-12 03:05:25 -08:00
Steve Beattie
21875a520d Fix leaking file descriptors on included files. 2010-03-12 01:50:26 -08:00
John Johansen
6c23d48649 Bump versioning to AppArmor 2.5 2010-03-10 23:07:29 -08:00
Steve Beattie
4094043011 Fix up some testcase description fields 2010-03-10 21:38:10 -08:00
Steve Beattie
970807f01a Merge in stress test changes before ext4 eats them. 2010-03-10 21:09:15 -08:00
Steve Beattie
66286494a2 Resurrect another of the stress tests; it kinda works, though it requires 
killall-ing a few things in order to make it stop. And alas, it does seem
to eventually cause kernel hangs with 2.6.32-16. (Committing now before ext4
eats my changes and brain.)
 2010-03-10 20:56:47 -08:00
Steve Beattie
140495fe64 Make kernel stress tests work again (kill.sh works at least) 2010-03-10 17:56:51 -08:00
John Johansen
04a872f927 Add some new profile flag tests to validate parsing of the new flags 
controlling nameresolution.
 2010-03-10 17:00:24 -08:00
Steve Beattie
60f6153446 Fixup parser stress test to work with modern parser args.. 2010-03-10 16:11:39 -08:00
John Johansen
e2737566ff Fix genprof/logprof to handle create (c) and delete (d) permissions that 
are being reported by the kernel modules auditing.
 2010-03-10 15:30:06 -08:00
Jamie Strandboge
dd3a979827 apparmor_notify: call getopt and check for -h before trying to open audit.log, 
so help can be used as non-root when auditd is installed
 2010-03-10 10:11:26 -06:00
Steve Beattie
69d59f80ed Don't (un)load flattened hats on removal, as the kernel pulls them out 
automatically (and the parser emits an error due to this).
 2010-03-09 01:38:12 -08:00
Steve Beattie
ebe59ca483 Add a simple 'cx' mode testcase. I *think* I'm specifying it correctly. 2010-03-08 22:28:22 -08:00
Steve Beattie
fc669861fe Yuck, fix up bogus type conversions. Also fix up some PDEBUG statements, 
to make debugging why things are going wrong in specific examples
easier.
 2010-03-08 21:49:16 -08:00
Steve Beattie
61c61f9aab Add some unit tests for processunquoted() -- sadly it handles octals 
fairly wrong. Need to fix, but not tonight. Le sigh
 2010-03-08 20:38:54 -08:00
Jamie Strandboge
fd3baa930e add ubuntu-bittorrent-clients and ubuntu-media-players abstractions 2010-03-08 13:50:25 -06:00
Jamie Strandboge
df05261cd3 add /etc/sound to audio abstraction 2010-03-08 13:49:37 -06:00
Jamie Strandboge
75d858a764 apparmor_notify: add -w NUM -- wait NUM seconds before displaying notifications 
(with -p)
 2010-03-03 11:30:55 -06:00
John Johansen
5709d94710 Add the ability to control how path mediation is done at the profile level 2010-02-17 12:21:52 -08:00
Kees Cook
4f5686901b include *.dpkg-bak in files to ignore 2010-02-16 12:56:04 -08:00
John Johansen
725328c209 Allow for a location to alias to multiple locations. Ie. 
alias / -> /rofs,
alias / -> /rwfs,
 2010-02-12 13:51:27 -08:00
John Johansen
ee00b0cea2 Update aliases so that they apply properly to profile names. 
Instead of updating the profile name, allow a profile to have multiple
alternate names.  Aliases are now added as alternate names and matched
through the xmatch dfa.
 2010-02-12 13:49:58 -08:00
John Johansen
eafddd3cea Fix alias to keep old rule and add new one instead of updating old rule. 
Alias was broken because it when an alias was made the old path was completely
removed and there was no way to specify it.  Update it so aliases just add
an new duplicate rule instead.
 2010-02-12 13:46:55 -08:00
John Johansen
94b2a345f2 Fix -S flag so the profile can be dumped to stdout again 
The changes to the loader permission logic broke the -S flag, so update
the test so that we can dump out the profile again.
 2010-02-12 13:44:00 -08:00
Jamie Strandboge
e0ca522633 fix pod2man error in apparmor_notify.pod 2010-02-12 10:25:02 -06:00
Jamie Strandboge
a58c1b5119 utils/Makefile: install apparmor_notify 
add utils/apparmor_notify.pod
 2010-02-12 10:14:11 -06:00
John Johansen
7d940743cb Add change_hatv and change_hat_vargs calls to libapparmor. 
These replacement routines allow an application to avoid the probing
behavior of earlier version of change_hat.  Allowing them to be faster
and have better learning characteristics.
 2010-02-11 15:38:24 -08:00
John Johansen
f999b49843 Add change_profile onexec to libapparmor 2010-02-11 15:37:25 -08:00
John Johansen
7592c80db5 Update build version tags to 2.5~pre 2010-02-11 15:36:16 -08:00
Kees Cook
60fb075419 libraries/libapparmor/src/scanner.l: dynamic string handling to avoid stack overflows on log parsing (LP: #519686) 
Bug: https://launchpad.net/bugs/519686
 2010-02-10 15:13:55 -08:00
John Johansen
91f0f0053f Update regression tests test harness for known problems to use xpass and 
xfail instead of known_{pass,fail}, also have it only reports unexpected
results, error for when result != what it should, and Alert for when it
result is what is should be but is a known problem and hence expected
to report something else.

Also update the regression tests for known problems under AppArmor 2.5,
this does not fix all known problems, (ie hats being removed differently
and hence resulting in unable to load profile errors, and the mknod
problem on alternate runs of the test suite, nor xattrs tests not ensuring
that the fs supports xattrs).
 2010-02-06 23:04:57 -08:00
John Johansen
56d1be6ca6 Update ptrace test to fix case where unconfined is ptracing child helper 
which is now allowed and add case where confined app is ptracing child
which isn't allowed.
 2010-02-06 20:09:55 -08:00
John Johansen
516e3f60e4 update change_hat tests for correct error codes on AppArmor 2.5 2010-02-06 20:08:51 -08:00
John Johansen
db796ef3f1 Update test harness to allow for tests defined by profile X 2010-02-06 20:07:44 -08:00
John Johansen
335b088dd0 Bump version to 2.4 2010-02-04 14:41:36 -08:00
John Johansen
98ea04e7c6 Deprecate old management applications that are no longer supported and 
do not work.
 2010-02-04 14:39:27 -08:00
Jamie Strandboge
737cd15707 apparmor_notify: allow -s option with -p 2010-02-04 00:15:24 -08:00
Jamie Strandboge
3d899affcf apparmor_notify: 
- handle being called as something other than apparmor_notify
- simple aggregation on first run
 2010-02-03 21:51:59 -08:00
Jamie Strandboge
858d535389 apparmor_notify: simple aggregation on first run 2010-02-03 21:50:05 -08:00
Jamie Strandboge
767bf6d1d7 apparmor_notify: handle being called as apparmor_notify or aa-notify 2010-02-03 20:56:38 -08:00
Jamie Strandboge
29a95e10de rename apparmor-notify to apparmor_notify 
update apparmor_notify to read ~/.apparmor/notify.conf
 2010-02-01 17:30:04 -08:00
John Johansen
8dd795dec1 Rework the partitioning to take advantage of Partitions now being a list 2010-01-31 23:21:00 -08:00
John Johansen
8bcfa1a32f Move partitions from using sets to lists as this is a better match 
for what is being done.
 2010-01-31 23:19:54 -08:00
John Johansen
e984b6ff74 Seperate Partition definition for States. This is a small step to cleaning 
up the code
 2010-01-31 23:18:14 -08:00
John Johansen
1179c1a42c Improve partitioning performance slightly by inserting new partitions 
imediately after the current partition being considered, instead of
at the back of the parition list.  This does two things, it makes it
more likely the data is in cache, and it also in general results in
more partitions being created in a single pass.
 2010-01-31 23:12:33 -08:00
Kees Cook
69ebfc4cda update python shared library paths for "pyshared" 2010-01-29 10:10:31 -08:00
Jamie Strandboge
26499f965b utils/apparmor-notify: adjust copyright to match the rest of the source 2010-01-28 10:58:38 -06:00
Jamie Strandboge
75b07641fd add utils/apparmor-notify and utils/notify.conf, but don't install yet 2010-01-28 10:25:09 -06:00
John Johansen
80c7ee74a2 Speedup transition table compression. This is a basic improvement and 
not an algorithmic improvement.  It does the same basic algorithm of
test until it can insert the data, but instead of only tracking the
first free entry (and recomputing it each pass).  It tracks all
free entries reducing the number of comparisons done and the table
grows in size.

This may actually result in a small loss on small tables, but is a win
for larger tables.
 2010-01-27 17:20:13 -08:00
John Johansen
f9906a9584 Update hash calculation 
Update the hash calculation to guarentee that states with a different
number of transition entries will be placed in seperate partitions.

This will allow for a better character transition based state comparison.
 2010-01-20 05:10:38 -08:00
John Johansen
91dd7527d9 Dfa minimization and unreachable state removal 
Add basic Hopcroft based dfa minimization.  It currently does a simple
straight state comparison that can be quadratic in time to split partitions.
This is offset however by using hashing to setup the initial partitions so
that the number of states within a partition are relative few.

The hashing of states for initial partition setup is linear in time.  This
means the closer the initial partition set is to the final set, the closer
the algorithm is to completing in a linear time.  The hashing works as
follows:  For each state we know the number of transitions that are not
the default transition.  For each of of these we hash the set of letters
it can transition on using a simple djb2 hash algorithm.  This creates
a unique hash based on the number of transitions and the input it can
transition on.  If a state does not have the same hash we know it can not
the same as another because it either has a different number of transitions
or or transitions on a different set.

To further distiguish states, the number of transitions of each transitions
target state are added into the hash.  This serves to further distiguish
states as a transition to a state with a different number of transitions
can not possibly be reduced to an equivalent state.

A further distinction of states is made for accepting states in that
we know each state with a unique set of accept permissions must be in
its own partition to ensure the unique accept permissions are in the
final dfa.

The unreachable state removal is a basic walk of the dfa from the start
state marking all states that are reached.  It then sweeps any state not
reached away.  This does not do dead state removal where a non accepting
state gets into a loop that will never result in an accepting state.
 2010-01-20 03:32:34 -08:00
Jamie Strandboge
d4d9dda5cb libraries/libapparmor/swig/perl/examples/example.pl: more fixes 2010-01-12 09:52:00 -06:00
Jamie Strandboge
e8b3312f2e add aa-decode and manpage 
For now just look at 'name=...' which is usually the last in the log entry,
so validate input against this and output based on it.
TODO: better handle other cases too
 2010-01-12 07:19:20 -06:00
Jamie Strandboge
3fd950e823 libraries/libapparmor/swig/perl/examples/example.pl: fix so it works again 2010-01-11 20:54:54 -06:00
Jamie Strandboge
d98c8ae8b5 add commented, but blank tunables/alias 
profiles/apparmor.d/tunables/global: include tunables/alias
parser/apparmor.d.pod: add alias rules and home.d. clean up
 HOMEDIRS
 2010-01-11 14:19:35 -06:00
Steve Beattie
b8b2b48949 Add long optimization option along with case-insensitive help options 2010-01-08 14:33:35 -08:00
John Johansen
636ee4a11a Update option parsing for help to add in Short flag form and Optimize 
help.
 2010-01-08 14:04:56 -08:00
John Johansen
fe08d62e91 Abort if bad option is passed to optimize option parsing 2010-01-08 12:48:10 -08:00
John Johansen
d87145ad23 Update trans table reporting to include some statistics 2010-01-08 05:29:25 -08:00
John Johansen
dce395e7ad Add basic controls for dfa optimization 2010-01-08 04:30:56 -08:00
John Johansen
926b0c72e8 Update the output of transtable creation 2010-01-08 03:18:59 -08:00
John Johansen
4f044e753c Add basic dfa stats and debug dumps for 
equivelence classes
expr tree (add stats, update parser switch)
dfa
transition table
 2010-01-08 02:17:45 -08:00
John Johansen
b69c5e9972 Fix -S so that it implies there is no kernel_load 2010-01-07 18:31:44 -08:00
John Johansen
fc597b736b Update what is considered an unprivileged op, so that only actual loading 
and writing of cache trigger the privilege messages
 2010-01-07 18:20:19 -08:00
John Johansen
56a9fded36 Update parser to allow for multiple debugs dump options 2010-01-07 18:09:37 -08:00
John Johansen
17a67d7227 Update parser to allow for multiple debug dump options via -D or --dump. 
This will allow turning on and off various debug dumps as needed.
Multiple dump options can be specified as needed by using multiple
options.
  eg. apparmor_parser -D variables
      apparmor_parser -D dfa-tree -D dfa-simple-tree


The help option has also been updated to take an optional argument
to display help about give parameters, currently only dump is supported.

  eg.  apparmor_parser -h       # standard help
       apparmor_parser -h=dump  # dump info about --dump options

Also Enable the dfa expression tree dumps
 2010-01-07 16:21:02 -08:00
Steve Beattie
09ced81ee5 Add debugging reporting for the other capability entry types (audit, 
deny).
 2010-01-07 15:48:14 -08:00
Steve Beattie
8304b7db87 * disable reading cache files when debugging 
* rearrange action ordering so that the symbol table can be dumped
  before and after exapansion
* formatting rearrangement.
 2010-01-07 14:44:42 -08:00
Steve Beattie
2f9259a215 Add debugging dump for Set Capabilities. 2010-01-07 14:17:07 -08:00
Steve Beattie
fd07a7b17a Remove obsolete data structure. 2010-01-07 14:15:36 -08:00
Kees Cook
369a280f64 Document the --skip-kernel-load parameter 2010-01-07 10:03:49 -08:00
Kees Cook
8d760811b8 do not load cache when using -S option 2010-01-06 09:04:04 -08:00
Kees Cook
8b54df93dd make note of the trailing slash requirement in the home.d/site.local example 2010-01-05 15:43:32 -08:00
Jamie Strandboge
2d8246668c fix typo in profiles/apparmor.d/tunables/home.d/site.local 2010-01-05 16:16:16 -06:00
Jamie Strandboge
ebedab89e5 add local site configuration for HOMEDIRS tunable 
- add commented profiles/apparmor.d/tunables/home.d/site.local
- profiles/apparmor.d/tunables/home: include tunables/home.d
- profiles/Makefile: adjust for home.d sub-directory and install
  site.local
 2010-01-05 15:58:43 -06:00
Kees Cook
a0e8bf9661 update php5 abstraction, add more details to apache hat documentation, include a common apache2 abstraction for use with hats 2010-01-03 13:16:38 -08:00
Kees Cook
938385db40 sort on profile names when reporting results from aa-status 2010-01-02 22:18:51 -08:00
Jamie Strandboge
45dc9d4d08 add /opt/google/chrome/google-chrome to ubuntu-browsers (TODO: abstract 
out to third-party-browsers)
 2009-12-04 11:37:10 -06:00
Kees Cook
b2952da4bd use ctime for profiles, to detect newly installed profiles 2009-11-11 15:08:09 -08:00
Kees Cook
d6a2f8258f remove profile complain flags -- it is up to a distribution to decide how to use a profile 2009-11-11 11:55:29 -08:00
Kees Cook
92b9063527 update KDE abstraction, from Ubuntu 2009-11-11 11:45:49 -08:00
Kees Cook
40e8c9f6e6 merge profiles from Ubuntu, including change_hat apache2 template 2009-11-11 11:42:30 -08:00
Kees Cook
3c43ce869c have "enforce" command clear out symlink directories, from Ubuntu 2009-11-11 11:38:26 -08:00
Kees Cook
190329745d handle new null profile logs, handle new include directories. from ubuntu branch 2009-11-11 11:37:30 -08:00
Kees Cook
b4c355e17e actually add caching tests 2009-11-11 11:07:50 -08:00
Kees Cook
4173f0a558 deal with socket types to ignore, handle backward compat for earlier AF_MAX value 2009-11-11 10:58:57 -08:00
Kees Cook
0d2518551f provide kernel version caching, along with ability to test caching subsystem 2009-11-11 10:56:04 -08:00
Kees Cook
6fa3406b0e update more documentation, update Debian start-up script for LSB, flip logprof repo 2009-11-11 10:51:05 -08:00
Kees Cook
da6c9246f5 clear remaining $Id$ tags, since bzr does not suppor them 2009-11-11 10:44:26 -08:00
Jamie Strandboge
84565d5407 abstractions/gnome: add /etc/gnome/defaults.list 2009-11-10 14:04:26 -06:00
Jamie Strandboge
b0ae3243d5 use bits/socket.h rather than linux/socket.h, fixing FTBFS with newer 
kernels (ie >= 2.6.32)
 2009-11-04 17:40:20 -06:00
Jamie Strandboge
6e42e18191 have dnsmasq in enforce mode 2009-11-04 14:30:43 -06:00
Jamie Strandboge
694c9916b9 pull in Ubuntu updates to profiles/apparmor.d 2009-11-04 14:25:42 -06:00
Steve Beattie
4265cecdfa From: Marc Deslauriers <marc.deslauriers@ubuntu.com> 
Acked-By: Steve Beattie <steve@ubuntu.com>
Ref: https://bugs.launchpad.net/bugs/431929

Parse log entries containing an ouid.

(I added a testcase to Marc's fix.)
 2009-09-18 21:13:04 +00:00
Kees Cook
317a3a0ad2 load test profiles from commandline instead of stdin 2009-08-25 00:26:57 +00:00
John Johansen
0018491c1e Add basic changeprofile re test and enable changeprofile tests by default 2009-08-21 20:39:45 +00:00
John Johansen
aced280818 Make cache warning respect the quiet flag 2009-08-20 23:48:32 +00:00
John Johansen
0320e0e849 Update changeprofile tests 
Have the parser skip the caches
 2009-08-20 23:46:48 +00:00
John Johansen
e43065cfe0 Add user side support for pux exec mode 2009-08-20 15:41:10 +00:00
John Johansen
6998f6fc3d Add 64bit capabilities 2009-08-20 15:27:12 +00:00
John Johansen
747d7da402 Revert broken 64bit capabilities patch 2009-08-20 15:26:12 +00:00
John Johansen
c80b2c9766 Fix library resolution when linux-vdso.so.1 is used instead of 
linux-vdso32.so.1 or linux-vdso64.so.1
 2009-08-20 12:33:29 +00:00
John Johansen
ed8530d9b6 start of some changeprofile tests 2009-08-20 04:13:08 +00:00
Kees Cook
7e962a409c expand short-option list to include -T 2009-08-19 15:07:53 +00:00
Kees Cook
bf7c9c8567 document missing options in the apparmor_parser man page 2009-08-19 14:45:05 +00:00
Kees Cook
07d3b17eb4 add --skip-read-cache to allow for --write-cache when -r should happen without reading the old cached profiles 2009-08-19 14:44:40 +00:00
John Johansen
9e27a95b8e Enable profile names with regular expressions. This requires a newer 
kernel.
 2009-07-30 06:09:19 +00:00
John Johansen
4f3e6daae9 Fix the clone regression test so that the correct end of the stack is 
used.
 2009-07-28 02:17:10 +00:00
John Johansen
9c532c444b Add a couple capability tests 2009-07-25 03:57:22 +00:00
John Johansen
22d883b4d3 cleanup asprintf return value being ignored warnings 2009-07-24 23:47:46 +00:00
John Johansen
c8fa7815a6 Update capabilities to support 64 bit caps 2009-07-24 23:37:03 +00:00
Steve Beattie
b8cde97ab7 Bah, the whole using linux/socket.h get AF_* tokens versus sys/socket.h 
thing again. Fix to use the kernel's definition of AF_MAX in
linux/socket.h if it's larger than glibc's AF_MAX definition in
sys/socket.h and add a wrapper function so that we don't have include
af_names.h everywhere.

Also, fix memory leaks around the handling of network entries of
policies.
 2009-07-24 17:24:41 +00:00
Kees Cook
098598c98d update short-option list to match the long-option list 2009-07-24 14:57:10 +00:00
Steve Beattie
f9c5756b4d * fix a few more memory leaks 
* undocumented symbol table dumping short options weren't actually
   accepted by the parser.
 2009-07-24 13:24:53 +00:00
Steve Beattie
1b069745b3 * fix another small memory leak in #include handling 
* more code formatting changes because I'm a jerk whose mental lexer
   needs whitespace to properly tokenize code.
 2009-07-24 12:18:12 +00:00
Steve Beattie
5a8a692628 Bah, revert in-progress change that accidentally got committed in rev 
1421.
 2009-07-24 12:06:17 +00:00
Steve Beattie
da52731c75 * fix small memory leak in parser_main.c 
* fixup instances of my inability to spell separator
  * minor code formatting cleanup in parser_lex.l
 2009-07-24 11:56:07 +00:00
Steve Beattie
ed86641695 Fixup testcase description. 2009-07-24 11:34:30 +00:00
Steve Beattie
f579d5efe6 Add a couple more situations around include suffix ignoring. 2009-07-24 11:11:39 +00:00
John Johansen
a7a1cb3827 test for ignored suffixes 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:38:10 +00:00
John Johansen
ab3d7edcdc add loading from and writing to cache options 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:36:09 +00:00
John Johansen
33d01a980a allow multiple profiles to be parsed from the command line 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:39 +00:00
John Johansen
af902dddf1 during policy load, return errors instead of exiting 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:35:19 +00:00
John Johansen
1fd75ff4f4 actually use -q when loading 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:54 +00:00
John Johansen
c4c430dcd0 fix comments to be non-recursive 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:30 +00:00
John Johansen
627c044e4d add parser subsystem reset functions 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:34:11 +00:00
John Johansen
0137b992b4 move -D_GNU_SOURCE to Makefile for parser_lex.l to gain it 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:39 +00:00
John Johansen
397ead10af add aare_reset_matchflags() to reset match flags 
Signed-Off-By: Kees Cook <kees.cook@canonical.com>
 2009-07-24 07:33:09 +00:00
John Johansen
6afe6185be Fix change_profile so that it works with regular expressions (lpn390810) 
Change_profile was broken so that it couldn't parse expressions that
weren't path based or started with a variable.  Furthermore if the name
held any expressions it was not hanlded correctly, as it was being passed
directly to dfa conversion without going through glob -> pcre conversion.
 2009-07-23 21:18:37 +00:00
Steve Beattie
298b32e82e Fix up another include test that was failing for the wrong reason. 2009-07-23 20:38:59 +00:00
Steve Beattie
f67f92652a Fix up a couple of testcase includes that got broken in the reorg. 2009-07-23 20:27:54 +00:00
John Johansen
8a780d6f6d Rearrange tests into subdirectories, so that it is easier to see what tests 
are currently present.
 2009-07-23 07:42:57 +00:00
John Johansen
a03d354ee5 Enable simple.py to traverse subdirectories. This will allow splitting 
up the simple_tests/ dir into several subdirs, so they are easier
to manage.
 2009-07-22 22:19:23 +00:00
Steve Beattie
a08658b46d Add a couple of testcases around change_profile keyword and different 
types of profile names.
 2009-07-22 15:43:46 +00:00
John Johansen
100d791e84 Update mount test to allow for cability sys_admin, allowing mount and unmount 2009-07-08 21:35:28 +00:00
John Johansen
3850ede5cf Fix aliases so that aliases are applied to the profile name as well as 
the entries

Add rewrite as an alternative alias keyword
 2009-06-10 20:26:31 +00:00
Steve Beattie
5a2b875b81 parser/Makefile: 
* move network families to filter out into a separate variable to
   so that the list doesn't get lost in a complex sed invocation
 * pull out the actual macro definitions from linux/socket.h and use
   them if glibc's sys/socket.h (really bit/socket.h) hasn't caught up
   with the family definitions.
 2009-06-10 19:20:51 +00:00
Steve Beattie
54037862e6 Fix formatting from last commit. 2009-06-10 17:51:09 +00:00
John Johansen
5998357682 Add option to force that read implies exec from user side. 2009-06-10 15:37:27 +00:00
Steve Beattie
b240be37cc Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Acked-By: Steve Beattie <steve@nxnw.org>

- correct --as-needed linkflag
- use autotools to check for dbus and libaudit-dev properly
 2009-05-13 04:20:48 +00:00
Steve Beattie
5d38632153 Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Acked-By: Steve Beattie <steve@nxnw.org>

Fix a typo in the header.
 2009-05-12 22:03:13 +00:00
Steve Beattie
719bfd2011 Fix aclocal warning. 2009-05-12 21:58:54 +00:00
Steve Beattie
c3f9d75abe Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Acked-By: Steve Beattie <steve@nxnw.org>

This patch allows libapparmor to be built out of tree.
 2009-05-12 21:56:56 +00:00
Steve Beattie
b02e3ff0cd Fix up a couple of grotty bits around the debugging code. 2009-03-19 17:36:40 +00:00
Steve Beattie
be5ddfa59b utils/SubDomain.pm: 
- Update matching regex for reordered kernel audit messages (when they
  come through syslog). Ideally, rather than use a regex, the utils would
  just use the log parsing library to determine whether it's a log even
  of interest.
- fix debugging code write a logfile in /var/log/apparmor and not a
  predictable location in /tmp; File::Temp would be the right solution
  except that the log file is created in a BEGIN clause, and
  File::Temp.new() ends up returning an unopened filehandle in that
  situation, so logging fails. Someone with more perl-fu may know how to
  fix that.
 2009-03-19 15:32:02 +00:00
Steve Beattie
b1fab26057 Don't overwrite $STATUS if we've already hit a profile that failed 
to parse.
 2009-03-19 02:50:53 +00:00
Steve Beattie
19ddb3bfa4 Testcases that are vaguely related to 
https://bugs.launchpad.net/bugs/340183
 2009-03-13 06:39:05 +00:00
Steve Beattie
0208c5b5d6 whitespace bah. 2009-03-13 06:38:16 +00:00
Steve Beattie
62372fe628 Tentative fix for https://bugs.launchpad.net/bugs/340183 2009-03-13 06:37:39 +00:00
Steve Beattie
a9ff89cd5d Testcase reorg: rename all the ones that pertain to the old logging 
style for clarity. Support for these should be dropped in the future,
because it just introduces bugs.
 2009-03-13 05:48:06 +00:00
Steve Beattie
1acfd92d8a * set yydebug when YYDEBUG is set, this will cause mucho bison debuginfo 
to be emitted.
* whitespace fixup
 2009-03-13 05:19:39 +00:00
Steve Beattie
947a77bcde Add a case to the interface error reporting for -EACCES return, which 
likely means that the admin attempted to load a policy while confined by
apparmor.
 2009-03-13 03:44:26 +00:00
Steve Beattie
24ddc6f081 Debugging fixups: 
- report applied modes (enforce, complain, audit)
- if local profile, report name of profile it is local to
 2009-03-12 19:23:27 +00:00
Steve Beattie
27b8275d5a Add parsing testcases: 
- basic local (interior) profile support testcase
- basic deny rules test
 2009-03-12 19:22:08 +00:00
Steve Beattie
ff1dc201b1 Fix a bug where passing --Complain on the command line would override an 
audit flag set in the profile(s).
 2009-03-12 19:19:35 +00:00
Steve Beattie
13f73b626b Mild cruft cleanup (woo!) 
- fix "Namespcae" tyop
- get rid of sub_name and default_deny from the main profile struct as
  they haven't been used for a long time; also eliminates their output
  from the debugging output.
- emit dumped parsing structure with only one -d, users were confuzzled
  and it was not documented that you needed to use -dd to get it to
  output anything if DEBUG wasn't set when compiling.
 2009-03-12 16:05:19 +00:00
Steve Beattie
087182be9a Blarg, we actually documented --complain as --Complain, which of course 
doesn't work. Making the parser match the documentation, though either
form should still work.

(Based on a secondary element of https://bugs.launchpad.net/bugs/341205)
 2009-03-12 15:21:46 +00:00
John Johansen
01519b3ae0 Fix leak when AppArmor encounters a deleted file 2009-02-15 02:38:53 +00:00
John Johansen
59f0d08417 Update translation files 2009-02-07 12:16:03 +00:00
John Johansen
4fc0bd5881 Update translation files 2009-02-07 12:14:40 +00:00
John Johansen
262075ca80 Update translation files 2009-02-07 12:09:50 +00:00
John Johansen
1def78f1c4 Add missing gettext for "Repository" prompt 2009-02-06 11:09:54 +00:00
John Johansen
9574478aaa Fix compile bug reported by Mario Fetka, 2009-01-04 09:42:46 +00:00
John Johansen
458a6c0418 Apply patch from mario.fetka@gmail.com which fixes the config file for 
the module being builtin in 2.6.27, 2.6.28
 2008-12-13 10:16:05 +00:00
John Johansen
1910575215 Apply patch from mario.fetka@gmail.com to cleanup AppArmor build under 
2.6.27/2.6.28
 2008-12-13 10:08:32 +00:00
John Johansen
28ba83a313 Update kernel patches for 2.6.28 2008-12-10 17:57:41 +00:00
John Johansen
9d87470a60 update patch becuase tag is being set else where 2008-12-05 09:41:03 +00:00
John Johansen
5148942b90 Fix a missing case in the pcre-expression parsing "\\" 
Change the globbing conversion to include [^\x00].  This reduces cases of
artifical overlap between globbing rules, and link rules.  Link rules
are encoded to use a \0 char to seperate the 2 match parts of the rule.

Before this fix a glob * or ** could match against the \0 seperator
resulting the generation of dfa states for that overlap.  This of course
can never happen as \0 is not a valid path name character.

In one example stress policy when adding the rule
  owner /** rwl,
this change made the difference between having a dfa with 55152 states
and one with 30019
 2008-12-04 10:44:02 +00:00
John Johansen
037d7b5a57 Clean up the tree simplification code, and make the following improvements 
- disable charter, charset merging.  This can actually hamper optimization
  in some cases and needs special cases added to the factoring code.

  The charset code is merged off into its own routines that can be
  reenabled at a later time.

- fix a couple bugs in tree simplifications that would cause earlier
  exit before the tree had even reached a local minima

  I particular the t != c portion of the simplify_tree, would cause
  the loop to exit early if it didn't change but other modifications
  had been made.

- remove the extra epsnode that was getting added to the created tree

- optimize the forward factor alt loop so that it will find all left
  factor matches down the alt subtree without having to loop and recompare
  against nodes that were already checked

These changes result in small improvements in most cases, but in some
policies the changes result in very large wins.  The early bailout of
optimizations was causing 2.5* as many dfa states in one particular
stress test policy.
 2008-12-03 03:47:31 +00:00
John Johansen
c4a2786ff7 back port applicable patches from 2.6.27 branch 2008-11-28 13:11:22 +00:00
John Johansen
a4c3f33245 Setup base of 2.6.26 version of patches, copied from for mainline r1292 2008-11-28 11:56:09 +00:00
John Johansen
72bdec2f76 Several cleans, that will be merged in for final release 
- fix-complain.diff
  Fixes deny rules in complain mode so that they don't reject events

- mount-capability.diff
  Allow confined applications to mount and unmount as long as they
  have capability sys_admin

- fix-config.diff
  Add the missing SECURITY_NETWORK dependency

- fix-security-param.diff
  Make apparmor respect the security= parameter

- securit_default.diff
  Add a new kernel config option to allow setting the default LSM,
  When multiple LSMs are compiled into the kernel this is often
  more desirable than taking the first LSM to register

- fork-tracking.diff
  Newer kernels have changed the allocation of child pid until after
  the security_clone hook.  This breaks AppArmor's fork tracking
  for processes that enter the null-complain-profile.

  To fix this the parent pid is output with every message.  A corresponding
  update in the tools also must be done.

- fix-d_namespace_path.diff
  It is possible that the root.mnt->mnt_ns has been unmounted, resulting
  in an oops.  In this case just test for it, and if it happens the
  ns_root.mnt passed to __d_path will be NULL resulting in a disconnected
  path.

- AppArmor-misc-cleanups.diff
  Some miscelleanous cleanups from Miklos Szeredi, covering some
  kernel coding style and defaults cleanups

- AppArmor-checkpatch.diff
  patch from Miklos Szeredi, to cleanup sparse warnings, and other misc
  coding style errors.
 2008-11-28 09:22:54 +00:00
Steve Beattie
e18d431b0e Resurrect a random profile generator for stress testing the parser. 
Needs love in the form of enhancements to support regexs, all the added
features in upcoming 2.3 release, etc.

Could also stand a bit of refactoring to make the ruby program not suck
up so much ram by writing out profiles as things go along rather than
generating a bunch of large objects and keeping them around.
 2008-11-26 22:16:48 +00:00
Steve Beattie
edfa025814 Move preamble inclusions to a different directory since it was breaking 
the test on including an entire directory.
Add some basic local profile tests.
 2008-11-25 19:05:40 +00:00
Steve Beattie
2e5807b6c4 Add two tests for aliases within include files. 2008-11-24 19:53:36 +00:00
John Johansen
9bf970a4c1 Fix the utils to use the unconfined instead of unconstrained, as the kernel no 
longer supports the word unconstrained.
 2008-11-21 13:03:52 +00:00
John Johansen
e9e58b9887 Fix bnc#447566, where enforce, complain, and audit tools fail to work 
for profiles that use the profile keyword before the profile name.
 2008-11-21 13:03:00 +00:00
John Johansen
7fdf8d9925 Fix bnc#430358 where the utils make an invalid profile, by outputting 
other rules with no permissions.

Since other rules are not currently supported, remove them.
 2008-11-21 12:58:48 +00:00
John Johansen
4c3df3ae53 fix bnc#407491, where a solatary / is not properly handled by the utils 
The / is stripped and permission is prompted for a "" path.
 2008-11-21 12:57:08 +00:00
John Johansen
39343c8675 Fix fork track (bnc#447564) 
Fork tracking is broken by the kernel message for clone no longer supplying
the child pid correctly.  Instead the parent pid will be output with each
message and the tools will fake a fork when they detect a previously
unknow parent child relationship.
 2008-11-21 12:55:00 +00:00
John Johansen
77caea2cc7 'unconfined' can appear to mix up process names eg. (/usr/bin/rsync vs. 
/usr/bin/rsyncd) bnc#408869

The unconfined tool shows:

[...]
29799 /usr/bin/rsync not confined
29799 /usr/bin/rsync not confined

This is because unconfined is grabbing the post symlink resolved exe filename
which for /usr/sbin/rsyncd is /usr/bin/rsync.

To fix this provide both the cmdline and exec name in parenthesis when the
exe name and the cmdline name differ.

For the above example you would see
29799 /usr/bin/rsync (/usr/sbin/rsyncd) not confined
 2008-11-21 12:31:22 +00:00
John Johansen
07ded00bd3 Update klogd profile with rejects reported in bnc#436849 2008-11-21 11:51:01 +00:00
John Johansen
f1348fb693 Add missing firefox profile from previous commit 2008-11-21 11:26:27 +00:00
Steve Beattie
1e3e427263 Bleah, the previous code was killing the wrapper sh created by the 
open("|")  call, but not the actual apparmor_parser process itself.
 2008-11-21 05:00:06 +00:00
Steve Beattie
a64d8142c9 Add a 2 minute (by default, configurable) timeout to each testcase, this 
should prevent runaway apparmor_parser processes.
 2008-11-20 23:22:43 +00:00
Steve Beattie
e1a2c27cfd Update documentation on how many entries the 3rd stress test generates. 2008-11-20 17:38:38 +00:00
John Johansen
de3ed997a7 Add a test for dfa tree optimization. The test is a profile that could 
OOM a machine without dfa tree optimization.
 2008-11-20 17:27:32 +00:00
Steve Beattie
a8fea9babc With jjohansen@suse.de's latest optimisation commits, this test case is 
now feasible once again.
 2008-11-20 17:27:01 +00:00
John Johansen
b017899f12 Fix a bug in tree normalization, where it could get stuck in an infinite loop 
when doing Epsnode move, when cating or alting two epsnodes.
 2008-11-20 16:19:51 +00:00
John Johansen
0491e8d707 Add char node, and char node set merging. This does not have a substantive 
impact on performance but makes tree debugging nicer.
 2008-11-20 13:23:13 +00:00
John Johansen
c0533b390b Reintroduce calling back into tree simplification when any modifications have 
been made but only from the top level.  This allows us to get the
optimizations that were missed, while not causing the massive recursive call
explosion we had before.
 2008-11-20 13:21:23 +00:00
John Johansen
1855fde331 Reduce the use of simplify recursion, repeating the recursion of single 
changes is a waste especially as we get to larger subtrees.

Unfortunately this also means that a fair bit of optimization is lost.
 2008-11-20 13:18:30 +00:00
John Johansen
91eb71e9fa Improve tree normalization 
- reduce the amount it is called, and the amount of recursion it does
- fix a bug that would prevent trees from being fully normalized
 2008-11-19 16:54:26 +00:00
John Johansen
77eb67b5a0 Fix problem where named execute transitions were not being applied, for hats 
and local profiles.  bnc#446574
 2008-11-19 14:00:06 +00:00
Steve Beattie
6cfcb1a823 Submitted By: Mario Fetka (mario dot fetka at gmail dot com) 
Description: fix compile on build

Patch from Gentoo community:
  - fix up a couple of missing semicolons in syntax (bison compensates
    by emitting it's own)
  - Fix yet another variable tyop in rc.apparmor.functions
  - dump stderr of ls in rc.apparmor.functions to /dev/null
  - add an install-unknown make target
 2008-11-18 17:33:38 +00:00
Steve Beattie
aed481debe Add simple testcase for alias duplicate detection. 2008-11-16 00:49:43 +00:00
Steve Beattie
96e124bf8d Bah, the last commit message was wrong; it added support for mixing 
alias rules and variable declarations within the preamble of a profile.

This commit adds another testcase for alias rules; one in which there is
an overlapping pair of aliases. The parser parses it, but based on -dd
output, I don't believe it's treating it properly.
 2008-11-14 16:46:16 +00:00
Steve Beattie
cc923edf3c - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-14 16:25:44 +00:00
Steve Beattie
6b793b1a8b Add a testcase for the alias handling 2008-11-13 23:48:11 +00:00
Steve Beattie
b07ec7d81b - Add AF_ISDN to filtered list of AF tags 
- Restructure filter sed script to be shorter
- Add a make check target which is equiv to make tests
 2008-11-13 23:28:38 +00:00
John Johansen
052c58403d fix init script dependency to use $null on stop 2008-11-07 14:11:34 +00:00
John Johansen
5b97455878 Improve dfa generation. 
Apply tree factoring and simplification techniques to reduce the number of
states used in computing the dfa.  This can have an exponential impact
on both space and time for dfa generation.
 2008-11-07 13:00:05 +00:00
John Johansen
8db35802f9 allow external hats to begin with ^ 2008-11-07 12:54:52 +00:00
John Johansen
6c39288cec fix init script functions so that they don't make use of utilities from 
/usr/bin, which will break /usr if they are on a remote filesystem
 2008-11-07 12:53:37 +00:00
John Johansen
528b1435da Update translation files 2008-11-07 12:04:00 +00:00
John Johansen
4f2821bce0 Update translation files 2008-11-07 12:02:32 +00:00
John Johansen
ecf9412623 Update translation files 2008-11-07 12:01:08 +00:00
John Johansen
f6d502017d Allow introspection in avahi bnc#431222 2008-11-07 05:52:01 +00:00
John Johansen
7d6b94b4c2 fix case/esac indentation on rc.* 2008-11-07 01:46:03 +00:00
John Johansen
6911dfd7d6 Fix indentation for case/esac on rc.apparmor.suse rc.aaeventd.suse 2008-11-07 01:44:05 +00:00
John Johansen
42c43bb520 fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:33:57 +00:00
John Johansen
6b6c57887c Reverting previous commit. 2008-11-07 01:31:19 +00:00
John Johansen
1b0dd32cca fix race condition between boot.apparmor and boot.cleanup bnc#426149 2008-11-07 01:19:55 +00:00
Steve Beattie
32696e32bc Things will also be painfully broken if there's a profile for /bin/dash, 
which serves as /bin/sh on ubuntu.
 2008-11-06 22:48:32 +00:00
John Johansen
7d8f597c86 Update firefox profile as base for firefox 3 2008-11-05 16:00:39 +00:00
John Johansen
a77734a600 add reject for Novell bnc#425041 2008-11-05 14:53:00 +00:00
John Johansen
7e49a0004b Update ntpd to contain rejects for bnc#433368 and bnc#402693 2008-11-05 14:23:25 +00:00
John Johansen
aab94f31c0 Allow ntp to have capability dac_override 2008-11-05 14:10:08 +00:00
John Johansen
434bbfc409 Fix ntp chroot rejects Novell bnc#256291 2008-11-05 14:08:43 +00:00
John Johansen
148ed13b5e Fix reject for opensuse 11.1 listed in Novell bugzilla bnc#405317 2008-11-05 12:03:29 +00:00
John Johansen
f772109c4d Fix rejects reported in Novell bnc#436849 2008-11-05 11:57:34 +00:00
Steve Beattie
288aed8886 Fix uninitialized variable warning if /etc/apparmor/repository.conf does 
not exist.
 2008-11-04 20:37:57 +00:00
Steve Beattie
e56ed9a68a From: Jesse Michael <jesse.michael@comcast.net> 
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

The format of audit messages that are redirected to syslog because
auditd isn't running changed between Hardy and Intrepid and now have
the type=NNNN field before the audit tag like--

Nov 1 22:24:43 box kernel: [ 158.113592] type=1503
audit(1225603483.635:5): operation="inode_permission" requested_mask="r::"
denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034
profile="/usr/sbin/cupsd"

I believe this patch will address the moved type=NNNN field as well as
capturing non-matching logfile input instead of printing it to stdout.

Patch modified by Steve Beattie <sbeattie@ubuntu.com> to take into
account a couple of different situations.

https://bugs.launchpad.net/bugs/271252
https://bugzilla.novell.com/show_bug.cgi?id=441381
 2008-11-04 20:19:59 +00:00
Steve Beattie
e6e3447c19 More testcases around syslog parsing. 2008-11-04 17:42:25 +00:00
Steve Beattie
023fe19c6d Add a testcase for the passthrough of unparsed input to stdout as 
reported in https://bugs.launchpad.net/bugs/271252
 2008-11-03 19:39:34 +00:00
Steve Beattie
449abea6b5 Add a testcase for the syslog format change documented in LP#271252 2008-11-03 19:34:29 +00:00
Steve Beattie
f1de0575d1 Removing old-style log message testcase; sadly, it's unlikely that will 
ever support this message type in the log parsing library, given that
there shouldn't be much out there generating old style audit messages
anymore.
 2008-11-03 17:48:43 +00:00
Steve Beattie
5c9177fa81 Fixing missing testcase error file 2008-11-03 17:38:08 +00:00
Steve Beattie
6c526f081f Fix compiler warning in the test_multi test program. 2008-11-03 17:17:48 +00:00
Steve Beattie
0ebee05092 Fix a compilation error on ubuntu; wondering if there's older distros 
where glibc doesn't provide /usr/include/dirent.h.
Also fixed a compilation warning around fprintf sizes.
 2008-10-08 19:43:28 +00:00
John Johansen
93f22b7fd6 fix bad parameter merge on apparmor_ptrace 2008-10-03 20:43:43 +00:00
John Johansen
2873f3effd Add apparmor patches for 2.6.27, and related aufs patches. 2008-09-30 16:00:31 +00:00
John Johansen
b3a1923a8f update to 2.3.1 2008-09-12 10:40:04 +00:00
John Johansen
fe07cb1e6c fix miss spell word transtion bnc383310 2008-09-12 06:52:39 +00:00
John Johansen
c149ae6097 Finish adding support to allow the parser to loaded dumped profiles 
generated using
  apparmor_parser profile -S >binary_profile

can now be loaded using
  apparmor_parser -B binary_profile
 2008-09-10 08:44:53 +00:00
John Johansen
ac88f71c63 Allow the parser to load opensuse 11.0 style hats and newer 2.3 style hats 2008-09-10 08:42:49 +00:00
John Johansen
f2dec0e337 fix for bnc408846, where network rules are repeatedly prompted for even when 
a matching rule is in the profile.
 2008-09-10 08:38:44 +00:00
John Johansen
4fb77c6f5d fix 3 bugs currently convered by bnc408877 
- flags being dropped from hats
- rules can be poorly split on writing the profile
- identical rules with different permissions are not properly combined, so
  that only permissions of the last rule are kept
 2008-09-10 08:36:59 +00:00
John Johansen
ddfb6fb978 update for missing comma 2008-07-03 02:30:56 +00:00
John Johansen
6a3e6c68be update patches to 2.6.26 2008-07-02 20:24:33 +00:00
John Johansen
748e398c21 - various patches and cleanups from kees@ubuntu.com 2008-06-11 20:19:36 +00:00
John Johansen
e663e7c0b0 Zbyniu Krzystolik <zbyniu@pld-linux.org> 
Added missing capabilities names.
Simple rlimits support.  It doesn't care about range of individual limit, 
you can add ie -100G stack size or 100M nice. But maybe sufficient?
 2008-06-09 23:30:35 +00:00
John Johansen
2781d88abc update help message 2008-06-09 22:15:28 +00:00
John Johansen
58b8a58e86 Patch from zbyniu to allow parser to build on glibc (<2.4) 2008-06-09 21:17:41 +00:00
John Johansen
f670eaf464 output the names only list before post processing the policy 2008-06-09 21:15:17 +00:00
John Johansen
100ff7cabb Update to allow external hats by specifying the hat keyword in front of 
the profile name.
 2008-06-09 12:00:42 +00:00
John Johansen
d8df8830f1 add hat flag and add it automatically for embedded hats 
remove hat rules
 2008-06-09 11:48:13 +00:00
John Johansen
8420935617 add hat flag to profiles, and test for it in change_hat 2008-06-09 11:47:21 +00:00
John Johansen
5655293cf8 oops, fix the rlimit table size test 2008-06-09 10:15:31 +00:00
John Johansen
303721fca2 - Fix rlimits to work when user space passes in fewer rlimits than the number 
of rlimits supported by the kernel.
- remove hat rules
- add hat flag for each profile
- fix apparmorfs profile listing code.  Used to only return the first
  80 or so profiles, and then refuse to output more
 2008-06-09 10:12:23 +00:00
John Johansen
8f13e0d60d - fix rcapparmor stop. Have it dump the loaded profile list to a file before 
removing profiles, as the list is unstable after additions or removals.
- Add the ability to loaded precompiled policy by specifying the -B
  option, which can be combined with --add or --replace
 2008-06-09 10:00:28 +00:00
John Johansen
0c95606e03 let the parser add the change_hat rule 2008-06-08 09:32:12 +00:00
John Johansen
3b11aa9050 Remove hat rules. In large policies the number of hat rules becomes 
problematic, hat rules can be replaced with simple hat flag on a profile.
 2008-06-08 09:02:27 +00:00
John Johansen
b2f4863231 Fix to stop leaking the dfa ruleset. On large policies containing lots of 
hats this will result in a marked improvement on memory usage.
 2008-06-08 08:56:37 +00:00
John Johansen
aa0b2030c7 add missing for 2008-06-04 11:36:13 +00:00
John Johansen
be495f2125 fix 
- rc.apparmor.functions were not correctly removing profiles on replace and
  reload, also convert to using the module interface directly bypassing the
  parser.
- fix cx ->  named transitions
- fix apparmor_parser -N so that it emits hats as profiles under new kernel
  modules.  This is the correct behavior as hats are promoted to profiles.
 2008-06-04 07:24:38 +00:00
John Johansen
3897c52414 update link_subset test, to include child x 2008-06-04 05:59:11 +00:00
John Johansen
9e8c5e9914 Fix two bugs 
- rpc was failing when passing arrays because the perl is_utf8 string flag
  was set even though its only sending numbers but newer HTTP::Message
  checks for this is_utf8 and if it finds it aborts.
- fix local profiles
  local profiles were failing because
  1.) the parameters to serialize_profile were bad
  2.) the file location was not getting updated so they would get written
      back to the inactive profiles directory
 2008-06-03 21:54:55 +00:00
John Johansen
cb9f84a61e fix repository profile saving, where the name for profiles from the repository got lost on saving 2008-06-03 10:38:19 +00:00
John Johansen
838d22220a bleah finally get the config setting for default owner right 2008-06-02 09:02:09 +00:00
John Johansen
9a1f1a5689 fix not defined owner_toggle to default_owner_prompt as it should be 2008-06-01 04:59:08 +00:00
John Johansen
8d3ff10db1 Update the utils profile restrictions so that cx and named transitions can be 
used on utility programs
 2008-05-30 07:21:15 +00:00
John Johansen
787cb39f81 fix profile unloading, and make it faster by skipping the parser and going 
directly to the unload interface.  This means that the init script will no
longer run on very old versions of AppArmor (pre 2.0)
 2008-05-29 23:10:27 +00:00
John Johansen
934e00a1de commit patch provided by arekm 
- remove bashism from initscript
- fix segfault in apparmor_parser on x86-64
 2008-05-29 18:58:18 +00:00
John Johansen
8c47189e19 update names output so that profile reload works correctly with hats and local profiles 2008-05-29 06:09:34 +00:00
John Johansen
c82947b8b7 clean up kernel patch directory 2008-05-27 12:01:30 +00:00
John Johansen
b4edea623b add 2.6.24 branch 2008-05-27 11:55:58 +00:00
John Johansen
1b60c9bf8e update __d_path-keep-connected.diff to not use MS_NOUSER. add comments to head of some other patches 2008-05-27 11:44:19 +00:00
John Johansen
613471f84c fold in fix-named-transitions, update d_path-keep connected to not use MS_NOUSER 2008-05-27 11:35:44 +00:00
John Johansen
4be9cf08e7 update __d_path-keep-connected.diff 2008-05-27 11:32:19 +00:00
John Johansen
84cd045d53 exclude AF_CAN for now 2008-05-26 10:22:56 +00:00
John Johansen
516fb55d1d update translation files 2008-05-26 09:52:11 +00:00
John Johansen
4dd8db05b8 fix previous patch to allow for white space seperating profile keyword and profile name 2008-05-22 20:11:03 +00:00
John Johansen
0bd0e19f05 add desktop dir 2008-05-22 10:01:56 +00:00
John Johansen
62888cfec7 add translation files 2008-05-22 09:28:18 +00:00
John Johansen
44e22c56f9 update translations 2008-05-22 09:26:15 +00:00
John Johansen
c207df96bb allow profile name following profile keyword to be any valid name. NOTE: this breaks namespaces currently 2008-05-22 09:16:46 +00:00
John Johansen
39f20fd3b1 move old profile parsing library into deprecated 2008-05-19 22:54:06 +00:00
John Johansen
02235cc3cb move old log parsing library into deprecated 2008-05-19 22:53:08 +00:00
John Johansen
7d30be5087 move libapparmor into the libraries directory 2008-05-19 22:48:31 +00:00
John Johansen
332c5f908a make a libraries dir 2008-05-19 22:47:36 +00:00
John Johansen
4c3f1268aa move yastui to deprecated as the YaST ui is now being maintained and developed in the YaST svn 2008-05-19 22:46:34 +00:00
John Johansen
ddf2704a42 default owner_toggle to off it is not in the config file 2008-05-19 22:43:24 +00:00
John Johansen
f6824704c5 fix profile variables with no value to have empty string, as the parser doesn't support having no value yet 2008-05-07 18:38:53 +00:00
John Johansen
5eb6218708 add missing tunables file 2008-05-07 12:07:28 +00:00
John Johansen
10a2b621f4 fix initscript removal of profiles without attachment specification 2008-04-24 18:34:21 +00:00
John Johansen
51558b0b19 add missing ; to complain and enforce. copy fix over to audit 2008-04-24 18:24:02 +00:00
John Johansen
fe9ae3968b - d_path path fix 
-  remove use of fgetattr
-  fix named transitions
 2008-04-24 17:31:08 +00:00
John Johansen
cbdea9c7c2 Add new exec modes and many bug fixes 2008-04-24 16:05:33 +00:00
John Johansen
d4856f9680 latest version of the patches, updated off of 2.6.25 dev 2008-04-19 23:08:39 +00:00
John Johansen
8c5f77c4bd Add AppArmor 2.3 kernel patches for 2.6.25 2008-04-19 17:49:10 +00:00
John Johansen
d85344df63 add support for user rules 2008-04-18 21:16:15 +00:00
John Johansen
3db6bd6c54 more audit support. file rules this time 2008-04-18 21:10:25 +00:00
John Johansen
fe5a2b35ee remap includes to do {}{} link the profiles use {profile}{profile} 2008-04-18 21:09:53 +00:00
John Johansen
e06d1bf84b add support for audit keyword 2008-04-18 21:09:05 +00:00
John Johansen
ad996cec9c add support for set capability 2008-04-18 21:08:34 +00:00
John Johansen
94c795aa52 Hrmm. Actually add support for deny rules 2008-04-18 21:08:05 +00:00
John Johansen
ac273b33f8 Add support for deny rules 2008-04-18 21:07:37 +00:00
John Johansen
9b7912c39f add an extra hash level to distiguish between allow and deny - only use allow 2008-04-18 21:07:16 +00:00
John Johansen
36e0d38fc4 rename global vartable to the filetable 2008-04-18 21:06:24 +00:00
John Johansen
8d715ce9d6 make it so just reading an embedded hat doesn't cause the profile to be rewritten 2008-04-18 21:04:54 +00:00
John Johansen
6e87b3f004 add enough support for cx modes that parsing can succeed 2008-04-18 21:04:16 +00:00
John Johansen
bc652326a7 refactor to pass the profile down, as a step to making routines more generic and independant 2008-04-18 21:03:28 +00:00
John Johansen
1c8b9a51e4 make modes be stored as a bit set and use bit operations 2008-04-18 21:02:47 +00:00
John Johansen
83a35b57c2 give paths a sub hash to store mode into 2008-04-18 21:02:07 +00:00
John Johansen
e43a4769be retain the filename the profile was loaded from and use that when writting it back out 2008-04-18 21:01:10 +00:00
John Johansen
f213706f17 support retaining variables in the head of the file 2008-04-18 21:00:35 +00:00
John Johansen
5a088a1a47 change order that rules are output in 2008-04-18 20:59:42 +00:00
John Johansen
0cbaee9902 support parsing retaining of subset on link rules 2008-04-18 20:59:00 +00:00
John Johansen
a67cfbbb30 keep variables 2008-04-18 20:58:07 +00:00
John Johansen
2a0dc5aae9 keep change_hat rules 2008-04-18 20:57:51 +00:00
John Johansen
d07689e2a7 support and keep profiles using the profile keyword 2008-04-18 20:57:33 +00:00
John Johansen
5d1d6d31c3 keep set capability rules 2008-04-18 20:57:01 +00:00
John Johansen
03728a0155 keep rlimit rules 2008-04-18 20:56:41 +00:00
John Johansen
715952ce0d keep alias rules 2008-04-18 20:56:26 +00:00
John Johansen
de95e8b6ef keep change_profile rules 2008-04-18 20:56:08 +00:00
John Johansen
cda1e94f8a basic patch to link rules 2008-04-18 20:55:43 +00:00
John Johansen
7ec531f4e8 try to make some general writer routines 2008-04-18 20:55:11 +00:00
John Johansen
e48fccb6d0 simple patch to map u::g modes into old style 2008-04-18 20:50:18 +00:00
John Johansen
e25c4dad06 fix bug where task was getting dropped 2008-04-18 20:49:48 +00:00
John Johansen
89b9ef516a don't change locale if yast has already set them 2008-04-18 20:49:00 +00:00
John Johansen
3efb4ea353 allow bare x in named transitions 2008-04-18 00:40:40 +00:00
Steve Beattie
7a751a53f6 Not sure why the close of stdout and redirection of the pipe was here, 
given that the following write was to the specific file descriptor in
the pipe.
 2008-04-17 22:09:05 +00:00
Steve Beattie
c0275d06eb Fix up some dependencies in parser_misc.c's unit test build. 2008-04-16 16:27:23 +00:00
Steve Beattie
e41a326ef5 Add a flag so that 'make check V=1' will turn on verbose output. 2008-04-16 16:09:36 +00:00
John Johansen
ee03760c1d disable named transition conversion to cx. Needs to be reworked 2008-04-16 08:48:06 +00:00
John Johansen
11f925abba fix named transition, enable cx to imply transition to local profile, without having to specify name 2008-04-16 06:54:51 +00:00
John Johansen
015df061e3 Named transition - but disabled due to a bug 2008-04-16 04:45:02 +00:00
John Johansen
db34aac811 Basis for named transitions 2008-04-16 04:44:21 +00:00
John Johansen
051a3f8c01 add missing parser_alias.c + fix parameter bug in parser.h 2008-04-11 17:43:22 +00:00
Steve Beattie
666a8ec51b Fix up prototype error. 2008-04-10 22:24:35 +00:00
John Johansen
3092aaa821 Various profile updates touching on bnc#255270, bnc#331444, bnc#307365 
bnc#230700
 2008-04-10 08:54:05 +00:00
John Johansen
c6666773d9 update config to point the repo to 11.0 2008-04-10 08:51:29 +00:00
John Johansen
9961c4b895 skip vim swp files in the profile dir. bnc#205105 2008-04-10 08:40:52 +00:00
John Johansen
e59f8bfd29 fix bnc@304205. Stop redefining LC_MESSAGES when it yast has alread 
defined it.
 2008-04-10 08:25:23 +00:00
John Johansen
6850b933dc Fix bnc#257286, so that if complain or enfore fail to load the profile, 
they will fail and dump the profiles error message.
 2008-04-10 07:25:46 +00:00
John Johansen
16b5a26306 update for ptrace rules 2008-04-09 23:56:31 +00:00
John Johansen
4dd0e8ead8 allow for ptrace rules 2008-04-09 09:04:08 +00:00
John Johansen
78590d1823 allow for simpe alias rules 2008-04-09 09:03:17 +00:00
John Johansen
b742da7751 allow <= to be used instead of subset in link rules 2008-04-09 09:02:51 +00:00
John Johansen
add2b93657 update interface version 2008-04-08 20:30:06 +00:00
John Johansen
4016ae5fb3 bump version to 2.3 2008-04-07 18:37:57 +00:00
John Johansen
26e1f20262 rename-rlimit.diff to apparmor-rlimit.diff 2008-04-07 18:00:34 +00:00
John Johansen
2ed2bc67f0 merge patches down to start cleaning up 2008-04-07 17:55:03 +00:00
John Johansen
1daeaa9308 reorder patches in preparation for patch merging 2008-04-07 17:48:20 +00:00
John Johansen
d3eb6500f5 oops, reenable setting the rlimits 2008-04-07 14:51:26 +00:00
John Johansen
aef0eb93dd Fix rlimits so that it doesn't try to do nproc checks when moving 
to an unconfined state; which would result in dereferencing a null
profile pointer.
 2008-04-07 04:47:08 +00:00
John Johansen
aba82ff427 reject rlimit cpu in the parser 2008-04-07 04:26:02 +00:00
John Johansen
831f2e252c add missing tests 2008-04-06 18:57:05 +00:00
John Johansen
ecf6b55baf let a profile control a tasks rlimits 2008-04-06 18:55:46 +00:00
John Johansen
34f2c96700 let a profile set a tasks caps, similar to fscaps 2008-04-06 18:55:27 +00:00
John Johansen
13e04a9f02 update of unattached profile to require profile keyword 2008-04-06 18:54:52 +00:00
John Johansen
d4c9f0ad0c recommit namespace update to use :namespace: 2008-04-06 18:53:59 +00:00
John Johansen
c460dcc52f update change_hats rules to generate rules for all hats 2008-04-06 18:52:47 +00:00
John Johansen
6f65e6e8f5 A fix-dfa.diff 
- rework how null transitions are done.

M    fix-profile-namespaces.diff
- fix namespaces to use the :namespace: syntax

A    cap-set.diff
- allow a profile to set a tasks capabilities similar to fscap

A    rlimits.diff
- allow control of a tasks rlimits
 2008-04-06 18:50:37 +00:00
John Johansen
5f5aeee472 Allow for profiles without attachment, ie. they don't begin with / 
currently profile names can not collide with file modes nor with
keywords
 2008-04-05 05:47:49 +00:00
John Johansen
bbd31c70a1 change namespaces to use the :namespace: format 2008-04-05 05:46:06 +00:00
John Johansen
74152bbd9d Add the implicit change_hat rules for hats in the profile. 
Allow external hats by declaring them in the profile via
  ^hatname,

eg.
  /foo {
     ^local_hat {

     }

     ^external_hat,
  }

  /foo//external_hat {

  }
 2008-04-05 05:44:44 +00:00
John Johansen
81d40bd281 Fix profile namespace to use :namespace: format, and allow for profiles 
that don't begin with /
 2008-04-05 05:40:15 +00:00
John Johansen
ec08477129 fix type on typename in cast bug 2008-04-05 04:57:51 +00:00
John Johansen
3bbca91391 fix fatal errors so that they don't exit with an exit code of 0 when no 
previsous tests failed.  Instead have fatal errors always exit with
a exit code of 127
 2008-03-28 07:17:14 +00:00
John Johansen
6b6c045fbf Update ptrace test 
- fix some races that could lead to tests randomly failing
- extend tests to test more combinations
 2008-03-27 17:27:39 +00:00
John Johansen
e103873eb2 merge over r1151 - update to exec.sh test which allows it to run on 
64 bit platforms using /lib64
 2008-03-27 01:16:40 +00:00
John Johansen
a3c0753b89 Add Audit control to AppArmor through, the use of audit and deny 
key words.  Deny is also used to subtract permissions from the
profiles permission set.

the audit key word can be prepended to any file, network, or capability
rule, to force a selective audit when that rule is matched.  Audit
permissions accumulate just like standard permissions.

  eg.
  audit /bin/foo rw,

  will force an audit message when the file /bin/foo is opened for
  read or write.

  audit /etc/shadow w,
  /etc/shadow r,
  will force an audit message when /etc/shadow is opened for writing.
  The audit message is per permission bit so only opening the file
  for read access will not, force an audit message.

  audit can also be used in block form instead of prepending audit
  to every rule.

  audit {
    /bin/foo rw,
    /etc/shadow w,
  }
  /etc/shadow r,	# don't audit r access to /etc/shadow


the deny key word can be prepended to file, network and capability
rules, to result in a denial of permissions when matching that rule.
The deny rule specifically does 3 things
- it gives AppArmor the ability to remember what has been denied
  so that the tools don't prompt for what has been denied in
  previous profiling sessions.
- it subtracts globally from the allowed permissions.  Deny permissions
  accumulate in the the deny set just as allow permissions accumulate
  then, the deny set is subtracted from the allow set.
- it quiets known rejects.  The default audit behavior of deny rules
  is to quiet known rejects so that audit logs are not flooded
  with already known rejects.  To have known rejects logged prepend
  the audit keyword to the deny rule.  Deny rules do not have a
  block form.

eg.
  deny /foo/bar rw,
  audit deny /etc/shadow w,

  audit {
     deny owner /blah w,
     deny other /foo w,
     deny /etc/shadow w,
  }
 2008-03-13 17:39:03 +00:00
John Johansen
36ad7de2c5 Add the ability to specify link subset test on a link pair, and 
fix a bug where link pairs could get improperly merged.
 2008-03-13 16:49:10 +00:00
John Johansen
d2eeef8291 extend the flags in preparation for audit control 2008-03-13 16:46:53 +00:00
John Johansen
814773b2e1 Update the parse to emit a 0 to seperate pairs in the dfa. 
This was always the intended behavior and fixes a bug where
the dfa will match change profile rules using // seperator.
 2008-03-13 16:46:19 +00:00
John Johansen
923fc92c7a M split_init.diff 
- fix split init so that apparmor can be enabled at the boot command line.
  The init was broken so that apparmor couldn't be enabled unless enabled
  by default.

M    apparmor-fix-lock-letter.diff
- fix the lock letter being reported (z -> k) and update some comments

A    apparmor-create-append.diff
- fix semanitc bug where full write perms were needed to create a new file,
  where only append is needed.

M    fix-link-subset.diff
- partial fix of link subset
A    no-safex-link-subset.diff
- more link subset fixes

A    audit-log-type-in-syslog.diff
- fix audit type being missing when messages go to syslog.  This patch
  is needed for apparmor to work when messages go to syslog instead of
  auditd.  This patch can be dropped when upstream includes the
  patch to report audit number when reporting to syslog

A    audit-uid.diff
- report the fsuid to the log

A    hat_perm.diff
- setup to use hat permissions instead of just profile search for
  2.3

A    apparmor-failed-name-error.diff
- fix a bug where on failed name resolution no error or information is
  output.  It now reports info in the status field and includes an
  error_code

A    extend-x-mods.diff
- extend the x-mods in preparation of audit ctl

A    apparmor-secondary-accept.diff
- extend the dfa to have a second accept table used for audit ctl

A    apparmor-audit-flags2.diff
- extend apparmor to support audit ctl of individual permissions.
- finish fixing link-subset

A    fix-change_profile-namespace.diff
- Not applied, ignore
 2008-03-13 16:36:38 +00:00
John Johansen
d870116ae5 fix bnc#304205. This results in the following warning, when a profile already 
exits but doesn't have a flags=(X) component.

Use of uninitialized value in substitution (s///) at
       /usr/lib/perl5/vendor_perl/Immunix/SubDomain.pm line 4687 (#1)
   (W uninitialized) An undefined value was used as if it were already
   defined.  It was interpreted as a "" or a 0, but maybe it was a mistake.
   To suppress this warning assign a defined value to your variables.

   To help you figure out what was undefined, perl tells you what operation
   you used the undefined value in.  Note, however, that perl optimizes your
   program and the operation displayed in the warning may not necessarily
   appear literally in your program.  For example, "that $foo" is
   usually optimized into "that " . $foo, and the warning will refer to
   the concatenation (.) operator, even though there is no . in your
   program.
 2008-03-13 15:12:30 +00:00
John Johansen
6eb48919ee Add test cases for user::other perms, error_code, namespaces, fsuid that got left out of previous commit 2008-03-13 10:57:46 +00:00
John Johansen
aed6f06800 Fix bug where genprof/logprof would just die on newer mode format. 
This does not allow genprof/logprof to enable features using the
new format, just work with the new style logs.
 2008-03-13 10:49:44 +00:00
John Johansen
fe2502ed2d - Add support for fsuid & error_code. 
- Fix leak in not freeing namespace.
- Add tests
  - old style link
  - log with namespace, user::other perms, fsuid, error_code
 2008-03-11 14:37:40 +00:00
John Johansen
db7fe20a54 Update the link subset test to reflect the newer link semantics 
- safe exec is no longer considered a subset of unsafe exec
- add tests for pix permission to link subset
 2008-03-08 10:23:19 +00:00
John Johansen
ed4e639d7e make longpath a default test 2008-03-08 04:17:40 +00:00
John Johansen
7e69d3c91c add more missing files 2008-03-08 02:49:17 +00:00
John Johansen
aec1d504fe Update library to support messages fed a dispatcher from audit. Audit 
sends messages to dispatcheres without the type=X string prepended.
So update the library so the dbus dispatcher doesn't have to prepend
the audit type information before trying to parse the message.
 2008-03-02 12:57:39 +00:00
John Johansen
a0cafba8c5 This patch modifies the logparsing portion of libapparmor to reverse map 
ip protocol numbers to their names (e.g. 6 -> "tcp").
 2008-02-26 12:30:48 +00:00
John Johansen
932df992e1 add missing skype profile from previous commit 2008-02-26 12:29:36 +00:00
John Johansen
ba6606460d add missing files from previous set of commits 2008-02-26 12:28:42 +00:00
John Johansen
28860a8386 repo-cmd-line-tool.diff - Basic prototype for a command line tool to allow 
users to push/pull/search for profiles in remote
                            repositories. It is not fully functional at the
                            moment (the official repository is down) but I'd
                            like to get feedback on the basic usage. The
                            options for
                              push/pull/search/status/getconfig/setconfig
                            are working (usage/help below). I think the next
                            step could be a basic gtk UI to give users a
                            decent UI to manage profiles/repositories.
                            Feedback welcomed about the usage model - 
                            would a graphical tool make sense?

--------------------------------------------------------
aa-repo.pl --command args
    --search [author=XXX] [prog=XXX] [id=XXX]
             Search the repository for profiles matching the search criteria
             and return the results.
             NOTE: One --search switch per option

    --verbose|v
             Verbosity level. Supply either one or two switches. Two switches
             adds full profile text in returned search results.

    --push   [--profile=XXX|all] [--changelog=XXX]
             Push local profiles to repository, uses configured user and upon
             overwrite of an existing profile in the repository then prompt
             user with a diff for confirmation XXX the name of the application
             whose profile should be uploaded or "all"  to upload all
             profiles.  Multiple --profile switches may be passed to supply
             multiple profile names

             e.g.  --push --profile /usr/sbin/mdnsd --profile /usr/sbin/ftp
             e.g.  --push --profile all

    --pull   [--author=XXX] [--profile=XXX] or [--id=XXX] [--mode=complain]
             pull remote profiles and install on local system
             If operation will change local profiles then prompt user with
             diff for confirmation
             NOTE: One --pull switch per option and there are three acceptable
                   combinations

             --pull --author=XXX
               * pull all profiles in the repo for the author

             --pull --author=XXX  --profile=XXXX
               * pull the profile for prog owned by author

             --pull --id=XXXX
               * pull the profile with id

             --pull --mode=complain
               * set the profile(s) to complain mode when installed

             Profiles are checked for conflicts with currently installed
             profiles and presented as a list to the user to confirm and view.

    --sync   [--up] [--down] [--noconfirm]
             Synchronize local profile set with the repository - showing
             changes and allowing prompting the user with the diffs and
             suggest the newest version to be activated. If the --all option
             is passed then treat profiles not marked as remote as new
             profiles that will be uploaded to the repository.

    --status
             Show the current status of the local profile set. This operation
             is similar to sync but does not prompt the user to up|down load
             changes

    --setconfig [url=xxx] [username=xxxx] [password=xxxx] [enabled=(yes|no)]
                [upload=(yes|no)]
              Set the configuration options for the repository.
              NOTE: One --setconfig switch per option

    --getconfig|c
             Print the current configuration for the repsository

    --quiet|q Don't prompt user - assume that all changes should be made.
 2008-02-26 12:02:00 +00:00
John Johansen
010fc621ca logparse.diff - Update the tools to use the apparmor loparsing 
library to read events from the log files.
 2008-02-26 12:01:10 +00:00
John Johansen
0562961d71 repo-refactor.diff - Refactor the basic repository communication 
routines into a standalone perl module.
                            Factor out the config file reading/writing into a
                            standalone perl module. The goal here was to
                            start to break out some of the basic routines
                            that the tools use into their own independent
                            modules.
 2008-02-26 12:00:37 +00:00
John Johansen
dfe2b6d3db reverse commit 1104 removing optional use of xml-rpc. May reintroduce later 2008-02-26 11:58:40 +00:00
John Johansen
1f8ac9108b Update libapparmor to parse the new 2.3 logs. Specifically 
- u::other permissions
- namespace
- bug fix to parse missing lock (k) and append (a) permissions
 2008-02-26 04:39:31 +00:00
John Johansen
7140ac64a3 Make rpc-xml optional (only needed if repository is used) 2008-02-19 18:50:36 +00:00
John Johansen
1421b0b366 merge over update of .spec %changes from r1083 2008-02-19 18:49:35 +00:00
John Johansen
777ff460f8 update profiles for bugs that have been reported by various users 2008-02-19 10:35:19 +00:00
John Johansen
04acbd2bfb update profile for bugs that have been reported by various people 2008-02-19 10:32:28 +00:00
John Johansen
486bb79ef7 merge over r1088 - Add descriptiion of append, lock and network rules to the man page 2008-02-19 10:19:28 +00:00
John Johansen
92977daf75 merge over change from 1082 - update parser .spec change log 2008-02-19 10:18:12 +00:00
John Johansen
66276373cd add missing link subset tests 2008-02-18 11:19:11 +00:00
John Johansen
599e624b3a fix bitmasking 2008-02-09 14:16:07 +00:00
John Johansen
451deea533 M vfs-mkdir.diff 
- pass vfsmnt param for cgroups

A    fix-user-audit.diff
- nothing

A    fix-link-subset.diff
- fix reporting of failed link subsets

A    apparmor-fix-lock-letter.diff
- fix the reported lock letter in apparmorfs/matching
- reverted audit request_mask back to requested_mask

A    apparmor-fix-sysctl-refcount.diff
- fix a refcount leak in sysctl audit
 2008-02-09 14:07:22 +00:00
John Johansen
7ef32ce6f0 conditionally wrap audit_messages so they are dependant on the audit subsystem being enabled 2008-01-11 18:49:15 +00:00
John Johansen
5a666b5d29 add missing apparmor.h to split_init.diff 2008-01-10 20:03:06 +00:00
John Johansen
46fefd63a1 - Add apparmorfs features file (may break this into a directory, sysfs style) 
- do split init so apparmor is initialized in security_initcall
 2008-01-10 18:05:50 +00:00
John Johansen
fb62cb15b2 update apparmor_status to work when apparmor is a kernel builtin 2008-01-05 08:29:39 +00:00
John Johansen
482b8741b7 fix init script so that it doesn't result in a regex with a null alternation ie. |apparmor 2008-01-03 23:21:07 +00:00
John Johansen
e9fd1d8fc1 update init functions to work with the apparmor module being builtin to the kernel 2008-01-03 22:27:20 +00:00
John Johansen
bad1c12112 remove patches for tests as they are now applied 2007-12-23 01:17:23 +00:00
John Johansen
781e6d1882 Add the ability to mark as test as a known_fail or known_pass, 
which means the failure of the tests is known.  So known_fail
means the test should fail but is known to succeed and similar
for known_pass.

This allows tests to be marked as having a known problem so that
regressions are useful to those less familure with what is failing
 2007-12-23 01:10:29 +00:00
John Johansen
5d51c46fd6 make the link subset test livable 2007-12-23 01:07:16 +00:00
John Johansen
7742386a84 fix_changehat_fork.patch 2007-12-23 01:06:49 +00:00
John Johansen
ee47e61713 changehat-no-hats.patch 2007-12-23 01:06:30 +00:00
John Johansen
477e460858 net-raw.patch 2007-12-23 01:06:09 +00:00
John Johansen
2c7d194499 network-base.patch 2007-12-23 01:04:46 +00:00
John Johansen
a75127d9aa link_exist.patch 2007-12-23 01:04:28 +00:00
John Johansen
fb036e3296 openat.patch 2007-12-23 01:04:12 +00:00
John Johansen
d447b3b4e4 chdir.patch 2007-12-23 01:03:58 +00:00
John Johansen
77dc3a81f6 access.patch 2007-12-23 01:03:39 +00:00
John Johansen
b5d54384f0 more updates to prolog-inc 2007-12-23 01:03:27 +00:00
John Johansen
247a887a95 sysctl.patch 2007-12-23 01:02:50 +00:00
John Johansen
25c06ea4fb change_hat_profile_access.patch 2007-12-23 01:02:35 +00:00
John Johansen
7cb38c90aa basename.patch 2007-12-23 01:02:15 +00:00
John Johansen
355b968257 confined.patch 2007-12-23 01:02:00 +00:00
John Johansen
7be938573e link_perms.patch 2007-12-23 01:01:24 +00:00
John Johansen
5fb7c2cac6 dir-files.patch 2007-12-23 01:00:56 +00:00
John Johansen
93d88ebfd4 ptrace.patch 2007-12-23 01:00:33 +00:00
John Johansen
5b61f80b97 deleted-open-revalidate.patch 2007-12-23 01:00:19 +00:00
John Johansen
c843dbc392 exec_qual.patch 2007-12-23 01:00:00 +00:00
John Johansen
d54462a550 vfs-mnt.patch 2007-12-23 00:59:37 +00:00
John Johansen
98ce614c3b start of 10.3 test update 2007-12-23 00:58:47 +00:00
John Johansen
5b758f9dad fix bug where parser wasn't properly merging link rules, when a link pair was specified 2007-12-20 12:58:59 +00:00
John Johansen
edda8c2604 add owner parser tests 2007-12-20 12:58:16 +00:00
John Johansen
ace86e6d01 fix overlapping x modifiers perm computation 2007-12-20 12:56:50 +00:00
John Johansen
65e2c09be1 remove dead code 2007-12-20 12:55:27 +00:00
John Johansen
e0a1668ffd - fix regression in link pairs where exec_unsafe was not being considered 
in the link subset tests
- update fgetattr fuse patch to use fuse_update_atts
 2007-12-11 15:37:19 +00:00
John Johansen
97dbaa02cb change from U:G:O syntax to owner syntax and remove group permission 2007-11-29 18:06:53 +00:00
John Johansen
55abf6aa0b add apparmor security goal documentation 2007-11-21 09:12:04 +00:00
John Johansen
1d3697e07e remove #if 0 from fs/namei.c 2007-11-21 08:51:45 +00:00
John Johansen
33e0151579 Add reviewed by tag 2007-11-21 08:48:46 +00:00
John Johansen
3370223f9f Add fgetattr, fsetattr patches to the vfs patch series 2007-11-21 08:37:28 +00:00
John Johansen
7cb2653a85 Refresh patches against 2.6.24 2007-11-19 23:18:48 +00:00
John Johansen
4ce25448af allow specifying link permissions as a pair 2007-11-16 09:37:31 +00:00
John Johansen
398102afa8 old style link compatability 2007-11-16 09:36:42 +00:00
John Johansen
0e5484ce77 fix change profile 2007-11-16 09:36:19 +00:00
John Johansen
638535d650 exec modes per U:G:O 2007-11-16 09:35:57 +00:00
John Johansen
ec639bc82c user:group:any permissions 2007-11-16 09:35:31 +00:00
John Johansen
e601767e03 simple cleanup 2007-11-16 09:34:53 +00:00
John Johansen
40c3686041 remove old netdomain syntax 2007-11-16 09:34:01 +00:00
John Johansen
50284e8aad autogenerate the capability names file 2007-11-16 09:32:38 +00:00
John Johansen
c841a140b3 make the use of flags= optional 2007-11-16 09:31:33 +00:00
John Johansen
999e291acc factor use of id and varid into single token 2007-11-16 09:30:08 +00:00
John Johansen
20d5d20855 tests for pix exec mode 2007-11-16 09:28:30 +00:00
John Johansen
230b04231c add pix transition mode 2007-11-16 09:27:34 +00:00
John Johansen
92a569fdb3 profile namespace tests 2007-11-16 09:22:49 +00:00
John Johansen
a4721bd02d add basic handling of profile namespaces 2007-11-16 09:18:48 +00:00
John Johansen
11d8181d0d Fix bug 254677 2007-11-16 00:16:04 +00:00
John Johansen
a2de30e4ce Add missing patches 2007-11-13 16:57:45 +00:00
John Johansen
67f130c66c Move deprecated code into the deprecated branch 2007-11-13 08:33:09 +00:00
Dominic Reynolds
472a1d333a Added handling to correctly check the result of the profile development 
run and reset the profile mode to enforce when the profile development
run exits without an error.
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328045
 2007-11-06 18:08:24 +00:00
Dominic Reynolds
c074a19f24 Ignore complain flags when up|down loading profiles to|from the 
repository. This makes the repository agnostic to profile mode
(complain/enforce) - users must manage this locally via
aa-complain/aa-enforce.
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328033
 2007-11-06 18:06:18 +00:00
Dominic Reynolds
63a7fa4aed Modified code to check the repository for new profile when: 
- processing an unknown hat/execute rejection if its not already in the profile
   - at the start of processing all the remain events for the profile
Addresses novell bug: https://bugzilla.novell.com/show_bug.cgi?id=328707
 2007-11-06 16:46:57 +00:00
Dominic Reynolds
57f1e839b7 Updated regex used to detect syslog messages (from bug reported against 
Ubuntu gutsy)
 2007-11-06 16:37:52 +00:00
1820 changed files with 74244 additions and 159079 deletions
Expand all files Collapse all files

165
.bzrignore Normal file
View File

@@ -0,0 +1,165 @@
parser/po/*.mo
parser/af_names.h
parser/cap_names.h
parser/tst_misc
parser/tst_regex
parser/tst_symtab
parser/tst_variable
parser/parser_lex.c
parser/parser_version.h
parser/parser_yacc.c
parser/parser_yacc.h
parser/pod2htm*.tmp
parser/*.7
parser/*.5
parser/*.8
parser/*.7.html
parser/*.5.html
parser/*.8.html
parser/common
parser/apparmor_parser
parser/libapparmor_re/regexp.cc
parser/techdoc.aux
parser/techdoc.log
parser/techdoc.pdf
parser/techdoc.toc
libraries/libapparmor/Makefile
libraries/libapparmor/Makefile.in
libraries/libapparmor/aclocal.m4
libraries/libapparmor/audit.log
libraries/libapparmor/autom4te.cache
libraries/libapparmor/compile
libraries/libapparmor/config.guess
libraries/libapparmor/config.log
libraries/libapparmor/config.status
libraries/libapparmor/config.sub
libraries/libapparmor/configure
libraries/libapparmor/depcomp
libraries/libapparmor/install-sh
libraries/libapparmor/libtool
libraries/libapparmor/ltmain.sh
libraries/libapparmor/missing
libraries/libapparmor/ylwrap
libraries/libapparmor/doc/Makefile
libraries/libapparmor/doc/Makefile.in
libraries/libapparmor/doc/*.2
libraries/libapparmor/src/.deps
libraries/libapparmor/src/.libs
libraries/libapparmor/src/Makefile
libraries/libapparmor/src/Makefile.in
libraries/libapparmor/src/af_protos.h
libraries/libapparmor/src/change_hat.lo
libraries/libapparmor/src/grammar.lo
libraries/libapparmor/src/libaalogparse.lo
libraries/libapparmor/src/libimmunix_warning.lo
libraries/libapparmor/src/scanner.lo
libraries/libapparmor/src/libapparmor.la
libraries/libapparmor/src/libimmunix.la
libraries/libapparmor/src/grammar.c
libraries/libapparmor/src/grammar.h
libraries/libapparmor/src/scanner.c
libraries/libapparmor/src/scanner.h
libraries/libapparmor/src/tst_aalogmisc
libraries/libapparmor/swig/Makefile
libraries/libapparmor/swig/Makefile.in
libraries/libapparmor/swig/perl/LibAppArmor.bs
libraries/libapparmor/swig/perl/LibAppArmor.pm
libraries/libapparmor/swig/perl/Makefile
libraries/libapparmor/swig/perl/Makefile.PL
libraries/libapparmor/swig/perl/Makefile.in
libraries/libapparmor/swig/perl/Makefile.perl
libraries/libapparmor/swig/perl/blib
libraries/libapparmor/swig/perl/libapparmor_wrap.c
libraries/libapparmor/swig/perl/pm_to_blib
libraries/libapparmor/swig/python/Makefile
libraries/libapparmor/swig/python/Makefile.in
libraries/libapparmor/swig/python/setup.py
libraries/libapparmor/swig/ruby/Makefile
libraries/libapparmor/swig/ruby/Makefile.in
libraries/libapparmor/testsuite/.deps
libraries/libapparmor/testsuite/.libs
libraries/libapparmor/testsuite/Makefile
libraries/libapparmor/testsuite/Makefile.in
libraries/libapparmor/testsuite/libaalogparse.log
libraries/libapparmor/testsuite/libaalogparse.sum
libraries/libapparmor/testsuite/site.exp
libraries/libapparmor/testsuite/test_multi.multi
libraries/libapparmor/testsuite/config/Makefile
libraries/libapparmor/testsuite/config/Makefile.in
libraries/libapparmor/testsuite/lib/Makefile
libraries/libapparmor/testsuite/lib/Makefile.in
libraries/libapparmor/testsuite/libaalogparse.test/Makefile
libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
libraries/libapparmor/testsuite/test_multi/out
changehat/mod_apparmor/.libs
changehat/mod_apparmor/common
changehat/pam_apparmor/common
changehat/tomcat_apparmor/common
utils/common
utils/*.8
utils/*.8.html
utils/*.5
utils/*.5.html
utils/*.tmp
utils/po/*.mo
tests/regression/apparmor/access
tests/regression/apparmor/changehat
tests/regression/apparmor/changehat_fail
tests/regression/apparmor/changehat_fork
tests/regression/apparmor/changehat_misc
tests/regression/apparmor/changehat_misc2
tests/regression/apparmor/changehat_pthread
tests/regression/apparmor/changehat_twice
tests/regression/apparmor/changehat_wrapper
tests/regression/apparmor/changeprofile
tests/regression/apparmor/chdir
tests/regression/apparmor/chgrp
tests/regression/apparmor/chmod
tests/regression/apparmor/chown
tests/regression/apparmor/clone
tests/regression/apparmor/deleted
tests/regression/apparmor/env_check
tests/regression/apparmor/environ
tests/regression/apparmor/exec
tests/regression/apparmor/exec_qual
tests/regression/apparmor/exec_qual2
tests/regression/apparmor/fchdir
tests/regression/apparmor/fchgrp
tests/regression/apparmor/fchmod
tests/regression/apparmor/fchown
tests/regression/apparmor/fork
tests/regression/apparmor/link
tests/regression/apparmor/link_subset
tests/regression/apparmor/mkdir
tests/regression/apparmor/mmap
tests/regression/apparmor/mount
tests/regression/apparmor/named_pipe
tests/regression/apparmor/net_raw
tests/regression/apparmor/open
tests/regression/apparmor/openat
tests/regression/apparmor/pipe
tests/regression/apparmor/ptrace
tests/regression/apparmor/ptrace_helper
tests/regression/apparmor/pwrite
tests/regression/apparmor/readdir
tests/regression/apparmor/rename
tests/regression/apparmor/rw
tests/regression/apparmor/swap
tests/regression/apparmor/symlink
tests/regression/apparmor/syscall_chroot
tests/regression/apparmor/syscall_mknod
tests/regression/apparmor/syscall_mlockall
tests/regression/apparmor/syscall_ptrace
tests/regression/apparmor/syscall_reboot
tests/regression/apparmor/syscall_setdomainname
tests/regression/apparmor/syscall_sethostname
tests/regression/apparmor/syscall_setpriority
tests/regression/apparmor/syscall_setscheduler
tests/regression/apparmor/syscall_sysctl
tests/regression/apparmor/sysctl_proc
tests/regression/apparmor/tcp
tests/regression/apparmor/unix_fd_client
tests/regression/apparmor/unix_fd_server
tests/regression/apparmor/unlink
tests/regression/apparmor/xattrs
tests/regression/apparmor/coredump

45
Makefile
View File

@@ -1,5 +1,4 @@
#
# $Id$
#
OVERRIDE_TARBALL=yes
@@ -17,22 +16,44 @@ DIRS=parser \
common \
tests
RELEASE_DIR=apparmor-${VERSION}-${REPO_VERSION}
REPO_URL?=lp:apparmor
# alternate possibilities to export from
#REPO_URL=.
#REPO_URL="bzr+ssh://bazaar.launchpad.net/~sbeattie/+junk/apparmor-dev/"
RELEASE_DIR=apparmor-${VERSION}
__SETUP_DIR?=.
.PHONY: tarball
tarball: _dist
tarball: clean
REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
make export_dir __EXPORT_DIR=${RELEASE_DIR} __REPO_VERSION=$${REPO_VERSION} ; \
make setup __SETUP_DIR=${RELEASE_DIR} ; \
tar cvzf ${RELEASE_DIR}.tar.gz ${RELEASE_DIR}
${RELEASE_DIR}:
mkdir ${RELEASE_DIR}
.PHONY: snapshot
snapshot: clean
REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
SNAPSHOT_DIR=apparmor-${VERSION}~$${REPO_VERSION} ;\
make export_dir __EXPORT_DIR=$${SNAPSHOT_DIR} __REPO_VERSION=$${REPO_VERSION} ; \
make setup __SETUP_DIR=$${SNAPSHOT_DIR} ; \
tar cvzf $${SNAPSHOT_DIR}.tar.gz $${SNAPSHOT_DIR} ;
.PHONY: _dist
.PHONY: ${DIRS}
_dist: clean ${DIRS}
${DIRS}: ${RELEASE_DIR}
svn export -r $(REPO_VERSION) $(REPO_URL)/$@ $(RELEASE_DIR)/$@ ; \
.PHONY: export_dir
export_dir:
mkdir $(__EXPORT_DIR)
/usr/bin/bzr export --per-file-timestamps -r $(__REPO_VERSION) $(__EXPORT_DIR) $(REPO_URL)
echo "$(REPO_URL) $(__REPO_VERSION)" > $(__EXPORT_DIR)/common/.stamp_rev
.PHONY: clean
clean:
-rm -rf ${RELEASE_DIR}
-rm -rf ${RELEASE_DIR} ./apparmor-${VERSION}~*
.PHONY: setup
setup:
cd $(__SETUP_DIR)/libraries/libapparmor && ./autogen.sh
.PHONY: tag
tag:
bzr tag apparmor_${VERSION}

155
README Normal file
View File

@@ -0,0 +1,155 @@
------------
Introduction
------------
AppArmor protects systems from insecure or untrusted processes by
running them in restricted confinement, while still allowing processes
to share files, exercise privilege and communicate with other processes.
AppArmor is a Mandatory Access Control (MAC) mechanism which uses the
Linux Security Module (LSM) framework. The confinement's restrictions
are mandatory and are not bound to identity, group membership, or object
ownership. The protections provided are in addition to the kernel's
regular access control mechanisms (including DAC) and can be used to
restrict the superuser.
The AppArmor kernel module and accompanying user-space tools are
available under the GPL license (the exception is the libapparmor
library, available under the LGPL license, which allows change_hat(2)
and change_profile(2) to be used by non-GPL binaries).
For more information, you can read the techdoc.pdf (available after
building the parser) and http://apparmor.wiki.kernel.org.
-------------
Source Layout
-------------
AppArmor consists of several different parts:
changehat/ source for using changehat with Apache, PAM and Tomcat
common/ common makefile rules
desktop/ empty
kernel-patches/ patches for various kernel versions
libraries/ libapparmor source and language bindings
parser/ source for parser/loader and corresponding documentation
profiles/ configuration files, reference profiles and abstractions
tests/ regression and stress testsuites
utils/ high-level utilities for working with AppArmor
------------------------------------------
Building and Installing AppArmor Userspace
------------------------------------------
To build and install AppArmor userspace on your system, build and install in
the following order.
libapparmor:
$ cd ./libraries/libapparmor
$ sh ./autogen.sh
$ sh ./configure --prefix=/usr --with-perl
$ make
$ make check
Utilities:
$ cd utils
$ make
$ make install
parser:
$ cd parser
$ make
$ make tests # not strictly necessary as they are run during the
# build by default
$ make install
Apache mod_apparmor:
$ cd changehat/mod_apparmor
$ LIBS="-lapparmor" make
$ make install
PAM AppArmor:
$ cd changehat/pam_apparmor
$ LIBS="-lapparmor -lpam" make
$ make install
Profiles:
$ cd profiles
$ make
$ make install
-------------------
AppArmor Testsuites
-------------------
A number of testsuites are in the AppArmor sources. Most have documentation on
usage and how to update and add tests. Below is a quick overview of their
location and how to run them.
Regression tests
----------------
For details on structure and adding tests, see
tests/regression/apparmor/README.
To run:
$ cd tests/regression/apparmor (requires root)
$ make
$ sudo make tests
$ sudo bash open.sh -r # runs and saves the last testcase from open.sh
Parser tests
------------
For details on structure and adding tests, see parser/tst/README.
To run:
$ cd parser/tst
$ make
$ make tests
Libapparmor
-----------
For details on structure and adding tests, see libraries/libapparmor/README.
$ cd libraries/libapparmor
$ make check
Stress Tests
------------
To run AppArmor stress tests:
$ make all
Use these:
$ ./change_hat
$ ./child
$ ./kill.sh
$ ./open
$ ./s.sh
Or run all at once:
$ ./stress.sh
Please note that the above will stress the system so much it may end up
invoking the OOM killer.
To run parser stress tests (requires /usr/bin/ruby):
$ ./stress.sh
(see stress.sh -h for options)
-----------------------------------------------
Building and Installing AppArmor Kernel Patches
-----------------------------------------------
TODO

119
changehat/libapparmor-deprecated/Makefile
View File

@@ -1,119 +0,0 @@
# $Id$
# ----------------------------------------------------------------------
# Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser
# General Public License published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, contact Novell, Inc.
# ----------------------------------------------------------------------
NAME := libapparmor
all:
COMMONDIR:=$(strip $(shell if [ -d "../common/" ] ; then \
echo "../common/" ; \
elif [ -d "../../common/" ] ; then \
echo "../../common/" ; \
else \
echo "/common_dir_not_found" ; \
fi))
include common/Make.rules
COMMONDIR_EXISTS=$(strip $(shell [ -d ${COMMONDIR} ] && echo true))
ifeq ($(COMMONDIR_EXISTS), true)
common/Make.rules: $(COMMONDIR)/Make.rules
ln -sf $(COMMONDIR) .
endif
SO_VERS = 1
DESTDIR =
LIB = lib/
LIBDIR = /usr/${LIB}
MANPAGES = change_hat.2
TARGET=libapparmor
TARGETS=${TARGET}.so ${TARGET}.a
OLDTARGET=libimmunix.so.1
OBJECTS=change_hat.o
TESTS=tst-sgdh tst-cdh tst-sgkey tst-sgdh-static tst-cdh-static tst-sgkey-static
CFLAGS=-g -O2 -Wall -Wstrict-prototypes -pipe
EXTRA_CFLAGS=$(CFLAGS) -fpic -D_REENTRANT
ARFLAGS=-rcs
TEST_CFLAGS=$(CFLAGS) $(CANARY_FLAG) $(FORMATGUARD_FLAG)
TEST_LDFLAGS= -L. -limmunix
all: ${TARGETS} ${OLDTARGET} ${MANPAGES} ${HTMLMANPAGES}
%.o: %.c
$(CC) ${EXTRA_CFLAGS} -c -shared -o $@ $<
${TARGET}.so: ${OBJECTS}
${CC} ${EXTRA_CFLAGS} -o $@.$(SO_VERS) -Wl,-soname,$@.$(SO_VERS) -Wl,--version-script=${TARGET}.map -W,-z,defs -shared -dynamic $^
ln -fs $@.$(SO_VERS) $@
${OLDTARGET}: ${OBJECTS} libimmunix_warning.o
${CC} ${EXTRA_CFLAGS} -o $@ -Wl,-soname,$@ -Wl,--version-script=${TARGET}.map -W,-z,defs -shared -dynamic $^
${TARGET}.a: ${OBJECTS}
ar ${ARFLAGS} $@ $^
${POSTINSTALLBIN}: ${POSTINSTALLBIN}.c
$(CC) -static -Os -o $@ $(CANARY_FLAG) $(FORMATGUARD_FLAG) $^
# Ugh, dunno how to do an auto rule for the TESTS
tst-sgdh: tst-sgdh.c ${TARGET}.so
$(CC) ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
tst-cdh: tst-cdh.c ${TARGET}.so
$(CC) ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
tst-sgkey: tst-sgkey.c ${TARGET}.so
$(CC) ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
tst-sgdh-static: tst-sgdh.c ${TARGET}.a
$(CC) -static ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
tst-cdh-static: tst-cdh.c ${TARGET}.a
$(CC) -static ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
tst-sgkey-static: tst-sgkey.c ${TARGET}.a
$(CC) -static ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
check: $(TESTS)
-LD_LIBRARY_PATH=. ./tst-sgdh
-LD_LIBRARY_PATH=. ./tst-cdh
-LD_LIBRARY_PATH=. ./tst-sgkey
-./tst-sgdh-static
-./tst-cdh-static
-./tst-sgkey-static
.PHONY: install
install: $(SPECFILE) $(TARGETS) $(OLDTARGET)
install -d $(DESTDIR)/${LIB} $(DESTDIR)${LIBDIR}
install -d ${DESTDIR}/usr/include/sys
mv -f $(TARGET).so.$(SO_VERS) $(TARGET)-$(VERSION)-$(RELEASE).so.$(SO_VERS)
install -m 755 $(TARGET)-$(VERSION)-$(RELEASE).so.$(SO_VERS) ${DESTDIR}/${LIB}
${LDCONFIG} -n ${DESTDIR}/${LIB}
install -m 755 $(TARGET).a ${DESTDIR}${LIBDIR}
install -m 644 apparmor.h ${DESTDIR}/usr/include/sys
ln -sf /${LIB}/$(TARGET).so.$(SO_VERS) ${DESTDIR}${LIBDIR}/$(TARGET).so
# compatability with old libimmunix
install -m 755 $(OLDTARGET) ${DESTDIR}/${LIB}
ln -sf apparmor.h ${DESTDIR}/usr/include/sys/immunix.h
make install_manpages DESTDIR=${DESTDIR}
.PHONY: clean
clean: _clean
rm -f *.o $(TARGET)*.so* ${TARGETS} ${OLDTARGET} Make.rules
rm -f ${TESTS} ${SPECFILE}

23
changehat/libapparmor-deprecated/apparmor.h
View File

@@ -1,23 +0,0 @@
/* $Id$
Copyright (c) 2003, 2004, 2005, 2006 Novell, Inc. (All rights reserved)
The libapparmor library is licensed under the terms of the GNU
Lesser General Public License, version 2.1. Please see the file
COPYING.LGPL.
*/
#ifndef _SYS_APPARMOR_H_
#define _SYS_APPARMOR_H 1
__BEGIN_DECLS
/* Prototype for change_hat as defined by the AppArmor project
<http://forge.novell.com/modules/xfmod/project/?apparmor>
Please see the change_hat(2) manpage for information. */
extern int change_hat(const char *subprofile, unsigned int magic_token);
__END_DECLS
#endif /* sys/apparmor.h */

85
changehat/libapparmor-deprecated/change_hat.c
View File

@@ -1,85 +0,0 @@
/* $Id$
Copyright (c) 2003, 2004, 2005, 2006 Novell, Inc. (All rights reserved)
The libapparmor library is licensed under the terms of the GNU
Lesser General Public License, version 2.1. Please see the file
COPYING.LGPL.
*/
#define _GNU_SOURCE /* for asprintf */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <fcntl.h>
#include <errno.h>
#include <limits.h>
int change_hat(char *subprofile, unsigned int token)
{
int rc = -1;
int fd, ret, len = 0, ctlerr = 0;
char *buf = NULL;
const char *cmd = "changehat";
char *ctl = NULL;
pid_t tid = syscall(SYS_gettid);
/* both may not be null */
if (!(token || subprofile)) {
errno = EINVAL;
goto out;
}
if (subprofile && strnlen(subprofile, PATH_MAX + 1) > PATH_MAX) {
errno = EPROTO;
goto out;
}
len = asprintf(&buf, "%s %08x^%s", cmd, token,
subprofile ? subprofile : "");
if (len < 0) {
goto out;
}
ctlerr = asprintf(&ctl, "/proc/%d/attr/current", tid);
if (ctlerr < 0) {
goto out;
}
fd = open(ctl, O_WRONLY);
if (fd == -1) {
goto out;
}
ret = write(fd, buf, len);
if (ret != len) {
int saved;
if (ret != -1) {
errno = EPROTO;
}
saved = errno;
(void)close(fd);
errno = saved;
goto out;
}
rc = 0;
(void)close(fd);
out:
if (buf) {
/* clear local copy of magic token before freeing */
memset(buf, '\0', len);
free(buf);
}
if (ctl) {
free(ctl);
}
return rc;
}

233
changehat/libapparmor-deprecated/change_hat.pod
View File

@@ -1,233 +0,0 @@
# $Id$
# This publication is intellectual property of Novell Inc. Its contents
# can be duplicated, either in part or in whole, provided that a copyright
# label is visibly located on each copy.
#
# All information found in this book has been compiled with utmost
# attention to detail. However, this does not guarantee complete accuracy.
# Neither SUSE LINUX GmbH, the authors, nor the translators shall be held
# liable for possible errors or the consequences thereof.
#
# Many of the software and hardware descriptions cited in this book
# are registered trademarks. All trade names are subject to copyright
# restrictions and may be registered trade marks. SUSE LINUX GmbH
# essentially adheres to the manufacturer's spelling.
#
# Names of products and trademarks appearing in this book (with or without
# specific notation) are likewise subject to trademark and trade protection
# laws and may thus fall under copyright restrictions.
#
# Please direct suggestions and comments to apparmor-general@forge.novell.com.
=pod
=head1 NAME
change_hat - change to or from a "hat" within a AppArmor profile
=head1 SYNOPSIS
B<#include E<lt>sys/apparmor.hE<gt>>
B<int change_hat (char *subprofile, unsigned int magic_token);>
Link with B<-lapparmor> when compiling.
=head1 DESCRIPTION
An AppArmor profile applies to an executable program; if a portion of
the program needs different access permissions than other portions,
the program can "change hats" to a different role, also known as a
subprofile. To change into a new hat, it calls the change_hat() function
to do so. It passes in a pointer to the I<subprofile> which it wants to
change into, and a 32bit I<magic_token>. The I<magic_token> is used to
return out of the subprofile at a later time.
If a program wants to return out of the current subprofile to the
original profile, it calls change_hat() with a pointer to NULL as
the I<subprofile>, and the original I<magic_token> value. If the
I<magic_token> does not match the original I<magic_token> passed into the
kernel when the program entered the subprofile, the change back to the
original profile will not happen, and the current task will be killed.
If the I<magic_token> matches the original token, then the process will
change back to the original profile.
If the program wants to change to a subprofile that it can never
change back out of, the application should call change_hat() with a
I<magic_token> of I<0>.
As both read(2) and write(2) are mediated, a file must be listed in a
subprofile definition if the file is to be accessed while the process
is in a "hat".
=head1 RETURN VALUE
On success zero is returned. On error, -1 is returned, and
errno(3) is set appropriately.
=head1 ERRORS
=over 4
=item B<EINVAL>
The apparmor kernel module is not loaded or the communication via the
F</proc/*/attr/current> file did not conform to protocol.
=item B<ENOMEM>
Insufficient kernel memory was available.
=item B<EPERM>
The calling application is not confined by apparmor.
=item B<ECHILD>
The application's profile has no hats defined for it.
=item B<EACCES>
The specified I<subprofile> does not exist in this profile or the
process tried to change another process's domain.
=back
=head1 EXAMPLE
The following code examples shows simple, if contrived, uses of
change_hat(); a typical use of change_hat() will separate privileged
portions of a process from unprivileged portions of a process, such as
keeping unauthenticated network traffic handling separate from
authenticated network traffic handling in OpenSSH or executing
user-supplied CGI scripts in apache.
The use of random(3) is simply illustrative. Use of F</dev/urandom> is
recommended.
First, a simple high-level overview of change_hat() use:
void foo (void) {
int magic_token;
/* get a random magic token value
from our huge entropy pool */
magic_token = random_function();
/* change into the subprofile while
* we do stuff we don't trust */
change_hat ("stuff_we_dont_trust", magic_token);
/* Go do stuff we don't trust -- this is all
* done in *this* process space, no separate
* fork()/exec()'s are done. */
interpret_perl_stuff(stuff_from_user);
/* now change back to our original profile */
change_hat (NULL, magic_token);
}
Second, an example to show that files not listed in a subprofile
("hat") aren't accessible after a change_hat() call:
#include <stdlib.h>
#include <string.h>
#include <sys/apparmor.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
int fd;
int tok;
char buf[10];
/* random() is a poor choice */
tok = random();
/* open /etc/passwd outside of any hat */
if ((fd=open("/etc/passwd", O_RDONLY)) < 0)
perror("Failure opening /etc/passwd");
/* confirm for ourselves that we can really read /etc/passwd */
memset(&buf, 0, 10);
if (read(fd, &buf, 10) == -1) {
perror("Failure reading /etc/passwd pre-hat");
_exit(1);
}
buf[9] = '\0';
printf("/etc/passwd: %s\n", buf);
/* change hat to the "hat" subprofile, which should not have
* read access to /etc/passwd -- even though we have a valid
* file descriptor at the time of the change_hat() call. */
if (change_hat("hat", tok)) {
perror("Failure changing hat -- aborting");
_exit(1);
}
/* confirm that we cannot read /etc/passwd */
lseek(fd,0,SEEK_SET);
memset(&buf, 0, 10);
if (read(fd, &buf, 10) == -1)
perror("Failure reading /etc/passwd post-hat");
buf[9] = '\0';
printf("/etc/passwd: %s\n", buf);
return 0;
}
This code example requires the following profile to be loaded with
apparmor_parser(8):
/tmp/ch {
/etc/ld.so.cache mr,
/etc/locale/** r,
/etc/localtime r,
/usr/share/locale/** r,
/usr/share/zoneinfo/** r,
/usr/lib/locale/** mr,
/usr/lib/gconv/*.so mr,
/usr/lib/gconv/gconv-modules* mr,
/lib/ld-*.so* mrix,
/lib/libc*.so* mr,
/lib/libapparmor*.so* mr,
/dev/pts/* rw,
/tmp/ch mr,
/etc/passwd r,
^hat {
/dev/pts/* rw,
}
}
The output when run:
$ /tmp/ch
/etc/passwd: root:x:0:
Failure reading /etc/passwd post-hat: Permission denied
/etc/passwd:
$
=head1 BUGS
None known. If you find any, please report them to bugzilla at
L<http://bugzilla.novell.com>. Note that change_hat(2) provides no
memory barriers between different areas of a program; if address space
separation is required, then separate processes should be used.
=head1 SEE ALSO
apparmor(7), apparmor.d(5), apparmor_parser(8), and
L<http://forge.novell.com/modules/xfmod/project/?apparmor>.
=cut

13
changehat/libapparmor-deprecated/libapparmor.map
View File

@@ -1,13 +0,0 @@
IMMUNIX_1.0 {
global:
change_hat;
local:
*;
};
APPARMOR_1.0 {
global:
change_hat;
local:
*;
};

196
changehat/libapparmor-deprecated/libapparmor.spec.in
View File

@@ -1,196 +0,0 @@
# $Id$
# ----------------------------------------------------------------------
# Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
#
# This software is licensed under the terms of the GNU Lesser General
# Public License, version 2.1. Please see the file COPYING.LGPL.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, contact Novell, Inc.
# ----------------------------------------------------------------------
#
# norootforbuild
#
# Check first to see if distro is already defined. It should be defined
# by our makefile
%if ! %{?distro:1}0
%define distro suse
%endif
# Check to see what architecture we are building on so we know where
# the lib should be installed.
# Note: alpha and ia64 are 64bit systems but they have no 32 bit userland
# so they install their libs to /lib instead of /lib64
# FIXME: will see what happens when we need to do a 64bit build on RHEL
%ifarch x86_64 mips64 ppc64 sparc64 s390x
%define build64 1
%endif
# else anything that doesn't specifically have a lib64 dir
# i386 i686 mips ppc sparc arm alpha ia64
Name: libapparmor
Summary: Library to provide key AppArmor symbols
Version: @@immunix_version@@
Release: @@repo_version@@
%if %distro == "suse"
Group: System/Libraries
%else
Group: System Environment/Libraries
%endif
Source: %{name}-%{version}-@@repo_version@@.tar.gz
License: LGPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
BuildRequires: glibc-devel
%if %{?build64:1}0
#BuildRequires: linux32
%endif
Obsoletes: libimmunix
Provides: libimmunix
%description
This package provides the libapparmor library, which contains the change_hat(2)
symbol, used for sub-process confinement by AppArmor. Applications that
wish to make use of change_hat(2) need to link against this library.
This package is part of a suite of tools that used to be named SubDomain.
%prep
%if %{?build64:1}0
%setup -q -c -n %{name}32
%setup -D -q
%else
%setup -q
%endif
%build
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
%if %{?build64:1}0
# build 32 bit version first
%define CFLAGS32 "-g -O2 -Wall -Wstrict-prototypes -pipe -fpic -m32"
%ifarch x86_64
%define env32 linux32
%endif
%ifarch mips64
# FIXME don't know what's supposed to be here
%define env32 mips32
%endif
%ifarch ppc64
%define env32 powerpc32
%endif
%ifarch sparc64
%define env32 sparc32
%endif
%ifarch s390x
%define env32 s390
# s390 isn't actually 32bit it an odd ball 31bit machine
%undefine CFLAGS32
%define CFLAGS32 "-g -O2 -Wall -Wstrict-prototypes -pipe -fpic -m31"
%endif
# FIXME - disabled 32bit builds on 64bit platforms
echo "FIXME - disabled 32bit builds on 64bit platforms"
#%{env32} make CFLAGS=%{CFLAGS32} -C ../%{name}32/%{name}-%{version}
%endif
make CFLAGS="${RPM_OPT_FLAGS}"
%install
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
%if %{?build64:1}0
# FIXME - disabled 32bit builds on 64bit platforms
echo "FIXME - disabled 32bit installs on 64bit platforms"
#make install DESTDIR=${RPM_BUILD_ROOT} LIB=lib -C ../%{name}32/%{name}-%{version}
%endif
make install DESTDIR=${RPM_BUILD_ROOT} LIB=%{_lib} VERSION=%{version} \
RELEASE=%{release} MANDIR=%{_mandir}
%clean
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
# don't use -p here, breaks slackware package builds
%post
/sbin/ldconfig
%postun
/sbin/ldconfig
%files
%defattr (-,root,root)
%if %{?build64:1}0
# FIXME - disabled 32bit builds on 64bit platforms
#/lib/lib*
#/usr/lib/lib*
%endif
/%{_lib}/lib*
%{_libdir}/lib*
%{_prefix}/include/sys/*.h
%doc COPYING.LGPL
%{_mandir}/man*/*
%doc *.[0-9].html
%doc common/apparmor.css
%changelog
* Tue Apr 7 2007 - sbeattie@suse.de
- Add change_hat manpage to package
* Thu Jan 18 2007 - sbeattie@suse.de
- Add a clean stage to remove buildroot to specfile
* Fri Feb 17 2006 Seth Arnold <seth.arnold@suse.de> 2.0-4.1
- use gettid() instead of /proc/self
* Fri Feb 10 2006 Steve Beattie <sbeattie@suse.de> 2.0-3.2
- Use RPM_OPT_FLAGS
- Fix installed library version to match specfile version
* Wed Feb 1 2006 Steve Beattie <sbeattie@suse.de> 2.0-3.1
- Fix prototype to match change_hat(2) manpage
* Mon Jan 23 2006 Steve Beattie <sbeattie@suse.de> 2.0-3
- Rename to libapparmor.so and apparmor.h
* Thu Jan 5 2006 Steve Beattie <sbeattie@suse.de> 2.0-2
- Add svn repo number to tarball
* Wed Dec 7 2005 Steve Beattie <sbeattie@suse.de> 2.0-1
- Reset version for inclusion is SUSE autobuild
* Wed Dec 7 2005 Steve Beattie <sbeattie@suse.de> 1.99-8
- Disable 32bit builds on 64bit platforms for now
* Mon Dec 5 2005 Steve Beattie <sbeattie@suse.de> 1.99-7
- Rename package to libapparmor
* Wed Aug 10 2005 Steve Beattie <sbeattie@suse.de> 1.99-6_imnx
- Cleanup some of the deprecated exported symbols
* Thu Aug 4 2005 John Johansen <jjohansen@novell.com> 1.99-5_imnx
- and -m31 flag for s390
* Mon Jul 11 2005 Steve Beattie <sbeattie@novell.com> 1.99-4_imnx
- get rid of libimmunix_post_upgrade
- Re-license to LGPL
- update description
* Fri May 27 2005 Steve Beattie <steve@immunix.com> 1.99-3_imnx
- Clear token buffer before freeing.
- Error handling cleanup.
* Fri Feb 18 2005 Steve Beattie <steve@immunix.com> 1.99-2_imnx
- Use the right command for the 32bit env on 64bit platforms
- Support for 64bit builds on systems with combined 32/64 support
* Fri Feb 4 2005 Seth Arnold <sarnold@immunix.com> 1.99-1_imnx
- Reversion to 1.99
* Mon Nov 8 2004 Steve Beattie <steve@immunix.com> 1.2-3_imnx
- Finish conversion to slack-capable infrastructure.
* Thu Oct 28 2004 Steve Beattie <steve@immunix.com> 1.2-2_imnx
- Added a 'make install' target for prelim slack support
* Tue Oct 12 2004 Steve Beattie <steve@immunix.com> 1.2-1_imnx
- Bump version after shass-1.1 branched off
* Thu Sep 23 2004 Steve Beattie <steve@immunix.com> 1.0-13_imnx
- Vastly simplify the string handling in change_hat().
* Thu Sep 9 2004 Steve Beattie <steve@immunix.com> 1.0-12_imnx
- Conditionalize group the package shows up in.
* Thu Sep 9 2004 Steve Beattie <steve@immunix.com> 1.0-11_imnx
- Fix so change_hat functions correctly even when the token is zero.
* Thu Sep 2 2004 Steve Beattie <steve@immunix.com> 1.0-10_imnx
- Added that it provides %{_prefix}/sbin/libimmunix_post_upgrade, this
was somehow breaking yast.
* Mon Aug 30 2004 Steve Beattie <steve@immunix.com> 1.0-9_imnx
- Copyright cleanups.
* Wed Jul 21 2004 Steve Beattie <steve@immunix.com> 1.0-8_imnx
- add basis for conditional distro support
* Thu May 28 2004 Tony Jons <tony@immunix.com> 1.0-7_imnx
- Add "changehat" command word to start of string written to /proc/pid/attr

23
changehat/libapparmor-deprecated/libimmunix_warning.c
View File

@@ -1,23 +0,0 @@
/* $Id$
Copyright (c) 2006 Novell, Inc. (All rights reserved)
The libimmunix library is licensed under the terms of the GNU
Lesser General Public License, version 2.1. Please see the file
COPYING.LGPL.
*/
#include <syslog.h>
void __libimmunix_warning(void) __attribute__ ((constructor));
void __libimmunix_warning(void)
{
extern const char *__progname; /* global from linux crt0 */
openlog (__progname, LOG_PID|LOG_PERROR, LOG_USER);
syslog(LOG_NOTICE,
"%s links against libimmunix.so, which is deprecated. "
"Please link against libapparmor instead\n",
__progname);
closelog();
}

504
changehat/libapparmor/COPYING.LGPL
View File

@@ -1,504 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Libraries
If you develop a new library, and you want it to be of the greatest
possible use to the public, we recommend making it free software that
everyone can redistribute and change. You can do so by permitting
redistribution under these terms (or, alternatively, under the terms of the
ordinary General Public License).
To apply these terms, attach the following notices to the library. It is
safest to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
<one line to give the library's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Also add information on how to contact you by electronic and paper mail.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the library, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the
library `Frob' (a library for tweaking knobs) written by James Random Hacker.
<signature of Ty Coon>, 1 April 1990
Ty Coon, President of Vice
That's all there is to it!

27
changehat/libapparmor/src/apparmor.h
View File

@@ -1,27 +0,0 @@
/* $Id: apparmor.h 132 2006-09-28 07:45:55Z steve-beattie $
Copyright (c) 2003-2007 Novell, Inc. (All rights reserved)
The libapparmor library is licensed under the terms of the GNU
Lesser General Public License, version 2.1. Please see the file
COPYING.LGPL.
*/
#ifndef _SYS_APPARMOR_H_
#define _SYS_APPARMOR_H 1
__BEGIN_DECLS
/* Prototype for change_hat as defined by the AppArmor project
<http://forge.novell.com/modules/xfmod/project/?apparmor>
Please see the change_hat(2) manpage for information. */
extern int (change_hat)(const char *subprofile, unsigned int magic_token);
extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
extern int aa_change_profile(const char *profile);
#define change_hat(X, Y) aa_change_hat((X), (Y))
__END_DECLS
#endif /* sys/apparmor.h */

134
changehat/libapparmor/src/change_hat.c
View File

@@ -1,134 +0,0 @@
/* $Id: change_hat.c 13 2006-04-12 21:43:34Z steve-beattie $
Copyright (c) 2003-2007 Novell, Inc. (All rights reserved)
The libapparmor library is licensed under the terms of the GNU
Lesser General Public License, version 2.1. Please see the file
COPYING.LGPL.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <fcntl.h>
#include <errno.h>
#include <limits.h>
#define symbol_version(real, name, version) \
__asm__ (".symver " #real "," #name "@" #version)
#define default_symbol_version(real, name, version) \
__asm__ (".symver " #real "," #name "@@" #version)
static int setprocattr(const char *buf, int len)
{
int rc = -1;
int fd, ret, ctlerr = 0;
char *ctl = NULL;
pid_t tid = syscall(SYS_gettid);
if (!buf) {
errno = EINVAL;
goto out;
}
ctlerr = asprintf(&ctl, "/proc/%d/attr/current", tid);
if (ctlerr < 0) {
goto out;
}
fd = open(ctl, O_WRONLY);
if (fd == -1) {
goto out;
}
ret = write(fd, buf, len);
if (ret != len) {
int saved;
if (ret != -1) {
errno = EPROTO;
}
saved = errno;
(void)close(fd);
errno = saved;
goto out;
}
rc = 0;
(void)close(fd);
out:
if (ctl) {
free(ctl);
}
return rc;
}
int aa_change_hat(const char *subprofile, unsigned long token)
{
int rc = -1;
int len = 0;
char *buf = NULL;
const char *fmt = "changehat %016x^%s";
/* both may not be null */
if (!(token || subprofile)) {
errno = EINVAL;
goto out;
}
if (subprofile && strnlen(subprofile, PATH_MAX + 1) > PATH_MAX) {
errno = EPROTO;
goto out;
}
len = asprintf(&buf, fmt, token, subprofile ? subprofile : "");
if (len < 0) {
goto out;
}
rc = setprocattr(buf, len);
out:
if (buf) {
/* clear local copy of magic token before freeing */
memset(buf, '\0', len);
free(buf);
}
return rc;
}
/* original change_hat interface */
int __change_hat(char *subprofile, unsigned int token)
{
return aa_change_hat(subprofile, (unsigned long) token);
}
int aa_change_profile(const char *profile)
{
char *buf = NULL;
int len;
int rc;
if (!profile) {
errno = EINVAL;
return -1;
}
len = asprintf(&buf, "changeprofile %s", profile);
if (len < 0)
return -1;
rc = setprocattr(buf, len);
free(buf);
return rc;
}
/* create an alias for the old change_hat@IMMUNIX_1.0 symbol */
extern typeof((__change_hat)) __old_change_hat __attribute__((alias ("__change_hat")));
symbol_version(__old_change_hat, change_hat, IMMUNIX_1.0);
default_symbol_version(__change_hat, change_hat, APPARMOR_1.0);

438
changehat/libapparmor/src/grammar.y
View File

@@ -1,438 +0,0 @@
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
* NOVELL (All rights reserved)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc.
*/
%{
#define YYDEBUG 0
#include <string.h>
#include "aalogparse.h"
#include "parser.h"
#include "grammar.h"
#include "scanner.h"
aa_log_record *ret_record;
/* Since we're a library, on any errors we don't want to print out any
* error messages. We should probably add a debug interface that does
* emit messages when asked for. */
void aalogparse_error(void *scanner, char const *s)
{
/* printf("Error: %s\n", s); */
ret_record->event = AA_RECORD_INVALID;
}
struct aa_type_table {
unsigned int audit_type;
aa_record_event_type event;
};
static struct aa_type_table aa_type_table[] = {
{AUDIT_APPARMOR_AUDIT, AA_RECORD_AUDIT},
{AUDIT_APPARMOR_ALLOWED, AA_RECORD_ALLOWED},
{AUDIT_APPARMOR_DENIED, AA_RECORD_DENIED},
{AUDIT_APPARMOR_HINT, AA_RECORD_HINT},
{AUDIT_APPARMOR_STATUS, AA_RECORD_STATUS},
{AUDIT_APPARMOR_ERROR, AA_RECORD_ERROR},
{0, AA_RECORD_INVALID},
};
aa_record_event_type lookup_aa_event(unsigned int type)
{
int i;
for (i = 0; aa_type_table[i].audit_type != 0; i++)
if (type == aa_type_table[i].audit_type)
break;
return aa_type_table[i].event;
}
%}
%defines
%pure_parser
%lex-param{void *scanner}
%parse-param{void *scanner}
%union
{
char *t_str;
long t_long;
}
%type <t_str> old_profile safe_string protocol
%token <t_long> TOK_DIGITS TOK_TYPE_UNKNOWN
%token <t_str> TOK_QUOTED_STRING TOK_PATH TOK_ID TOK_NULL_COMPLAIN TOK_MODE TOK_DMESG_STAMP
%token <t_str> TOK_SINGLE_QUOTED_STRING TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE_TIME
%token <t_str> TOK_HEXSTRING TOK_TYPE_OTHER TOK_MSG_REST
%token TOK_EQUALS
%token TOK_COLON
%token TOK_OPEN_PAREN
%token TOK_CLOSE_PAREN
%token TOK_PERIOD
%token TOK_TYPE_REJECT
%token TOK_TYPE_AUDIT
%token TOK_TYPE_COMPLAIN
%token TOK_TYPE_HINT
%token TOK_TYPE_STATUS
%token TOK_TYPE_ERROR
%token TOK_OLD_TYPE_APPARMOR
%token TOK_OLD_APPARMOR_REJECT
%token TOK_OLD_APPARMOR_PERMIT
%token TOK_OLD_APPARMOR_AUDIT
%token TOK_OLD_APPARMOR_LOGPROF_HINT
%token TOK_OLD_UNKNOWN_HAT
%token TOK_OLD_ACTIVE
%token TOK_OLD_UNKNOWN_PROFILE
%token TOK_OLD_MISSING_PROFILE
%token TOK_OLD_CHANGING_PROFILE
%token TOK_OLD_ACCESS
%token TOK_OLD_TO
%token TOK_OLD_FROM
%token TOK_OLD_PIPE
%token TOK_OLD_EXTENDED
%token TOK_OLD_ATTRIBUTE
%token TOK_OLD_ON
%token TOK_OLD_MKDIR
%token TOK_OLD_RMDIR
%token TOK_OLD_XATTR
%token TOK_OLD_CHANGE
%token TOK_OLD_CAPABILITY
%token TOK_OLD_SYSCALL
%token TOK_OLD_LINK
%token TOK_OLD_FORK
%token TOK_OLD_CHILD
%token TOK_KEY_TYPE
%token TOK_KEY_MSG
%token TOK_KEY_OPERATION
%token TOK_KEY_NAME
%token TOK_KEY_NAME2
%token TOK_KEY_DENIED_MASK
%token TOK_KEY_REQUESTED_MASK
%token TOK_KEY_ATTRIBUTE
%token TOK_KEY_TASK
%token TOK_KEY_PARENT
%token TOK_KEY_MAGIC_TOKEN
%token TOK_KEY_INFO
%token TOK_KEY_PID
%token TOK_KEY_PROFILE
%token TOK_AUDIT
%token TOK_KEY_IMAGE
%token TOK_KEY_FAMILY
%token TOK_KEY_SOCK_TYPE
%token TOK_KEY_PROTOCOL
%token TOK_SYSLOG_KERNEL
%%
log_message: audit_type
| syslog_type
;
audit_type: TOK_KEY_TYPE TOK_EQUALS type_syntax ;
type_syntax: old_syntax { ret_record->version = AA_RECORD_SYNTAX_V1; }
| new_syntax { ret_record->version = AA_RECORD_SYNTAX_V2; }
| other_audit
;
old_syntax: TOK_OLD_TYPE_APPARMOR audit_msg old_msg
| TOK_TYPE_UNKNOWN audit_msg old_msg
;
new_syntax:
TOK_TYPE_REJECT audit_msg key_list { ret_record->event = AA_RECORD_DENIED; }
| TOK_TYPE_AUDIT audit_msg key_list { ret_record->event = AA_RECORD_AUDIT; }
| TOK_TYPE_COMPLAIN audit_msg key_list { ret_record->event = AA_RECORD_ALLOWED; }
| TOK_TYPE_HINT audit_msg key_list { ret_record->event = AA_RECORD_HINT; }
| TOK_TYPE_STATUS audit_msg key_list { ret_record->event = AA_RECORD_STATUS; }
| TOK_TYPE_ERROR audit_msg key_list { ret_record->event = AA_RECORD_ERROR; }
| TOK_TYPE_UNKNOWN audit_msg key_list { ret_record->event = lookup_aa_event($1); }
;
other_audit: TOK_TYPE_OTHER audit_msg TOK_MSG_REST
{
ret_record->operation = $1;
ret_record->event = AA_RECORD_INVALID;
ret_record->info = $3;
}
;
syslog_type:
syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id old_msg
{ ret_record->version = AA_RECORD_SYNTAX_V1; }
| syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; }
| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; }
;
old_msg:
old_permit_reject_type old_permit_reject_syntax
| TOK_OLD_APPARMOR_LOGPROF_HINT old_logprof_syntax { ret_record->event = AA_RECORD_HINT; }
;
old_permit_reject_type:
TOK_OLD_APPARMOR_REJECT { ret_record->event = AA_RECORD_DENIED; }
| TOK_OLD_APPARMOR_PERMIT { ret_record->event = AA_RECORD_ALLOWED; }
| TOK_OLD_APPARMOR_AUDIT { ret_record->event = AA_RECORD_AUDIT; }
;
old_permit_reject_syntax:
TOK_MODE TOK_OLD_ACCESS old_permit_reject_path_pipe_extended
TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
{
ret_record->requested_mask = $1;
ret_record->operation = strdup("access");
}
| dir_action TOK_OLD_ON TOK_PATH
TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
{
ret_record->name = $3;
}
| TOK_OLD_XATTR TOK_ID TOK_OLD_ON TOK_PATH
TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
{
ret_record->operation = strdup("xattr");
ret_record->attribute = $2;
ret_record->name = $4;
}
| TOK_KEY_ATTRIBUTE TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
TOK_OLD_CHANGE TOK_OLD_TO TOK_PATH
TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
{
ret_record->operation = strdup("setattr");
ret_record->attribute = $3;
ret_record->name = $7;
}
| TOK_OLD_ACCESS TOK_OLD_TO TOK_OLD_CAPABILITY TOK_SINGLE_QUOTED_STRING
TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
{
ret_record->operation = strdup("capability");
ret_record->name = $4;
}
| TOK_OLD_ACCESS TOK_OLD_TO TOK_OLD_SYSCALL TOK_SINGLE_QUOTED_STRING
TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
{
ret_record->operation = strdup("syscall");
ret_record->name = $4;
}
| TOK_OLD_LINK TOK_OLD_ACCESS TOK_OLD_FROM TOK_PATH TOK_OLD_TO TOK_PATH
TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
{
ret_record->requested_mask = strdup("l");
ret_record->name = $4;
ret_record->name2 = $6;
}
;
dir_action:
TOK_OLD_MKDIR { ret_record->operation = strdup("mkdir"); }
| TOK_OLD_RMDIR { ret_record->operation = strdup("rmdir"); }
;
old_process_state:
TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN old_profile_names
{
ret_record->info = $1;
ret_record->pid = atol($3);
free($3);
}
;
old_profile_names:
TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile
{ ret_record->profile = $2;
ret_record->active_hat = $4;
}
;
old_permit_reject_path_pipe_extended:
TOK_OLD_TO TOK_PATH
{
ret_record->name = $2;
}
| TOK_OLD_TO TOK_OLD_PIPE /* Frankly, I don't think this is used */
{
ret_record->info = strdup("pipe");
}
| TOK_OLD_EXTENDED TOK_KEY_ATTRIBUTE /* Nor this */
{
ret_record->info = strdup("extended attribute");
}
;
old_logprof_syntax:
old_logprof_syntax2 key_pid
TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
{
ret_record->profile = strdup($5);
free($5);
ret_record->active_hat = strdup($8);
free($8);
}
| old_logprof_fork_syntax
| TOK_OLD_CHANGING_PROFILE key_pid
{ ret_record->profile = strdup("null-complain-profile"); }
;
old_logprof_syntax2:
TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
{
ret_record->operation = strdup("profile_set");
ret_record->info = strdup("unknown profile");
ret_record->name = strdup($4);
free($4);
}
| TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
{
ret_record->operation = strdup("exec");
ret_record->info = strdup("mandatory profile missing");
ret_record->name = strdup($4);
free($4);
}
| TOK_OLD_UNKNOWN_HAT TOK_ID
{
ret_record->operation = strdup("change_hat");
ret_record->name = strdup($2);
free($2);
ret_record->info = strdup("unknown_hat");
}
;
/* TODO: Clean this up */
old_logprof_fork_syntax:
TOK_OLD_FORK key_pid
TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
{
ret_record->operation = strdup("clone");
ret_record->task = $5;
}
;
old_logprof_fork_addition:
/* Nothin */
| TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
{
ret_record->profile = $3;
ret_record->active_hat = $6;
}
;
old_profile:
TOK_PATH { $$ = $1; }
| TOK_ID { $$ = $1; }
| TOK_NULL_COMPLAIN { $$ = strdup("null-complain-profile"); }
;
audit_msg: TOK_KEY_MSG TOK_EQUALS audit_id
;
audit_id: TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
{
asprintf(&ret_record->audit_id, "%s.%s:%s", $3, $5, $7);
ret_record->epoch = atol($3);
ret_record->audit_sub_id = atoi($7);
free($3);
free($5);
free($7);
} ;
syslog_date: TOK_DATE_MONTH TOK_DIGITS TOK_DATE_TIME { /* do nothing? */ }
;
key_list: key
| key_list key
;
key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->operation = $3;}
| TOK_KEY_NAME TOK_EQUALS safe_string
{ ret_record->name = $3;}
| TOK_KEY_NAME2 TOK_EQUALS safe_string
{ ret_record->name2 = $3;}
| TOK_KEY_DENIED_MASK TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->denied_mask = $3;}
| TOK_KEY_REQUESTED_MASK TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->requested_mask = $3;}
| TOK_KEY_ATTRIBUTE TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->attribute = $3;}
| TOK_KEY_TASK TOK_EQUALS TOK_DIGITS
{ ret_record->task = $3;}
| TOK_KEY_PARENT TOK_EQUALS TOK_DIGITS
{ ret_record->parent = $3;}
| TOK_KEY_MAGIC_TOKEN TOK_EQUALS TOK_DIGITS
{ ret_record->magic_token = $3;}
| TOK_KEY_INFO TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->info = $3;}
| key_pid
| TOK_KEY_PROFILE TOK_EQUALS safe_string
{ ret_record->profile = $3;}
| TOK_KEY_FAMILY TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->net_family = $3;}
| TOK_KEY_SOCK_TYPE TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->net_sock_type = $3;}
| TOK_KEY_PROTOCOL TOK_EQUALS protocol
{ ret_record->net_protocol = $3;}
| TOK_KEY_TYPE TOK_EQUALS TOK_DIGITS
{ ret_record->event = lookup_aa_event($3);}
;
key_pid: TOK_KEY_PID TOK_EQUALS TOK_DIGITS { ret_record->pid = $3; }
;
safe_string: TOK_QUOTED_STRING
| TOK_HEXSTRING
;
protocol: TOK_QUOTED_STRING
| TOK_DIGITS
{ /* FIXME: this should probably convert back to a string proto name */
char *ret = NULL;
if (asprintf(&ret, "%ld", $1) < 0)
yyerror(NULL, "Unable to allocate protocol string");
$$ = ret;
}
;
%%
aa_log_record *
_parse_yacc(char *str)
{
/* yydebug = 1; */
YY_BUFFER_STATE lex_buf;
yyscan_t scanner;
int parser_return;
ret_record = NULL;
ret_record = (aa_log_record *) malloc(sizeof(aa_log_record));
_init_log_record(ret_record);
if (ret_record == NULL)
return NULL;
aalogparse_lex_init(&scanner);
lex_buf = aalogparse__scan_string(str, scanner);
parser_return = aalogparse_parse(scanner);
aalogparse__delete_buffer(lex_buf, scanner);
aalogparse_lex_destroy(scanner);
return ret_record;
}

23
changehat/libapparmor/src/libimmunix_warning.c
View File

@@ -1,23 +0,0 @@
/* $Id: libimmunix_warning.c 13 2006-04-12 21:43:34Z steve-beattie $
Copyright (c) 2006 Novell, Inc. (All rights reserved)
The libimmunix library is licensed under the terms of the GNU
Lesser General Public License, version 2.1. Please see the file
COPYING.LGPL.
*/
#include <syslog.h>
void __libimmunix_warning(void) __attribute__ ((constructor));
void __libimmunix_warning(void)
{
extern const char *__progname; /* global from linux crt0 */
openlog (__progname, LOG_PID|LOG_PERROR, LOG_USER);
syslog(LOG_NOTICE,
"%s links against libimmunix.so, which is deprecated. "
"Please link against libapparmor instead\n",
__progname);
closelog();
}

36
changehat/libapparmor/src/parser.h
View File

@@ -1,36 +0,0 @@
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
* NOVELL (All rights reserved)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc.
*/
#ifndef __AA_LOG_PARSER_H__
#define __AA_LOG_PARSER_H__
extern void _init_log_record(aa_log_record *record);
extern aa_log_record *_parse_yacc(char *str);
extern char *hex_to_string(char *str);
/* FIXME: this ought to be pulled from <linux/audit.h> but there's no
* guarantee these will exist there. */
#define AUDIT_APPARMOR_AUDIT 1501 /* AppArmor audited grants */
#define AUDIT_APPARMOR_ALLOWED 1502 /* Allowed Access for learning */
#define AUDIT_APPARMOR_DENIED 1503
#define AUDIT_APPARMOR_HINT 1504 /* Process Tracking information */
#define AUDIT_APPARMOR_STATUS 1505 /* Changes in config */
#define AUDIT_APPARMOR_ERROR 1506 /* Internal AppArmor Errors */
#endif

35
changehat/libapparmor/src/tst_aalogmisc.c
View File

@@ -1,35 +0,0 @@
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include "aalogparse.h"
#include "parser.h"
#define MY_TEST(statement, error) \
if (!(statement)) { \
fprintf(stderr, "FAIL: %s\n", error); \
rc = 1; \
}
int main(void)
{
int rc = 0;
char *retstr = NULL;
retstr = hex_to_string(NULL);
MY_TEST(!retstr, "basic NULL test");
retstr = hex_to_string("2F746D702F646F6573206E6F74206578697374");
MY_TEST(retstr, "basic allocation");
MY_TEST(strcmp(retstr, "/tmp/does not exist") == 0, "basic dehex 1");
retstr = hex_to_string("61");
MY_TEST(strcmp(retstr, "a") == 0, "basic dehex 2");
retstr = hex_to_string("");
MY_TEST(strcmp(retstr, "") == 0, "empty string");
return rc;
}

14
changehat/libapparmor/swig/SWIG/libapparmor.i
View File

@@ -1,14 +0,0 @@
%module LibAppArmor
%{
#include "aalogparse.h"
extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
extern int aa_change_profile(const char *profile, unsigned long magic_token);
%}
%include "typemaps.i"
%include "aalogparse.h"
extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
extern int aa_change_profile(const char *profile, unsigned long magic_token);

9
changehat/libapparmor/swig/perl/Makefile.PL
View File

@@ -1,9 +0,0 @@
use ExtUtils::MakeMaker;
use vars qw($CCFLAGS $OBJECT $VERSION $OPTIMIZE);
WriteMakefile(
'NAME' => 'LibAppArmor',
'MAKEFILE' => 'Makefile.perl',
'FIRST_MAKEFILE' => 'Makefile.perl',
);

34
changehat/libapparmor/swig/perl/Makefile.am
View File

@@ -1,34 +0,0 @@
if HAVE_PERL
PERL_MAKEFILE = Makefile.perl
WRAPPER_SOURCES = libapparmor_wrap.c LibAppArmor.pm
all-local: .build-stamp
.build-stamp: $(WRAPPER_SOURCES) $(PERL_MAKEFILE)
make -f $(PERL_MAKEFILE)
touch .build-stamp
check-local: .build-stamp
make -f $(PERL_MAKEFILE) test
install-exec-local: .build-stamp
make -f $(PERL_MAKEFILE) install_vendor
clean-local: $(PERL_MAKEFILE)
make -f $(PERL_MAKEFILE) clean
rm -f $(PERL_MAKEFILE).old
rm -rf build
$(PERL_MAKEFILE): Makefile.PL
$(PERL) Makefile.PL VERSION="0.1" OBJECT="../../src/.libs/libapparmor.so libapparmor_wrap.o" CCFLAGS="-I../../src -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -Wdeclaration-after-statement" OPTIMIZE="$(CFLAGS) -shared -I$(includedir) -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -Wdeclaration-after-statement"
$(WRAPPER_SOURCES): ../SWIG/*.i
$(SWIG) -perl -I../../src -I../SWIG -o libapparmor_wrap.c libapparmor.i
endif
EXTRA_DIST = Makefile.PL $(WRAPPER_SOURCES) examples/*.pl

15
changehat/libapparmor/swig/perl/examples/example.pl
View File

@@ -1,15 +0,0 @@
require LibAppArmor;
$msg = "type=APPARMOR msg=audit(1168662182.495:58): PERMITTING r access to /home/matt/projects/change_hat_test/test (test_hat(27871) profile /home/matt/projects/change_hat_test/test_hat active null-complain-profile)";
my($test) = AppArmorLogRecordParser::parse_record($msg);
if (AppArmorLogRecordParser::aa_log_record::swig_event_get($test) == $AppArmorLogRecordParser::AA_RECORD_ALLOWED )
{
print "AA_RECORD_ALLOWED\n";
}
print "Audit ID: " . AppArmorLogRecordParser::aa_log_record::swig_audit_id_get($test) . "\n";
print "PID: " . AppArmorLogRecordParser::aa_log_record::swig_pid_get($test) . "\n";
AppArmorLogRecordParser::free_record($test);

17
changehat/libapparmor/swig/python/Makefile.am
View File

@@ -1,17 +0,0 @@
if HAVE_PYTHON
BUILT_SOURCES = libapparmor_wrap.c
SWIG_SOURCES = ../SWIG/libapparmor.i
pkgpython_PYTHON = LibAppArmor.py
pkgpyexec_LTLIBRARIES = _libapparmor.la
_libapparmor_la_SOURCES = libapparmor_wrap.c $(SWIG_SOURCES)
_libapparmor_la_CPPFLAGS = $(SWIG_PYTHON_CFLAGS) -I$(top_srcdir)/src -I/usr/include/python
_libapparmor_la_LDFLAGS = -module
_libapparmor_la_LIBADD = ../../src/.libs/libapparmor.so
libapparmor_wrap.c: $(SWIG_SOURCES)
$(SWIG) -python -I$(top_srcdir)/src -o $@ $<
endif

24
changehat/libapparmor/swig/ruby/Makefile.am
View File

@@ -1,24 +0,0 @@
if HAVE_RUBY
RUBY_MAKEFILE = Makefile.ruby
WRAPPER_FILES = LibAppArmor_wrap.* LibAppArmor.so extension.mak .build-stamp
BUILT_SOURCES = LibAppArmor_wrap.c
all-local: .build-stamp
.build-stamp: LibAppArmor_wrap.c
CFLAGS="$(CFLAGS) -I../../src" $(RUBY) extconf.rb build
touch .build-stamp
install-exec-local: .build-stamp
make -f $(RUBY_MAKEFILE) install
LibAppArmor_wrap.c: ../SWIG/*.i
$(SWIG) -ruby -I../SWIG -I../../src -o ./LibAppArmor_wrap.c libapparmor.i
endif
EXTRA_DIST = extconf.rb $(BUILT_SOURCES) examples/*.rb

76
changehat/libapparmor/swig/ruby/extconf.rb
View File

@@ -1,76 +0,0 @@
require 'mkmf'
require 'ftools'
$CFLAGS += " " + (ENV['CFLAGS'] || "") + (ENV['CXXFLAGS'] || "")
$LDFLAGS = "../../src/.libs/libapparmor.so"
def usage
puts <<EOF
Usage: ruby extconf.rb command
build Build the extension
clean Clean the source directory
install Install the extention
test Test the extension
wrap Generate SWIG wrappers
EOF
exit
end
cmd = ARGV.shift or usage()
cmd = cmd.downcase
usage() unless ['build', 'clean', 'install', 'test', 'wrap'].member? cmd
usage() if ARGV.shift
class Commands
def initialize(&block)
@block = block
end
def execute
@block.call
end
end
Build = Commands.new {
# I don't think we can tell mkmf to generate a makefile with a different name
if File.exists?("Makefile")
File.rename("Makefile", "Makefile.old")
end
create_makefile('LibAppArmor')
File.rename("Makefile", "Makefile.ruby")
if File.exists?("Makefile.old")
File.rename("Makefile.old", "Makefile")
end
system("make -f Makefile.ruby")
}
Install = Commands.new {
Build.execute
if defined? Prefix
# strip old prefix and add the new one
oldPrefix = Config::CONFIG["prefix"]
if defined? Debian
archDir = Config::CONFIG["archdir"]
libDir = Config::CONFIG["rubylibdir"]
else
archDir = Config::CONFIG["sitearchdir"]
libDir = Config::CONFIG["sitelibdir"]
end
archDir = Prefix + archDir.gsub(/^#{oldPrefix}/,"")
libDir = Prefix + libDir.gsub(/^#{oldPrefix}/,"")
else
archDir = Config::CONFIG["sitearchdir"]
libDir = Config::CONFIG["sitelibdir"]
end
[archDir,libDir].each { |path| File.makedirs path }
binary = 'LibAppArmor.so'
File.install "./"+binary, archDir+"/"+binary, 0555, true
File.install "./LibAppArmor.so", libDir+"/LibAppArmor.so", 0555, true
}
availableCommands = {
"build" => Build,
"install" => Install
}
availableCommands[cmd].execute

11
changehat/libapparmor/testsuite/test_multi/testcase10.out
View File

@@ -1,11 +0,0 @@
START
File: test_multi/testcase10.in
Event type: AA_RECORD_HINT
Audit ID: 1168661976.062:55
Operation: clone
Profile: /home/matt/projects/change_hat_test/test_hat
Task: 38229
PID: 27764
Active hat: /home/matt/projects/change_hat_test/test_hat
Epoch: 1168661976
Audit subid: 55

9
changehat/libapparmor/testsuite/test_multi/testcase11.out
View File

@@ -1,9 +0,0 @@
START
File: test_multi/testcase11.in
Event type: AA_RECORD_HINT
Audit ID: 1168661976.062:55
Operation: clone
Task: 38229
PID: 27764
Epoch: 1168661976
Audit subid: 55

13
changehat/libapparmor/testsuite/test_multi/testcase18.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase18.in
Event type: AA_RECORD_DENIED
Audit ID: 1157215966.604:46
Operation: access
Mask: r
Profile: /usr/sbin/httpd2-prefork
Name: /bin/df
Info: sh
PID: 7902
Active hat: SYSINFO
Epoch: 1157215966
Audit subid: 46

8
changehat/libapparmor/testsuite/test_multi/testcase19.out
View File

@@ -1,8 +0,0 @@
START
File: test_multi/testcase19.in
Event type: AA_RECORD_HINT
Audit ID: 1164007073.953:518
Profile: null-complain-profile
PID: 29420
Epoch: 1164007073
Audit subid: 518

13
changehat/libapparmor/testsuite/test_multi/testcase2.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase2.in
Event type: AA_RECORD_ALLOWED
Audit ID: 1168662182.495:58
Operation: access
Mask: r
Profile: /home/matt/projects/change_hat_test/test_hat
Name: /home/matt/projects/change_hat_test/test
Info: test_hat
PID: 27871
Active hat: null-complain-profile
Epoch: 1168662182
Audit subid: 58

13
changehat/libapparmor/testsuite/test_multi/testcase20.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase20.in
Event type: AA_RECORD_DENIED
Audit ID: 1167188680.127:54
Operation: access
Mask: r
Profile: /bin/freak-aa-out
Name: /bin/freak-aa-out
Info: bash
PID: 23415
Active hat: /bin/freak-aa-out
Epoch: 1167188680
Audit subid: 54

1
changehat/libapparmor/testsuite/test_multi/testcase23.in
View File

@@ -1 +0,0 @@
Sep 13 13:11:13 lizaveta kernel: AppArmor: REJECTING exec(2) of image '/usr/lib/mailman/mail/mailman'. Profile mandatory and not found (local(20700) profile /usr/lib/postfix/local active /usr/lib/postfix/local)

13
changehat/libapparmor/testsuite/test_multi/testcase27.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase27.in
Event type: AA_RECORD_AUDIT
Audit ID: 1177962426.395:2107
Operation: access
Mask: mr
Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/changehat_wrapper
Name: /lib/ld-2.4.so
Info: open
PID: 7139
Active hat: open
Epoch: 1177962426
Audit subid: 2107

12
changehat/libapparmor/testsuite/test_multi/testcase28.out
View File

@@ -1,12 +0,0 @@
START
File: test_multi/testcase28.in
Event type: AA_RECORD_DENIED
Audit ID: 1173790298.651:1662
Operation: syscall
Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
Name: ptrace
Info: syscall_ptrace
PID: 25210
Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
Epoch: 1173790298
Audit subid: 1662

12
changehat/libapparmor/testsuite/test_multi/testcase29.out
View File

@@ -1,12 +0,0 @@
START
File: test_multi/testcase29.in
Event type: AA_RECORD_DENIED
Audit ID: 1173790298.983:1669
Operation: syscall
Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
Name: sysctl (write)
Info: syscall_sysctl
PID: 25423
Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
Epoch: 1173790298
Audit subid: 1669

12
changehat/libapparmor/testsuite/test_multi/testcase3.out
View File

@@ -1,12 +0,0 @@
START
File: test_multi/testcase3.in
Event type: AA_RECORD_HINT
Audit ID: 1168661976.062:55
Operation: change_hat
Profile: /home/matt/projects/change_hat_test/test_hat
Name: TESTHAT
Info: unknown_hat
PID: 27764
Active hat: /home/matt/projects/change_hat_test/test_hat
Epoch: 1168661976
Audit subid: 55

13
changehat/libapparmor/testsuite/test_multi/testcase30.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase30.in
Event type: AA_RECORD_DENIED
Audit ID: 1177962395.525:1837
Mask: l
Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
Name: /tmp/sdtest.3676-13458-it3683/target
Name2: /tmp/sdtest.3676-13458-it3683/src
Info: link
PID: 3823
Active hat: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
Epoch: 1177962395
Audit subid: 1837

13
changehat/libapparmor/testsuite/test_multi/testcase4.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase4.in
Event type: AA_RECORD_DENIED
Audit ID: 1167188680.127:54
Operation: access
Mask: r
Profile: /bin/freak-aa-out
Name: /bin/freak-aa-out
Info: bash
PID: 23415
Active hat: /bin/freak-aa-out
Epoch: 1167188680
Audit subid: 54

12
changehat/libapparmor/testsuite/test_multi/testcase5.out
View File

@@ -1,12 +0,0 @@
START
File: test_multi/testcase5.in
Event type: AA_RECORD_DENIED
Audit ID: 1167188680.127:54
Operation: mkdir
Profile: /bin/freak-aa-out
Name: /path/to/something
Info: bash
PID: 23415
Active hat: /bin/freak-aa-out
Epoch: 1167188680
Audit subid: 54

12
changehat/libapparmor/testsuite/test_multi/testcase6.out
View File

@@ -1,12 +0,0 @@
START
File: test_multi/testcase6.in
Event type: AA_RECORD_ALLOWED
Audit ID: 1167188680.127:54
Operation: rmdir
Profile: /bin/freak-aa-out
Name: /path/to/something
Info: bash
PID: 23415
Active hat: /bin/freak-aa-out
Epoch: 1167188680
Audit subid: 54

13
changehat/libapparmor/testsuite/test_multi/testcase7.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase7.in
Event type: AA_RECORD_DENIED
Audit ID: 1167188680.127:54
Operation: xattr
Profile: /bin/freak-aa-out
Name: /path/to/something
Attribute: set
Info: bash
PID: 23415
Active hat: /bin/freak-aa-out
Epoch: 1167188680
Audit subid: 54

13
changehat/libapparmor/testsuite/test_multi/testcase8.out
View File

@@ -1,13 +0,0 @@
START
File: test_multi/testcase8.in
Event type: AA_RECORD_ALLOWED
Audit ID: 1167188680.127:54
Operation: setattr
Profile: /bin/freak-aa-out
Name: /else
Attribute: something
Info: bash
PID: 23415
Active hat: /bin/freak-aa-out
Epoch: 1167188680
Audit subid: 54

12
changehat/libapparmor/testsuite/test_multi/testcase9.out
View File

@@ -1,12 +0,0 @@
START
File: test_multi/testcase9.in
Event type: AA_RECORD_ALLOWED
Audit ID: 1167188680.127:54
Operation: capability
Profile: /bin/freak-aa-out
Name: cap
Info: bash
PID: 23415
Active hat: /bin/freak-aa-out
Epoch: 1167188680
Audit subid: 54

7
changehat/mod_apparmor/Makefile
View File

@@ -1,4 +1,3 @@
# $Id$
# ----------------------------------------------------------------------
# Copyright (c) 2004, 2005 NOVELL (All rights reserved)
#
@@ -42,11 +41,7 @@ APXS:=$(shell if [ -x "/usr/sbin/apxs2" ] ; then \
fi )
APXS_INSTALL_DIR=$(shell ${APXS} -q LIBEXECDIR)
DESTDIR=
LIBAPPARMOR_FLAGS=$(shell if [ -f /usr/lib/libapparmor.so -o -f /usr/lib64/libapparmor.so ] ; then \
echo -lapparmor ; \
else \
echo -DUSE_COMPAT_IMMUNIX_H -limmunix ;\
fi)
LIBAPPARMOR_FLAGS="-I../../libraries/libapparmor/src -L../../libraries/libapparmor/src/.libs -lapparmor"
all: $(TARGET) ${MANPAGES} ${HTMLMANPAGES}

1
changehat/mod_apparmor/apache2-mod_apparmor.spec.in
View File

@@ -1,4 +1,3 @@
# $Id$
# ----------------------------------------------------------------------
# Copyright (c) 2004, 2005 NOVELL (All rights reserved)
#

1
changehat/mod_apparmor/frob_sysconfig
View File

@@ -1,6 +1,5 @@
#!/usr/bin/perl -w
#
# $Id: frob_sysconfig 5910 2005-12-09 03:41:29Z steve $
# ----------------------------------------------------------------------
# Copyright (c) 2004, 2005 NOVELL (All rights reserved)
#

9
changehat/mod_apparmor/mod_apparmor.c
View File

@@ -1,5 +1,4 @@
/* $Id$
*
/*
* Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
*
* The mod_apparmor module is licensed under the terms of the GNU
@@ -24,11 +23,7 @@
#include "apr_strings.h"
#include "apr_lib.h"
#ifndef USE_COMPAT_IMMUNIX_H
#include <sys/apparmor.h>
#else
#include <sys/immunix.h>
#endif
#include <apparmor.h>
#include <unistd.h>
/* #define DEBUG */

109
changehat/mod_apparmor/mod_apparmor.pod
View File

@@ -1,96 +1,125 @@
# $Id$
# This publication is intellectual property of Novell Inc. Its contents
# can be duplicated, either in part or in whole, provided that a copyright
# label is visibly located on each copy.
# This publication is intellectual property of Novell Inc. and Canonical
# Ltd. Its contents can be duplicated, either in part or in whole, provided
# that a copyright label is visibly located on each copy.
#
# All information found in this book has been compiled with utmost
# attention to detail. However, this does not guarantee complete accuracy.
# Neither SUSE LINUX GmbH, the authors, nor the translators shall be held
# liable for possible errors or the consequences thereof.
# Neither SUSE LINUX GmbH, Canonical Ltd, the authors, nor the translators
# shall be held liable for possible errors or the consequences thereof.
#
# Many of the software and hardware descriptions cited in this book
# are registered trademarks. All trade names are subject to copyright
# restrictions and may be registered trade marks. SUSE LINUX GmbH
# essentially adheres to the manufacturer's spelling.
# and Canonical Ltd. essentially adhere to the manufacturer's spelling.
#
# Names of products and trademarks appearing in this book (with or without
# specific notation) are likewise subject to trademark and trade protection
# laws and may thus fall under copyright restrictions.
#
# Please direct suggestions and comments to apparmor-general@forge.novell.com.
=pod
=head1 NAME
mod_apparmor - fine-grained AppArmor confinement for apache
mod_apparmor - fine-grained AppArmor confinement for Apache
=head1 DESCRIPTION
An AppArmor profile applies to an executable program; if a portion of
the program needs different access permissions than other portions,
the program can "change hats" via change_hat(2) to a different role,
also known as a subprofile. The mod_apparmor apache module uses the
change_hat(2) mechanism to offer more fine-grained confinement of dynamic
elements within apache such as individual php and perl scripts, while
the program can "change hats" via aa_change_hat(2) to a different role,
also known as a subprofile. The mod_apparmor Apache module uses the
aa_change_hat(2) mechanism to offer more fine-grained confinement of dynamic
elements within Apache such as individual php and perl scripts, while
still allowing the performance benefits of using mod_php and mod_perl.
To use mod_apparmor with apache, ensure that mod_apparmor is configured to
be loaded into apache, either via yast or manual editing of the httpd(8)
configuration files, and restart apache. Make sure that apparmor is also
functioning.
To use mod_apparmor with Apache, ensure that mod_apparmor is configured to
be loaded into Apache, either via a2enmod, yast or manual editing of the
apache2(8)/httpd(8) configuration files, and restart Apache. Make sure that
apparmor is also functioning.
Once mod_apparmor is loaded within apache, all requests to apache will
Once mod_apparmor is loaded within Apache, all requests to Apache will
cause mod_apparmor to attempt to change into a hat named by the URI
(e.g. /app/some.cgi). If no such hat is found, it will fall back to
attempting to use the hat DEFAULT_URI; if that also does not exist,
it will fall back to using the global apache profile. Most static web
it will fall back to using the global Apache profile. Most static web
pages can simply make use of the DEFAULT_URI hat.
However, defining hats for every URI/URL would become tedious, so there
are a couple of configuration options that mod_apparmor supports:
Additionally, before any requests come in to Apache, mod_apparmor
will attempt to change hat into the HANDLING_UNTRUSTED_INPUT hat.
mod_apparmor will attempt to use this hat while Apache is doing the
initial parsing of a given http request, before its given to a specific
handler (like mod_php) for processing.
Because defining hats for every URI/URL often becomes tedious, mod_apparmor
provides the AAHatName and AADefaultHatName Apache configuration options.
=over 4
=item B<AAHatName>
AAHatName allows you to specify a hat to be used for a given apache
directory or location directive (see the apache documenation for more
AAHatName allows you to specify a hat to be used for a given Apache
E<lt>DirectoryE<gt>, E<lt>DirectoryMatch>, E<lt>LocationE<gt> or
E<lt>LocationMatchE<gt> directive (see the Apache documenation for more
details). Note that mod_apparmor behavior can become confused if
directory and location directives are intermingled; it's preferred to
stick to one type of directive. If the hat specified by AAHatName does
not exist in the apache profile, then it falls back to the behavior
above.
E<lt>Directory*E<gt> and E<lt>Location*E<gt> directives are intermingled
and it is recommended to use one type of directive. If the hat specified by
AAHatName does not exist in the Apache profile, then it falls back to the
behavior described above.
=item B<AADefaultHatName>
AADefaultHatName allows you to specify a default hat to be used for
vhosts and other apache server directives, so that you can have
different defaults for different virtual hosts. This can be overridden
by an AAHatName directive. If the AADefaultHatName hat does not exist,
it falls back to the behavior described above.
virtual hosts and other Apache server directives, so that you can have
different defaults for different virtual hosts. This can be overridden by
the AAHatName directive and is checked for only if there isn't a matching
AAHatName or hat named by the URI. If the AADefaultHatName hat does not
exist, it falls back to the DEFAULT_URI hat if it exists (as described
above).
=back
Additionally, before any requests come in to apache, mod_apparmor
will attempt to change hat into the HANDLING_UNTRUSTED_INPUT hat.
mod_apparmor will attempt to use this hat while apache is doing the
initial parsing of a given http request, before its given to a specific
handler (like mod_php) for processing.
=head1 URI REQUEST SUMMARY
When profiling with mod_apparmor, it is helpful to keep the following order
of operations in mind:
On each URI request, mod_apparmor will first aa_change_hat(2) into
^HANDLING_UNTRUSTED_INPUT, if it exists.
Then, after performing the initial parsing of the request, mod_apparmor
will:
=over 2
1. try to aa_change_hat(2) into a matching AAHatName hat if it exists and
applies, otherwise it will
2. try to aa_change_hat(2) into the URI itself, otherwise it will
3. try to aa_change_hat(2) into an AADefaultHatName hat if it has been defined
for the server/vhost, otherwise it will
4. try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists, otherwise it
will
5. fall back to the global Apache policy
=back
=head1 BUGS
mod_apparmor() currently only supports apache2, and has only been tested
with the prefork MPM configuration -- threaded configurations of apache
with the prefork MPM configuration -- threaded configurations of Apache
may not work correctly.
There are likely other bugs lurking about; if you find any, please report
them to bugzilla at L<http://bugzilla.novell.com>.
them at L<http://https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
apparmor(7), subdomain.conf(5), apparmor_parser(8), and
L<http://forge.novell.com/modules/xfmod/project/?apparmor>.
apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and
L<http://wiki.apparmor.net>.
=cut

7
changehat/pam_apparmor/Makefile
View File

@@ -1,4 +1,3 @@
# $Id$
# ----------------------------------------------------------------------
# Copyright (c) 1999, 2004, 2005 NOVELL (All rights reserved)
#
@@ -27,8 +26,8 @@ common/Make.rules: $(COMMONDIR)/Make.rules
ln -sf $(COMMONDIR) .
endif
EXTRA_CFLAGS=$(CFLAGS) -fPIC -shared -Wall
LINK_FLAGS=-Xlinker -x
EXTRA_CFLAGS=$(CFLAGS) -fPIC -shared -Wall -I../../libraries/libapparmor/src/
LINK_FLAGS=-Xlinker -x -L../../libraries/libapparmor/src/.libs
LIBS=-lpam -lapparmor
OBJECTS=${NAME}.o get_options.o
@@ -42,7 +41,7 @@ $(NAME).so: ${OBJECTS}
# need some better way of determining this
DESTDIR=/
SECDIR=${DESTDIR}/lib/security
SECDIR ?= ${DESTDIR}/lib/security
.PHONY: install
install: $(NAME).so

2
changehat/pam_apparmor/get_options.c
View File

@@ -1,6 +1,4 @@
/*
* $Id$
*
* Written by Steve Beattie <sbeattie@suse.de> 2006/10/25
*
* Modeled after the option parsing code in pam_unix2 by:

12
changehat/pam_apparmor/pam_apparmor.c
View File

@@ -1,10 +1,14 @@
/* pam_apparmor module */
/*
* $Id$
* Copyright (c) 2006
* NOVELL (All rights reserved)
*
* Copyright (c) 2010
* Canonical, Ltd. (All rights reserved)
*
* Written by Jesse Michael <jmichael@suse.de> 2006/08/24
* and Steve Beattie <sbeattie@suse.de> 2006/10/25
* and Steve Beattie <sbeattie@ubuntu.com> 2006/10/25
*
* Based off of pam_motd by:
* Ben Collins <bcollins@debian.org> 2005/10/04
@@ -23,7 +27,7 @@
#include <grp.h>
#include <syslog.h>
#include <errno.h>
#include <sys/apparmor.h>
#include <apparmor.h>
#include <security/pam_ext.h>
#include <security/pam_modutil.h>
@@ -165,8 +169,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
* stop attempting to use change_hat */
goto nodefault;
break;
case EPERM: /* Disable when ECHILD patch gets accepted */
case EACCES:
case ENOENT:
/* failed to change into attempted hat, so we'll
* jump back out and try the next one */
break;

2
changehat/pam_apparmor/pam_apparmor.h
View File

@@ -1,8 +1,6 @@
/* pam_apparmor module */
/*
* $Id$
*
* Written by Jesse Michael <jmichael@suse.de> 2006/08/24
* and Steve Beattie <sbeattie@suse.de> 2006/10/25
*

1
changehat/tomcat_apparmor/tomcat_5_0/Makefile
View File

@@ -1,4 +1,3 @@
# $Id: Makefile 10 2006-04-12 20:31:08Z steve-beattie $
# ----------------------------------------------------------------------
# Copyright (c) 1999, 2004, 2005, 2006 NOVELL (All rights reserved)
#

1
changehat/tomcat_apparmor/tomcat_5_0/tomcat_apparmor.spec.in
View File

@@ -1,4 +1,3 @@
# $Id:$
# ----------------------------------------------------------------------
# Copyright (c) 2006 NOVELL (All rights reserved)
#

1
changehat/tomcat_apparmor/tomcat_5_5/Makefile
View File

@@ -1,4 +1,3 @@
# $Id: Makefile 10 2006-04-12 20:31:08Z steve-beattie $
# ----------------------------------------------------------------------
# Copyright (c) 1999, 2004, 2005, 2006 NOVELL (All rights reserved)
#

15
changehat/tomcat_apparmor/tomcat_5_5/build.xml
View File

@@ -4,8 +4,8 @@
<property name="jni_src" location="src/jni_src"/>
<property name="build" location="build"/>
<property name="install_root" location="/"/>
<property name="catalina_home" location="/usr/share/tomcat5"/>
<property name="lib" location="lib"/>
<property name="catalina_home" location="/usr/share/tomcat6"/>
<property name="lib" location="/usr/share/tomcat6/bin"/>
<property name="install_lib" value="/lib"/>
<property name="dist" location="dist"/>
<property name="jarfile" location="${dist}/${ant.project.name}.jar"/>
@@ -18,10 +18,11 @@
<include name="**/*.jar"/>
</fileset>
<fileset id="tomcat.jars" dir="${catalina_home}/server/lib">
<fileset id="tomcat.jars" dir="${catalina_home}/lib">
<include name="**/*.jar"/>
</fileset>
<fileset id="servlet.jars" dir="${catalina_home}/common/lib">
<fileset id="servlet.jars" dir="${catalina_home}/lib">
<include name="**/*.jar"/>
</fileset>
@@ -80,9 +81,9 @@
</target>
<target name="install_jar" depends="jni_so" description="Install jar file">
<mkdir dir="${install_root}/${catalina_home}/server/lib/"/>
<copy file="${jarfile}" tofile="${install_root}/${catalina_home}/server/lib/${ant.project.name}.jar"/>
<chmod perm="644" file="${install_root}/${catalina_home}/server/lib/${ant.project.name}.jar"/>
<mkdir dir="${install_root}/${catalina_home}/lib/"/>
<copy file="${jarfile}" tofile="${install_root}/${catalina_home}/lib/${ant.project.name}.jar"/>
<chmod perm="644" file="${install_root}/${catalina_home}/lib/${ant.project.name}.jar"/>
</target>
<target name="clean" description="Remove build and dist directories">

2
changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/JNIChangeHat.c
View File

@@ -13,7 +13,7 @@
#include "jni.h"
#include <errno.h>
#include "sys/apparmor.h"
#include <apparmor.h>
#include "com_novell_apparmor_JNIChangeHat.h"
/* c intermediate lib call for Java -> JNI -> c library execution of the change_hat call */

4
changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile
View File

@@ -4,7 +4,7 @@ LIB = lib/
LIBDIR = /usr/${LIB}
INCLUDE = ${LIBDIR}/jvm/java/include
CFLAGS = -g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe -fpic -D_REENTRANT
INCLUDES = -I$(INCLUDE) -I$(INCLUDE)/linux
INCLUDES = -I$(INCLUDE) -I$(INCLUDE)/linux -I$(TOP)/../../../libraries/libapparmor/src/
CLASSFILE = ${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class
DESTDIR = ${TOP}/dist
SO_VERS = 1
@@ -20,7 +20,7 @@ ${JAVA_CLASSNAME}.java com_novell_apparmor_${JAVA_CLASSNAME}.h: ${CLASSFILE}
javah -jni -classpath ${CLASSPATH} com.novell.apparmor.${JAVA_CLASSNAME}
${TARGET}.so: ${JAVA_CLASSNAME}.c ${JAVA_CLASSNAME}.java com_novell_apparmor_${JAVA_CLASSNAME}.h
gcc ${INCLUDES} ${CFLAGS} -shared -o ${TARGET}.so ${JAVA_CLASSNAME}.c -lapparmor
gcc ${INCLUDES} ${CFLAGS} -shared -o ${TARGET}.so ${JAVA_CLASSNAME}.c -L$(TOP)/../../../libraries/libapparmor/src/.libs -lapparmor
install: ${TARGET}.so
install -d $(DESTDIR)/${LIB} $(DESTDIR)${LIBDIR}

1
changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in
View File

@@ -1,4 +1,3 @@
# $Id:$
# ----------------------------------------------------------------------
# Copyright (c) 2006 NOVELL (All rights reserved)
#

19
common/Make-po.rules
View File

@@ -1,12 +1,19 @@
# $Id$
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
# Copyright (c) 1999-2008 NOVELL (All rights reserved)
# Copyright 2009-2010 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# ------------------------------------------------------------------
#
# The including makefile needs to define LANG, which lists the lang
@@ -14,7 +21,7 @@
# exist
LOCALEDIR=/usr/share/locale
XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor-general@forge.novell.com -d ${NAME}
XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor@lists.ubuntu.com -d ${NAME}
# When making the .pot file, it's expected that the parent Makefile will
# pass in the list of sources in the SOURCES variable

141
common/Make.rules
View File

@@ -1,7 +1,7 @@
# $Id$
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
# Copyright (C) 2010 Canonical, Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -25,7 +25,7 @@
# directories
DISTRIBUTION=AppArmor
VERSION=2.1
VERSION=$(shell cat common/Version)
# OVERRIDABLE variables
# Set these variables before including Make.rules to change its behavior
@@ -48,16 +48,21 @@ BUILDDIR=$(shell if [ -d "${TESTBUILDDIR}" ] ; then \
echo "/tmp/${NAME}" ; \
fi ;)
endif
RPMHOSTVENDOR=$(shell rpm --eval "%{_host_vendor}")
ifndef DISTRO
DISTRO=$(shell if [ -f /etc/slackware-version ] ; then \
echo slackware ; \
elif [ -f /etc/debian_version ] ; then \
echo debian ;\
elif [ ${RPMHOSTVENDOR} = "suse" ] ; then \
echo suse ;\
elif [ ${RPMHOSTVENDOR} = "redhat" ] ; then \
echo rhel4 ;\
elif which rpm > /dev/null ; then \
if [ "$(rpm --eval '0%{?suse_version}')" != "0" ] ; then \
echo suse ;\
elif [ "$(rpm --eval '%{_host_vendor}')" = redhat ] ; then \
echo rhel4 ;\
elif [ "$(rpm --eval '0%{?fedora}')" != "0" ] ; then \
echo rhel4 ;\
else \
echo unknown ;\
fi ;\
else \
echo unknown ;\
fi)
@@ -70,20 +75,7 @@ RPMARG=--define "_topdir $(BUILDDIR:/=)" \
$(shell [ -d ${BUILDDIR}/BUILDROOT ] && echo --define \"buildroot $(BUILDDIR:/=)/BUILDROOT\") \
$(shell [ -n "${DISTRO}" ] && echo --define \"distro ${DISTRO}\")
#REPO_VERSION=$(shell if [ -x /usr/bin/svn ] ; then \
# if ! /usr/bin/svn info -r HEAD . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; then \
# /usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; \
# fi ; \
# fi)
REPO_VERSION=$(shell if [ -x /usr/bin/svn ] ; then \
/usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; \
fi)
REPO_URL=$(shell if [ -x /usr/bin/svn ] ; then \
/usr/bin/svn info . 2> /dev/null | grep "^URL:" | sed "s/^URL: //" ; \
fi)
COMMON_REPO_URL=$(shell if [ -x /usr/bin/svn ] ; then \
/usr/bin/svn info $(COMMONDIR) 2> /dev/null | grep "^URL:" | sed "s/^URL: //" ; \
fi)
REPO_VERSION_CMD=([ -x /usr/bin/bzr ] && /usr/bin/bzr version-info . 2> /dev/null || awk '{ print "revno: "$2 }' common/.stamp_rev) | awk '/^revno:/ { print $2 }'
ifdef EXTERNAL_PACKAGE
RPMARG+=--define "_sourcedir $(shell pwd)"
@@ -92,30 +84,14 @@ endif
ifndef SPECFILE
SPECFILE = $(NAME).spec
endif
RELEASE = $(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} --qf "%{RELEASE}" ${SPECFILE})
RELEASE_DIR = $(NAME)-$(VERSION)
TARBALL = $(NAME)-$(VERSION)-${REPO_VERSION}.tar.gz
TAR = /bin/tar czvp -h --exclude .svn --exclude CVS --exclude .cvsignore --exclude ${TARBALL} --exclude ${RELEASE_DIR}/${RELEASE_DIR} $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
TAR = /bin/tar czvp -h --exclude .svn --exclude .bzr --exclude .bzrignore --exclude ${RELEASE_DIR}/${RELEASE_DIR} $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
LDCONFIG = /sbin/ldconfig
CVSPKG_VERSION=$(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} ${SPECFILE} | head -1 | tr "." "_")
RPMSUBDIRS=SOURCES SPECS BUILD BUILDROOT SRPMS RPMS/i386 RPMS/i586 \
RPMS/i686 RPMS/athlon RPMS/noarch RPMS/x86_64
BUILDRPMSUBDIRS=$(foreach subdir, $(RPMSUBDIRS), $(BUILDDIR:/=)/$(subdir))
.PHONY: cvs_tag
cvs_tag:
cvs tag IMMUNIX-${CVSPKG_VERSION}
.PHONY: checkin
checkin:
if cvs -q up -d | grep -q "^\?" ; then echo "Hey! You have" \
"files in the directory you have not added into cvs."; exit 1; \
fi
cvs ci
make cvs_tag
ifdef EXTERNAL_PACKAGE
.PHONY: rpm
rpm: clean $(BUILDRPMSUBDIRS)
@@ -123,21 +99,25 @@ rpm: clean $(BUILDRPMSUBDIRS)
else
.PHONY: rpm
rpm: clean $(TARBALL) $(BUILDRPMSUBDIRS)
cp $(TARBALL) $(BUILDDIR)/SOURCES/
rpm: clean $(BUILDRPMSUBDIRS)
__REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
__TARBALL=$(NAME)-$(VERSION)-$${__REPO_VERSION}.tar.gz ; \
make $${__TARBALL} ; \
cp $${__TARBALL} $(BUILDDIR)/SOURCES/
cp ${SPECFILE} $(BUILDDIR)/SPECS/
rpmbuild -ba ${RPMARG} ${SPECFILE}
.PHONY: ${SPECFILE}
${SPECFILE}: ${SPECFILE}.in
__REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
sed -e "s/@@immunix_version@@/${VERSION}/g" \
-e "s/@@repo_version@@/${REPO_VERSION}/g" $< > $@
-e "s/@@repo_version@@/$${__REPO_VERSION}/g" $< > $@
${TARBALL}: clean ${SPECFILE}
%.tar.gz: clean ${SPECFILE}
-rm -rf $(RELEASE_DIR)
mkdir $(RELEASE_DIR)
$(TAR) . | tar xz -C $(RELEASE_DIR)
$(TAR) -f $@ $(RELEASE_DIR)
$(TAR) --exclude $@ . | tar xz -C $(RELEASE_DIR)
$(TAR) --exclude $@ -f $@ $(RELEASE_DIR)
rm -rf $(RELEASE_DIR)
ifndef OVERRIDE_TARBALL
@@ -145,15 +125,6 @@ ifndef OVERRIDE_TARBALL
tarball: clean $(TARBALL)
endif
.PHONY: dist
dist: clean $(SPECFILE)
-rm -rf $(RELEASE_DIR)
svn export -r $(REPO_VERSION) $(REPO_URL) $(RELEASE_DIR)
svn export $(COMMON_REPO_URL) $(RELEASE_DIR)/common
make -C $(RELEASE_DIR) $(SPECFILE) REPO_VERSION=${REPO_VERSION} COMMONDIR_EXISTS=false
$(TAR) -f $(TARBALL) $(RELEASE_DIR)
rm -rf $(RELEASE_DIR)
endif
.PHONY: version
@@ -161,6 +132,12 @@ endif
version:
rpm -q --define "_sourcedir ." ${RPMARG} --specfile ${SPECFILE}
.PHONY: repo_version
.SILENT: repo_version
repo_version:
$(value REPO_VERSION_CMD)
.PHONY: build_dir
build_dir: $(BUILDRPMSUBDIRS)
@@ -191,32 +168,33 @@ install_manpages: $(MANPAGES)
$(foreach dir, ${MANDIRS}, \
install -d ${DESTDIR}/${MANDIR}/man${dir} ; \
install -m 644 $(filter %.${dir}, ${MANPAGES}) ${DESTDIR}/${MANDIR}/man${dir}; \
$(foreach aa_page, $(filter %.${dir}, ${AA_MANPAGES}), \
ln -sf $(aa_page) ${DESTDIR}/${MANDIR}/man${dir}/${aa_page:%=aa-%};))
)
MAN_RELEASE="AppArmor ${VERSION}"
%.1: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=1 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=1 > $@
%.2: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=2 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=2 > $@
%.3: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=3 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=3 > $@
%.4: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=4 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=4 > $@
%.5: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=5 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=5 > $@
%.6: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=6 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=6 > $@
%.7: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=7 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=7 > $@
%.8: %.pod
$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=8 > $@
$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=8 > $@
%.1.html: %.pod
$(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
@@ -242,43 +220,6 @@ install_manpages: $(MANPAGES)
%.8.html: %.pod
$(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
# =====================
# Slackware poo
# =====================
.PHONY: slack
slack:
rm -rf ${BUILDDIR}
mkdir -p ${BUILDDIR}/install
make install DESTDIR=${BUILDDIR} DISTRO=slackware
# comment line is there so grep always has something to match
( echo "# install script pulled from ${SPECFILE}" ; rpm -q --specfile --define "_sourcedir ." ${RPMARG} --qf "%{POSTIN}\n" ${SPECFILE}) | grep -v "^(none)$$" >> ${BUILDDIR}/install/doinst.sh
( cd ${BUILDDIR} && makepkg -l y -c y -p ${PWD}/${NAME}-${VERSION}-${RELEASE}.tgz )
# =====================
# Debian poo
# =====================
.PHONY: deb
deb: ${TARBALL}
rm -rf ${BUILDDIR}
mkdir -p ${BUILDDIR}
tar -xvzf ${TARBALL} -C ${BUILDDIR}
( cd ${BUILDDIR}/${RELEASE_DIR} && sh -c "DEBFULLNAME='NOVELL, Inc' dh_make -e apparmor-general@forge.novell.com --library -f ~/svn/immunix/immunix/libimmunix/libimmunix-2.0.tar.gz << EOM \
\
EOM" )
make ${NAME}-deb -C ${BUILDDIR}/${RELEASE_DIR}
# ( cd ${BUILDDIR}/${RELEASE_DIR} && dpkg-buildpackage -b -sd -rfakeroot)
DEBIAN_DISTRO=stable
DEB_CHANGELOG_OUTPUT="${NAME} (${VERSION}-${RELEASE}) ${DEBIAN_DISTRO}; urgency=low\n\
\n * Automatically generated by the AppArmor Build System.\n\
\n -- AppArmor Development Team <apparmor-general@forge.novell.com> $(shell date -R)"
.PHONY: debian/changelog
debian/changelog:
echo -e ${DEB_CHANGELOG_OUTPUT} > $@
A2PS_ARGS=-Ec -g --line-numbers=1
ENSCRIPT_ARGS=-C -2jGr -f Courier6 -E
%.c.ps: %.c

1
common/Version Normal file
View File

@@ -0,0 +1 @@
2.6.0

0
management/apparmor-dbus/AUTHORS → deprecated/management/apparmor-dbus/AUTHORS
View File

0
management/apparmor-dbus/COPYING → deprecated/management/apparmor-dbus/COPYING
View File

0
management/apparmor-dbus/ChangeLog → deprecated/management/apparmor-dbus/ChangeLog
View File

0
management/apparmor-dbus/INSTALL → deprecated/management/apparmor-dbus/INSTALL
View File

0
management/apparmor-dbus/Makefile.am → deprecated/management/apparmor-dbus/Makefile.am
View File

0
management/apparmor-dbus/NEWS → deprecated/management/apparmor-dbus/NEWS
View File

0
management/apparmor-dbus/README → deprecated/management/apparmor-dbus/README
View File

0
management/apparmor-dbus/TODO → deprecated/management/apparmor-dbus/TODO
View File

2
management/apparmor-dbus/apparmor-dbus.spec → deprecated/management/apparmor-dbus/apparmor-dbus.spec
View File

@@ -6,7 +6,7 @@
Name: apparmor-dbus
BuildRequires: audit-devel dbus-1-devel pkgconfig libapparmor-devel
Requires: libapparmor
Version: 1.2
Version: 2.3
Release: 0
License: GPL
Group: System/Management

0
management/apparmor-dbus/autogen.sh → deprecated/management/apparmor-dbus/autogen.sh
View File

16
deprecated/management/apparmor-dbus/configure.in Normal file
View File

@@ -0,0 +1,16 @@
AC_INIT(configure.in)
AM_INIT_AUTOMAKE(apparmor-dbus, 2.3)
AC_LANG_C
AC_PROG_CC
AC_CHECK_HEADERS(libaudit.h,,AC_MSG_ERROR([libaudit header file not found!]))
AC_CHECK_LIB(audit, audit_open)
AC_CHECK_HEADERS(aalogparse/aalogparse.h)
AC_CHECK_LIB(apparmor, parse_record)
PKG_CHECK_MODULES(DBUS, dbus-1 >= 0.60)
CFLAGS="${CFLAGS} ${DBUS_CFLAGS}"
AC_CHECK_LIB(dbus-1, exit,,AC_MSG_ERROR([dbus-1 not found!]))
AC_OUTPUT(Makefile src/Makefile)

2
deprecated/management/apparmor-dbus/src/Makefile.am Normal file
View File

@@ -0,0 +1,2 @@
bin_PROGRAMS = apparmor-dbus
apparmor_dbus_SOURCES = aadbus.c

0
management/apparmor-dbus/src/aadbus.c → deprecated/management/apparmor-dbus/src/aadbus.c
View File

0
management/libaalogparse/AUTHORS → deprecated/management/profile-editor/AUTHORS
View File

0
management/profile-editor/COPYING → deprecated/management/profile-editor/COPYING
View File

0
management/applets/apparmorapplet-gnome/ChangeLog → deprecated/management/profile-editor/ChangeLog
View File

0
management/profile-editor/INSTALL → deprecated/management/profile-editor/INSTALL
View File

0
management/profile-editor/Makefile.am → deprecated/management/profile-editor/Makefile.am
View File

0
management/profile-editor/Makefile.cvs → deprecated/management/profile-editor/Makefile.cvs
View File

0
management/applets/apparmorapplet-gnome/NEWS → deprecated/management/profile-editor/NEWS
View File

0
management/profile-editor/README → deprecated/management/profile-editor/README
View File

0
management/profile-editor/TODO → deprecated/management/profile-editor/TODO
View File

0
management/profile-editor/configure.in → deprecated/management/profile-editor/configure.in
View File

0
management/profile-editor/doc/Makefile.am → deprecated/management/profile-editor/doc/Makefile.am
View File

0
management/profile-editor/doc/Makefile.in → deprecated/management/profile-editor/doc/Makefile.in
View File

0
management/profile-editor/doc/en/AppArmorProfileEditor.htb → deprecated/management/profile-editor/doc/en/AppArmorProfileEditor.htb
View File

0
management/profile-editor/doc/en/Makefile.am → deprecated/management/profile-editor/doc/en/Makefile.am
View File

0
management/profile-editor/doc/en/Makefile.in → deprecated/management/profile-editor/doc/en/Makefile.in
View File

0
management/profile-editor/macros/autogen.sh → deprecated/management/profile-editor/macros/autogen.sh
View File

0
management/profile-editor/profileeditor.spec → deprecated/management/profile-editor/profileeditor.spec
View File

0
management/profile-editor/src/AboutDialog.cpp → deprecated/management/profile-editor/src/AboutDialog.cpp
View File

0
management/profile-editor/src/AboutDialog.h → deprecated/management/profile-editor/src/AboutDialog.h
View File

0
management/profile-editor/src/Configuration.cpp → deprecated/management/profile-editor/src/Configuration.cpp
View File

0
management/profile-editor/src/Configuration.h → deprecated/management/profile-editor/src/Configuration.h
View File

0
management/profile-editor/src/Makefile.am → deprecated/management/profile-editor/src/Makefile.am
View File

0
management/profile-editor/src/Preferences.cpp → deprecated/management/profile-editor/src/Preferences.cpp
View File

0
management/profile-editor/src/Preferences.h → deprecated/management/profile-editor/src/Preferences.h
View File

0
management/profile-editor/src/ProfileDirectoryTraverser.h → deprecated/management/profile-editor/src/ProfileDirectoryTraverser.h
View File

0
management/profile-editor/src/ProfileTextCtrl.cpp → deprecated/management/profile-editor/src/ProfileTextCtrl.cpp
View File

Some files were not shown because too many files have changed in this diff Show More