Bump libapparmor's AA_LIB_REVISION in preparation for 2.8.1 release.

Merge from trunk commit 2102

Original message:
  I was testing out a profile for pulseaudio and hit an issue where my
  pulseaudio process was getting the firefox profile applied to it. This
  is because in abstractions/ubuntu-browsers.d/multimedia the rule for
  pulseaudio is /usr/bin/pulseaudio ixr; attached is a patch to change it
  to Pixr, so as to use a global pulseaudio policy if it exists.

Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>

.bzrignore

@@ -0,0 +1,167 @@
+apparmor-*
+parser/po/*.mo
+parser/af_names.h
+parser/cap_names.h
+parser/tst_misc
+parser/tst_regex
+parser/tst_symtab
+parser/tst_variable
+parser/tst/simple_tests/generated_*/*
+parser/parser_lex.c
+parser/parser_version.h
+parser/parser_yacc.c
+parser/parser_yacc.h
+parser/pod2htm*.tmp
+parser/*.7
+parser/*.5
+parser/*.8
+parser/*.7.html
+parser/*.5.html
+parser/*.8.html
+parser/common
+parser/apparmor_parser
+parser/libapparmor_re/regexp.cc
+parser/techdoc.aux
+parser/techdoc.log
+parser/techdoc.pdf
+parser/techdoc.toc
+libraries/libapparmor/Makefile
+libraries/libapparmor/Makefile.in
+libraries/libapparmor/aclocal.m4
+libraries/libapparmor/audit.log
+libraries/libapparmor/autom4te.cache
+libraries/libapparmor/compile
+libraries/libapparmor/config.guess
+libraries/libapparmor/config.log
+libraries/libapparmor/config.status
+libraries/libapparmor/config.sub
+libraries/libapparmor/configure
+libraries/libapparmor/depcomp
+libraries/libapparmor/install-sh
+libraries/libapparmor/libtool
+libraries/libapparmor/ltmain.sh
+libraries/libapparmor/missing
+libraries/libapparmor/ylwrap
+libraries/libapparmor/doc/Makefile
+libraries/libapparmor/doc/Makefile.in
+libraries/libapparmor/doc/*.2
+libraries/libapparmor/src/.deps
+libraries/libapparmor/src/.libs
+libraries/libapparmor/src/Makefile
+libraries/libapparmor/src/Makefile.in
+libraries/libapparmor/src/af_protos.h
+libraries/libapparmor/src/change_hat.lo
+libraries/libapparmor/src/grammar.lo
+libraries/libapparmor/src/libaalogparse.lo
+libraries/libapparmor/src/libimmunix_warning.lo
+libraries/libapparmor/src/scanner.lo
+libraries/libapparmor/src/libapparmor.la
+libraries/libapparmor/src/libimmunix.la
+libraries/libapparmor/src/grammar.c
+libraries/libapparmor/src/grammar.h
+libraries/libapparmor/src/scanner.c
+libraries/libapparmor/src/scanner.h
+libraries/libapparmor/src/tst_aalogmisc
+libraries/libapparmor/swig/Makefile
+libraries/libapparmor/swig/Makefile.in
+libraries/libapparmor/swig/perl/LibAppArmor.bs
+libraries/libapparmor/swig/perl/LibAppArmor.pm
+libraries/libapparmor/swig/perl/Makefile
+libraries/libapparmor/swig/perl/Makefile.PL
+libraries/libapparmor/swig/perl/Makefile.in
+libraries/libapparmor/swig/perl/Makefile.perl
+libraries/libapparmor/swig/perl/blib
+libraries/libapparmor/swig/perl/libapparmor_wrap.c
+libraries/libapparmor/swig/perl/pm_to_blib
+libraries/libapparmor/swig/python/Makefile
+libraries/libapparmor/swig/python/Makefile.in
+libraries/libapparmor/swig/python/setup.py
+libraries/libapparmor/swig/ruby/Makefile
+libraries/libapparmor/swig/ruby/Makefile.in
+libraries/libapparmor/testsuite/.deps
+libraries/libapparmor/testsuite/.libs
+libraries/libapparmor/testsuite/Makefile
+libraries/libapparmor/testsuite/Makefile.in
+libraries/libapparmor/testsuite/libaalogparse.log
+libraries/libapparmor/testsuite/libaalogparse.sum
+libraries/libapparmor/testsuite/site.exp
+libraries/libapparmor/testsuite/test_multi.multi
+libraries/libapparmor/testsuite/config/Makefile
+libraries/libapparmor/testsuite/config/Makefile.in
+libraries/libapparmor/testsuite/lib/Makefile
+libraries/libapparmor/testsuite/lib/Makefile.in
+libraries/libapparmor/testsuite/libaalogparse.test/Makefile
+libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
+libraries/libapparmor/testsuite/test_multi/out
+changehat/mod_apparmor/.libs
+changehat/mod_apparmor/common
+changehat/pam_apparmor/common
+changehat/tomcat_apparmor/common
+utils/common
+utils/*.8
+utils/*.8.html
+utils/*.5
+utils/*.5.html
+utils/*.tmp
+utils/po/*.mo
+tests/regression/apparmor/access
+tests/regression/apparmor/changehat
+tests/regression/apparmor/changehat_fail
+tests/regression/apparmor/changehat_fork
+tests/regression/apparmor/changehat_misc
+tests/regression/apparmor/changehat_misc2
+tests/regression/apparmor/changehat_pthread
+tests/regression/apparmor/changehat_twice
+tests/regression/apparmor/changehat_wrapper
+tests/regression/apparmor/changeprofile
+tests/regression/apparmor/chdir
+tests/regression/apparmor/chgrp
+tests/regression/apparmor/chmod
+tests/regression/apparmor/chown
+tests/regression/apparmor/clone
+tests/regression/apparmor/deleted
+tests/regression/apparmor/env_check
+tests/regression/apparmor/environ
+tests/regression/apparmor/exec
+tests/regression/apparmor/exec_qual
+tests/regression/apparmor/exec_qual2
+tests/regression/apparmor/fchdir
+tests/regression/apparmor/fchgrp
+tests/regression/apparmor/fchmod
+tests/regression/apparmor/fchown
+tests/regression/apparmor/fork
+tests/regression/apparmor/link
+tests/regression/apparmor/link_subset
+tests/regression/apparmor/mkdir
+tests/regression/apparmor/mmap
+tests/regression/apparmor/mount
+tests/regression/apparmor/named_pipe
+tests/regression/apparmor/net_raw
+tests/regression/apparmor/open
+tests/regression/apparmor/openat
+tests/regression/apparmor/pipe
+tests/regression/apparmor/ptrace
+tests/regression/apparmor/ptrace_helper
+tests/regression/apparmor/pwrite
+tests/regression/apparmor/readdir
+tests/regression/apparmor/rename
+tests/regression/apparmor/rw
+tests/regression/apparmor/swap
+tests/regression/apparmor/symlink
+tests/regression/apparmor/syscall_chroot
+tests/regression/apparmor/syscall_mknod
+tests/regression/apparmor/syscall_mlockall
+tests/regression/apparmor/syscall_ptrace
+tests/regression/apparmor/syscall_reboot
+tests/regression/apparmor/syscall_setdomainname
+tests/regression/apparmor/syscall_sethostname
+tests/regression/apparmor/syscall_setpriority
+tests/regression/apparmor/syscall_setscheduler
+tests/regression/apparmor/syscall_sysctl
+tests/regression/apparmor/sysctl_proc
+tests/regression/apparmor/tcp
+tests/regression/apparmor/unix_fd_client
+tests/regression/apparmor/unix_fd_server
+tests/regression/apparmor/unlink
+tests/regression/apparmor/xattrs
+tests/regression/apparmor/coredump

Makefile

@@ -1,5 +1,4 @@
 #
-# $Id$
 #
 OVERRIDE_TARBALL=yes
 
@@ -8,31 +7,58 @@ include common/Make.rules
 DIRS=parser \
      profiles \
      utils \
-     changehat/libapparmor \
+     libraries/libapparmor \
      changehat/mod_apparmor \
      changehat/pam_apparmor \
-     management/apparmor-dbus \
-     management/applets/apparmorapplet-gnome \
-     management/yastui \
-     common \
      tests
 
-RELEASE_DIR=apparmor-${VERSION}-${REPO_VERSION}
+REPO_URL?=lp:apparmor/2.8
+# alternate possibilities to export from
+#REPO_URL=.
+#REPO_URL="bzr+ssh://bazaar.launchpad.net/~sbeattie/+junk/apparmor-dev/"
+
+RELEASE_DIR=apparmor-${VERSION}
+__SETUP_DIR?=.
+
+# We create a separate version for tags because git can't handle tags
+# with embedded ~s in them. No spaces around '-' or they'll get
+# embedded in ${VERSION}
+TAG_VERSION=$(subst ~,-,${VERSION})
 
 .PHONY: tarball
-tarball: _dist
-	tar cvzf ${RELEASE_DIR}.tar.gz ${RELEASE_DIR}
+tarball: clean
+	REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
+	make export_dir __EXPORT_DIR=${RELEASE_DIR} __REPO_VERSION=$${REPO_VERSION} ; \
+	make setup __SETUP_DIR=${RELEASE_DIR} ; \
+	tar --exclude deprecated -cvzf ${RELEASE_DIR}.tar.gz ${RELEASE_DIR}
 
-${RELEASE_DIR}:
-	mkdir ${RELEASE_DIR}
+.PHONY: snapshot
+snapshot: clean
+	REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
+	SNAPSHOT_DIR=apparmor-${VERSION}~$${REPO_VERSION} ;\
+	make export_dir __EXPORT_DIR=$${SNAPSHOT_DIR} __REPO_VERSION=$${REPO_VERSION} ; \
+	make setup __SETUP_DIR=$${SNAPSHOT_DIR} ; \
+	tar --exclude deprecated -cvzf $${SNAPSHOT_DIR}.tar.gz $${SNAPSHOT_DIR} ;
 
-.PHONY: _dist
-.PHONY: ${DIRS}
 
-_dist: clean ${DIRS}
-	
-${DIRS}: ${RELEASE_DIR}
-	svn export -r $(REPO_VERSION) $(REPO_URL)/$@ $(RELEASE_DIR)/$@ ; \
+.PHONY: export_dir
+export_dir:
+	mkdir $(__EXPORT_DIR)
+	/usr/bin/bzr export --per-file-timestamps -r $(__REPO_VERSION) $(__EXPORT_DIR) $(REPO_URL)
+	echo "$(REPO_URL) $(__REPO_VERSION)" > $(__EXPORT_DIR)/common/.stamp_rev
 
+.PHONY: clean
 clean:
-	-rm -rf ${RELEASE_DIR}
+	-rm -rf ${RELEASE_DIR} ./apparmor-${VERSION}~*
+	for dir in $(DIRS); do \
+		make -C $$dir clean; \
+	done
+
+.PHONY: setup
+setup:
+	cd $(__SETUP_DIR)/libraries/libapparmor && ./autogen.sh
+
+.PHONY: tag
+tag:
+	bzr tag apparmor_${TAG_VERSION}
+

README

@@ -0,0 +1,200 @@
+------------
+Introduction
+------------
+AppArmor protects systems from insecure or untrusted processes by
+running them in restricted confinement, while still allowing processes
+to share files, exercise privilege and communicate with other processes.
+AppArmor is a Mandatory Access Control (MAC) mechanism which uses the
+Linux Security Module (LSM) framework. The confinement's restrictions
+are mandatory and are not bound to identity, group membership, or object
+ownership. The protections provided are in addition to the kernel's
+regular access control mechanisms (including DAC) and can be used to
+restrict the superuser.
+
+The AppArmor kernel module and accompanying user-space tools are
+available under the GPL license (the exception is the libapparmor
+library, available under the LGPL license, which allows change_hat(2)
+and change_profile(2) to be used by non-GPL binaries).
+
+For more information, you can read the techdoc.pdf (available after
+building the parser) and by visiting the http://apparmor.net/ web
+site.
+
+
+-------------
+Source Layout
+-------------
+
+AppArmor consists of several different parts:
+
+changehat/	source for using changehat with Apache, PAM and Tomcat
+common/		common makefile rules
+desktop/	empty
+kernel-patches/	compatibility patches for various kernel versions
+libraries/	libapparmor source and language bindings
+parser/		source for parser/loader and corresponding documentation
+profiles/	configuration files, reference profiles and abstractions
+tests/		regression and stress testsuites
+utils/		high-level utilities for working with AppArmor
+
+--------------------------------------
+Important note on AppArmor kernel code
+--------------------------------------
+
+While most of the kernel AppArmor code has been accepted in the
+upstream Linux kernel, a few important pieces were not included. These
+missing pieces unfortunately are important bits for AppArmor userspace
+and kernel interaction; therefore we have included compatibility
+patches in the kernel-patches/ subdirectory, versioned by upstream
+kernel (2.6.37 patches should apply cleanly to 2.6.38 source).
+
+Without these patches applied to the kernel, the AppArmor userspace
+will not function correctly.
+
+------------------------------------------
+Building and Installing AppArmor Userspace
+------------------------------------------
+
+To build and install AppArmor userspace on your system, build and install in
+the following order.
+
+
+libapparmor:
+$ cd ./libraries/libapparmor
+$ sh ./autogen.sh
+$ sh ./configure --prefix=/usr --with-perl	# see below
+$ make
+$ make check
+$ make install
+
+[optional arguments to libapparmor's configure include --with-python
+ and --with-ruby, to generate python and ruby bindings to libapparmor,
+ respectively.]
+
+
+Utilities:
+$ cd utils
+$ make
+$ make check
+$ make install
+
+
+parser:
+$ cd parser
+$ make
+$ make check
+$ make install
+
+
+Apache mod_apparmor:
+$ cd changehat/mod_apparmor
+$ make		# depends on libapparmor having been built first
+$ make install
+
+
+PAM AppArmor:
+$ cd changehat/pam_apparmor
+$ make		# depends on libapparmor having been built first
+$ make install
+
+
+Profiles:
+$ cd profiles
+$ make
+$ make check	# depends on the parser having been built first
+$ make install
+
+
+[Note that for the parser and the utils, if you only with to build/use
+ some of the locale languages, you can override the default by passing
+ the LANGS arguments to make; e.g. make all install "LANGS=en_US fr".]
+
+-------------------
+AppArmor Testsuites
+-------------------
+
+A number of testsuites are in the AppArmor sources. Most have documentation on
+usage and how to update and add tests. Below is a quick overview of their
+location and how to run them.
+
+
+Regression tests
+----------------
+For details on structure and adding tests, see
+tests/regression/apparmor/README.
+
+To run:
+$ cd tests/regression/apparmor (requires root)
+$ make
+$ sudo make tests
+$ sudo bash open.sh -r	 # runs and saves the last testcase from open.sh
+
+
+Parser tests
+------------
+For details on structure and adding tests, see parser/tst/README.
+
+To run:
+$ cd parser/tst
+$ make
+$ make tests
+
+
+Libapparmor
+-----------
+For details on structure and adding tests, see libraries/libapparmor/README.
+$ cd libraries/libapparmor
+$ make check
+
+Utils
+-----
+There are some simple tests available, including basic perl syntax
+checks for the perl modules and executables. There are also minimal
+checks on the python utilities and python-based tests in the test/
+subdirectory.
+$ cd utils
+$ make check
+
+The aa-decode utility to be tested can be overridden by
+setting up environment variable APPARMOR_DECODE; e.g.:
+
+$ APPARMOR_DECODE=/usr/bin/aa-decode make check
+
+Profile checks
+--------------
+A basic consistency check to ensure that the parser and aa-logprof parse
+successfully the current set of shipped profiles. The system or other
+parser and logprof can be passed in by overriding the PARSER and LOGPROF
+variables.
+$ cd profiles
+$ make && make check
+
+Stress Tests
+------------
+To run AppArmor stress tests:
+$ make all
+
+Use these:
+$ ./change_hat
+$ ./child
+$ ./kill.sh
+$ ./open
+$ ./s.sh
+
+Or run all at once:
+$ ./stress.sh
+
+Please note that the above will stress the system so much it may end up
+invoking the OOM killer.
+
+To run parser stress tests (requires /usr/bin/ruby):
+$ ./stress.sh
+
+(see stress.sh -h for options)
+
+-----------------------------------------------
+Building and Installing AppArmor Kernel Patches
+-----------------------------------------------
+
+TODO
+

changehat/libapparmor-deprecated/Makefile

@@ -1,119 +0,0 @@
-# $Id$
-# ----------------------------------------------------------------------
-#    Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
-#
-#   This program is free software; you can redistribute it and/or
-#   modify it under the terms of version 2.1 of the GNU Lesser
-#   General Public License published by the Free Software Foundation.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU Lesser General Public
-#   License along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-NAME := libapparmor
-all:
-COMMONDIR:=$(strip $(shell if [ -d "../common/" ] ; then \
-                     echo "../common/" ; \
-	     elif [ -d "../../common/" ] ; then \
-		     echo "../../common/" ; \
-	     else \
-	             echo "/common_dir_not_found" ; \
-	     fi))
-
-include common/Make.rules
-
-COMMONDIR_EXISTS=$(strip $(shell [ -d ${COMMONDIR} ] && echo true))
-ifeq ($(COMMONDIR_EXISTS), true)
-common/Make.rules: $(COMMONDIR)/Make.rules
-	ln -sf $(COMMONDIR) .
-endif
-
-SO_VERS		= 1
-DESTDIR         =
-LIB             = lib/
-LIBDIR          = /usr/${LIB}
-MANPAGES	= change_hat.2
-
-TARGET=libapparmor
-TARGETS=${TARGET}.so ${TARGET}.a
-
-OLDTARGET=libimmunix.so.1
-
-OBJECTS=change_hat.o
-TESTS=tst-sgdh tst-cdh tst-sgkey tst-sgdh-static tst-cdh-static tst-sgkey-static
-
-CFLAGS=-g -O2 -Wall -Wstrict-prototypes -pipe
-EXTRA_CFLAGS=$(CFLAGS) -fpic -D_REENTRANT
-ARFLAGS=-rcs
-
-TEST_CFLAGS=$(CFLAGS) $(CANARY_FLAG) $(FORMATGUARD_FLAG)
-TEST_LDFLAGS= -L. -limmunix
-
-all: ${TARGETS} ${OLDTARGET} ${MANPAGES} ${HTMLMANPAGES}
-
-%.o: %.c
-	$(CC) ${EXTRA_CFLAGS} -c -shared -o $@ $<
-
-${TARGET}.so: ${OBJECTS}
-	${CC} ${EXTRA_CFLAGS} -o $@.$(SO_VERS) -Wl,-soname,$@.$(SO_VERS) -Wl,--version-script=${TARGET}.map -W,-z,defs -shared -dynamic  $^
-	ln -fs $@.$(SO_VERS) $@
-
-${OLDTARGET}: ${OBJECTS} libimmunix_warning.o
-	${CC} ${EXTRA_CFLAGS} -o $@ -Wl,-soname,$@ -Wl,--version-script=${TARGET}.map -W,-z,defs -shared -dynamic $^
-
-${TARGET}.a: ${OBJECTS}
-	ar ${ARFLAGS} $@ $^
-
-${POSTINSTALLBIN}: ${POSTINSTALLBIN}.c
-	$(CC) -static -Os -o $@ $(CANARY_FLAG) $(FORMATGUARD_FLAG) $^
-
-# Ugh, dunno how to do an auto rule for the TESTS
-tst-sgdh: tst-sgdh.c ${TARGET}.so
-	$(CC) ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
-
-tst-cdh: tst-cdh.c ${TARGET}.so
-	$(CC) ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
-
-tst-sgkey: tst-sgkey.c ${TARGET}.so
-	$(CC) ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
-
-tst-sgdh-static: tst-sgdh.c ${TARGET}.a
-	$(CC) -static ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
-
-tst-cdh-static: tst-cdh.c ${TARGET}.a
-	$(CC) -static ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
-
-tst-sgkey-static: tst-sgkey.c ${TARGET}.a
-	$(CC) -static ${TEST_CFLAGS} -o $@ $< ${TEST_LDFLAGS}
-
-check: $(TESTS)
-	-LD_LIBRARY_PATH=. ./tst-sgdh
-	-LD_LIBRARY_PATH=. ./tst-cdh
-	-LD_LIBRARY_PATH=. ./tst-sgkey
-	-./tst-sgdh-static
-	-./tst-cdh-static
-	-./tst-sgkey-static
-
-.PHONY: install
-install: $(SPECFILE) $(TARGETS) $(OLDTARGET)
-	install -d $(DESTDIR)/${LIB} $(DESTDIR)${LIBDIR}
-	install -d ${DESTDIR}/usr/include/sys
-	mv -f $(TARGET).so.$(SO_VERS) $(TARGET)-$(VERSION)-$(RELEASE).so.$(SO_VERS)
-	install -m 755 $(TARGET)-$(VERSION)-$(RELEASE).so.$(SO_VERS) ${DESTDIR}/${LIB}
-	${LDCONFIG} -n ${DESTDIR}/${LIB}
-	install -m 755 $(TARGET).a ${DESTDIR}${LIBDIR}
-	install -m 644 apparmor.h ${DESTDIR}/usr/include/sys
-	ln -sf /${LIB}/$(TARGET).so.$(SO_VERS) ${DESTDIR}${LIBDIR}/$(TARGET).so
-	# compatability with old libimmunix
-	install -m 755 $(OLDTARGET) ${DESTDIR}/${LIB}
-	ln -sf apparmor.h ${DESTDIR}/usr/include/sys/immunix.h
-	make install_manpages DESTDIR=${DESTDIR}
-
-.PHONY: clean
-clean: _clean
-	rm -f *.o $(TARGET)*.so* ${TARGETS} ${OLDTARGET} Make.rules
-	rm -f ${TESTS} ${SPECFILE}

changehat/libapparmor-deprecated/apparmor.h

@@ -1,23 +0,0 @@
-/*   $Id$
-
-     Copyright (c) 2003, 2004, 2005, 2006 Novell, Inc. (All rights reserved)
-
-     The libapparmor library is licensed under the terms of the GNU
-     Lesser General Public License, version 2.1. Please see the file
-     COPYING.LGPL.
-*/
-
-#ifndef _SYS_APPARMOR_H_
-#define _SYS_APPARMOR_H	1
-
-__BEGIN_DECLS
-
-/* Prototype for change_hat as defined by the AppArmor project
-   <http://forge.novell.com/modules/xfmod/project/?apparmor>
-   Please see the change_hat(2) manpage for information. */
-
-extern int change_hat(const char *subprofile, unsigned int magic_token);
-
-__END_DECLS
-
-#endif	/* sys/apparmor.h */

changehat/libapparmor-deprecated/change_hat.c

@@ -1,85 +0,0 @@
-/*   $Id$
-
-     Copyright (c) 2003, 2004, 2005, 2006 Novell, Inc. (All rights reserved)
-
-     The libapparmor library is licensed under the terms of the GNU
-     Lesser General Public License, version 2.1. Please see the file
-     COPYING.LGPL.
-
-*/
-
-#define _GNU_SOURCE	/* for asprintf */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <limits.h>
-
-int change_hat(char *subprofile, unsigned int token)
-{
-	int rc = -1;
-	int fd, ret, len = 0, ctlerr = 0;
-	char *buf = NULL;
-	const char *cmd = "changehat";
-	char *ctl = NULL;
-	pid_t tid = syscall(SYS_gettid);
-
-	/* both may not be null */
-	if (!(token || subprofile)) {
-		errno = EINVAL;
-		goto out;
-	}
-
-	if (subprofile && strnlen(subprofile, PATH_MAX + 1) > PATH_MAX) {
-		errno = EPROTO;
-		goto out;
-	}
-
-	len = asprintf(&buf, "%s %08x^%s", cmd, token,
-		       subprofile ? subprofile : "");
-	if (len < 0) {
-		goto out;
-	}
-
-	ctlerr = asprintf(&ctl, "/proc/%d/attr/current", tid);
-	if (ctlerr < 0) {
-		goto out;
-	}
-
-	fd = open(ctl, O_WRONLY);
-	if (fd == -1) {
-		goto out;
-	}
-
-	ret = write(fd, buf, len);
-	if (ret != len) {
-		int saved;
-		if (ret != -1) {
-			errno = EPROTO;
-		}
-		saved = errno;
-		(void)close(fd);
-		errno = saved;
-		goto out;
-	}
-
-	rc = 0;
-	(void)close(fd);
-
-out:
-	if (buf) {
-		/* clear local copy of magic token before freeing */
-		memset(buf, '\0', len);
-		free(buf);
-	}
-	if (ctl) {
-		free(ctl);
-	}
-	return rc;
-}

changehat/libapparmor-deprecated/change_hat.pod

@@ -1,233 +0,0 @@
-# $Id$
-# This publication is intellectual property of Novell Inc. Its contents
-# can be duplicated, either in part or in whole, provided that a copyright
-# label is visibly located on each copy.
-# 
-# All information found in this book has been compiled with utmost
-# attention to detail. However, this does not guarantee complete accuracy.
-# Neither SUSE LINUX GmbH, the authors, nor the translators shall be held
-# liable for possible errors or the consequences thereof.
-# 
-# Many of the software and hardware descriptions cited in this book
-# are registered trademarks. All trade names are subject to copyright
-# restrictions and may be registered trade marks. SUSE LINUX GmbH
-# essentially adheres to the manufacturer's spelling.
-# 
-# Names of products and trademarks appearing in this book (with or without
-# specific notation) are likewise subject to trademark and trade protection
-# laws and may thus fall under copyright restrictions.
-# 
-# Please direct suggestions and comments to apparmor-general@forge.novell.com.
-
-
-=pod
-
-=head1 NAME
-
-change_hat  - change to or from a "hat" within a AppArmor profile
-
-=head1 SYNOPSIS
-
-B<#include E<lt>sys/apparmor.hE<gt>>
-
-B<int change_hat (char *subprofile, unsigned int magic_token);>
-
-Link with B<-lapparmor> when compiling.
-
-=head1 DESCRIPTION
-
-An AppArmor profile applies to an executable program; if a portion of
-the program needs different access permissions than other portions,
-the program can "change hats" to a different role, also known as a
-subprofile. To change into a new hat, it calls the change_hat() function
-to do so. It passes in a pointer to the I<subprofile> which it wants to
-change into, and a 32bit I<magic_token>.  The I<magic_token> is used to
-return out of the subprofile at a later time.
-
-If a program wants to return out of the current subprofile to the
-original profile, it calls change_hat() with a pointer to NULL as
-the I<subprofile>, and the original I<magic_token> value. If the
-I<magic_token> does not match the original I<magic_token> passed into the
-kernel when the program entered the subprofile, the change back to the
-original profile will not happen, and the current task will be killed.
-If the I<magic_token> matches the original token, then the process will
-change back to the original profile.
-
-If the program wants to change to a subprofile that it can never
-change back out of, the application should call change_hat() with a
-I<magic_token> of I<0>.
-
-As both read(2) and write(2) are mediated, a file must be listed in a
-subprofile definition if the file is to be accessed while the process
-is in a "hat".
-
-=head1 RETURN VALUE
-
-On success zero is returned. On error, -1 is returned, and
-errno(3) is set appropriately.
-
-=head1 ERRORS
-
-=over 4
-
-=item B<EINVAL>
-
-The apparmor kernel module is not loaded or the communication via the
-F</proc/*/attr/current> file did not conform to protocol.
-
-=item B<ENOMEM>
-
-Insufficient kernel memory was available.
-
-=item B<EPERM>
-
-The calling application is not confined by apparmor.
-
-=item B<ECHILD>
-
-The application's profile has no hats defined for it.
-
-=item B<EACCES>
-
-The specified I<subprofile> does not exist in this profile or the
-process tried to change another process's domain.
-
-=back 
-
-=head1 EXAMPLE
-
-The following code examples shows simple, if contrived, uses of
-change_hat(); a typical use of change_hat() will separate privileged
-portions of a process from unprivileged portions of a process, such as
-keeping unauthenticated network traffic handling separate from
-authenticated network traffic handling in OpenSSH or executing
-user-supplied CGI scripts in apache.
-
-The use of random(3) is simply illustrative. Use of F</dev/urandom> is
-recommended.
-
-First, a simple high-level overview of change_hat() use:
-
- void foo (void) {
- 	int magic_token;
-  
- 	/* get a random magic token value
- 	from our huge entropy pool */
- 	magic_token = random_function();
- 
- 	/* change into the subprofile while
- 	 * we do stuff we don't trust */
- 	change_hat ("stuff_we_dont_trust", magic_token);
-
- 	/* Go do stuff we don't trust -- this is all
- 	 * done in *this* process space, no separate
- 	 * fork()/exec()'s are done. */
- 	interpret_perl_stuff(stuff_from_user);
-
- 	/* now change back to our original profile */
- 	change_hat (NULL, magic_token);
- }
-
-Second, an example to show that files not listed in a subprofile
-("hat") aren't accessible after a change_hat() call:
-
- #include <stdlib.h>
- #include <string.h>
- #include <sys/apparmor.h>
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
- #include <stdio.h>
- #include <unistd.h>
- 
- 
- int main(int argc, char *argv[]) {
-        int fd;
-        int tok;
-        char buf[10];
- 
-        /* random() is a poor choice */
-        tok = random();
- 
-        /* open /etc/passwd outside of any hat */
-        if ((fd=open("/etc/passwd", O_RDONLY)) < 0)
-                perror("Failure opening /etc/passwd");
- 
-        /* confirm for ourselves that we can really read /etc/passwd */
-        memset(&buf, 0, 10);
-        if (read(fd, &buf, 10) == -1) {
-                perror("Failure reading /etc/passwd pre-hat");
-                _exit(1);
-        }
-        buf[9] = '\0';
-        printf("/etc/passwd: %s\n", buf);
- 
-        /* change hat to the "hat" subprofile, which should not have
-         * read access to /etc/passwd -- even though we have a valid
-         * file descriptor at the time of the change_hat() call. */
-        if (change_hat("hat", tok)) {
-                perror("Failure changing hat -- aborting");
-                _exit(1);
-        }
- 
-        /* confirm that we cannot read /etc/passwd */
-        lseek(fd,0,SEEK_SET);
-        memset(&buf, 0, 10);
-        if (read(fd, &buf, 10) == -1)
-                perror("Failure reading /etc/passwd post-hat");
-        buf[9] = '\0';
-        printf("/etc/passwd: %s\n", buf);
- 
-        return 0;
- }
-
-
-This code example requires the following profile to be loaded with
-apparmor_parser(8):
-
- /tmp/ch {
-   /etc/ld.so.cache               mr,
-   /etc/locale/**                 r,
-   /etc/localtime                 r,
-   /usr/share/locale/**           r,
-   /usr/share/zoneinfo/**         r,
-   /usr/lib/locale/**             mr,
-   /usr/lib/gconv/*.so            mr,
-   /usr/lib/gconv/gconv-modules*  mr,
-
-   /lib/ld-*.so*         mrix,
-   /lib/libc*.so*        mr,
-   /lib/libapparmor*.so* mr,
-   /dev/pts/*            rw,
-   /tmp/ch               mr,
-
-   /etc/passwd           r,
-
-   ^hat {
-     /dev/pts/*     rw,
-   }
- }
-
-
-The output when run:
-
- $ /tmp/ch
- /etc/passwd: root:x:0:
- Failure reading /etc/passwd post-hat: Permission denied
- /etc/passwd:
- $
-
-
-=head1 BUGS
-
-None known. If you find any, please report them to bugzilla at
-L<http://bugzilla.novell.com>. Note that change_hat(2) provides no 
-memory barriers between different areas of a program; if address space
-separation is required, then separate processes should be used.
-
-=head1 SEE ALSO
-
-apparmor(7), apparmor.d(5), apparmor_parser(8), and
-L<http://forge.novell.com/modules/xfmod/project/?apparmor>.
-
-=cut

changehat/libapparmor-deprecated/libapparmor.map

@@ -1,13 +0,0 @@
-IMMUNIX_1.0 {
-  global:
-	change_hat;
-  local:
-	*;
-};
-
-APPARMOR_1.0 {
-  global:
-	change_hat;
-  local:
-	*;
-};

changehat/libapparmor-deprecated/libapparmor.spec.in

@@ -1,196 +0,0 @@
-# $Id$
-# ----------------------------------------------------------------------
-#    Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
-#
-#    This software is licensed under the terms of the GNU Lesser General
-#    Public License, version 2.1. Please see the file COPYING.LGPL.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU Lesser General Public
-#    License along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-#
-# norootforbuild
-#
-# Check first to see if distro is already defined. It should be defined
-# by our makefile
-%if ! %{?distro:1}0
-  %define distro suse
-%endif
-
-# Check to see what architecture we are building on so we know where
-# the lib should be installed.
-# Note: alpha and ia64 are 64bit systems but they have no 32 bit userland
-#       so they install their libs to /lib instead of /lib64
-# FIXME: will see what happens when we need to do a 64bit build on RHEL
-%ifarch x86_64 mips64 ppc64 sparc64 s390x 
-  %define build64 1
-%endif
-  # else anything that doesn't specifically have a lib64 dir
-  # i386 i686 mips ppc sparc arm alpha ia64
-
-Name: libapparmor
-Summary: Library to provide key AppArmor symbols
-Version: @@immunix_version@@
-Release: @@repo_version@@
-%if %distro == "suse"
-Group: System/Libraries
-%else
-Group: System Environment/Libraries
-%endif
-Source: %{name}-%{version}-@@repo_version@@.tar.gz
-License: LGPL
-BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
-URL: http://forge.novell.com/modules/xfmod/project/?apparmor
-BuildRequires: glibc-devel
-%if %{?build64:1}0
-#BuildRequires: linux32
-%endif
-Obsoletes: libimmunix
-Provides: libimmunix
-
-%description
-This package provides the libapparmor library, which contains the change_hat(2) 
-symbol, used for sub-process confinement by AppArmor. Applications that
-wish to make use of change_hat(2) need to link against this library.
-This package is part of a suite of tools that used to be named SubDomain.
-
-%prep
-%if %{?build64:1}0
-%setup -q -c -n %{name}32
-%setup -D -q
-%else
-%setup -q
-%endif
-
-
-%build
-[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
-
-%if %{?build64:1}0
-# build 32 bit version first
-%define CFLAGS32 "-g -O2 -Wall -Wstrict-prototypes -pipe -fpic -m32"
-%ifarch x86_64 
-%define env32 linux32
-%endif
-%ifarch mips64
-# FIXME don't know what's supposed to be here
-%define env32 mips32
-%endif
-%ifarch ppc64
-%define env32 powerpc32
-%endif
-%ifarch sparc64
-%define env32 sparc32
-%endif
-%ifarch s390x 
-%define env32 s390
-# s390 isn't actually 32bit it an odd ball 31bit machine
-%undefine CFLAGS32
-%define CFLAGS32 "-g -O2 -Wall -Wstrict-prototypes -pipe -fpic -m31"
-%endif
-# FIXME - disabled 32bit builds on 64bit platforms
-echo "FIXME - disabled 32bit builds on 64bit platforms"
-#%{env32} make CFLAGS=%{CFLAGS32} -C ../%{name}32/%{name}-%{version}
-%endif
-
-make CFLAGS="${RPM_OPT_FLAGS}"
-
-%install
-[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
-%if %{?build64:1}0
-  # FIXME - disabled 32bit builds on 64bit platforms
-  echo "FIXME - disabled 32bit installs on 64bit platforms"
-  #make install DESTDIR=${RPM_BUILD_ROOT} LIB=lib -C ../%{name}32/%{name}-%{version}
-%endif
-make install DESTDIR=${RPM_BUILD_ROOT} LIB=%{_lib} VERSION=%{version} \
-             RELEASE=%{release} MANDIR=%{_mandir}
-
-%clean
-[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
-
-# don't use -p here, breaks slackware package builds
-%post
-/sbin/ldconfig
-
-%postun
-/sbin/ldconfig
-
-%files
-%defattr (-,root,root)
-%if %{?build64:1}0
-# FIXME - disabled 32bit builds on 64bit platforms
-#/lib/lib*
-#/usr/lib/lib*
-%endif
-/%{_lib}/lib*
-%{_libdir}/lib*
-%{_prefix}/include/sys/*.h
-%doc COPYING.LGPL
-%{_mandir}/man*/*
-%doc *.[0-9].html
-%doc common/apparmor.css
-
-%changelog
-* Tue Apr  7 2007 - sbeattie@suse.de
-- Add change_hat manpage to package
-* Thu Jan 18 2007 - sbeattie@suse.de
-- Add a clean stage to remove buildroot to specfile
-* Fri Feb 17 2006 Seth Arnold <seth.arnold@suse.de> 2.0-4.1
-- use gettid() instead of /proc/self
-* Fri Feb 10 2006 Steve Beattie <sbeattie@suse.de> 2.0-3.2
-- Use RPM_OPT_FLAGS
-- Fix installed library version to match specfile version
-* Wed Feb  1 2006 Steve Beattie <sbeattie@suse.de> 2.0-3.1
-- Fix prototype to match change_hat(2) manpage
-* Mon Jan 23 2006 Steve Beattie <sbeattie@suse.de> 2.0-3
-- Rename to libapparmor.so and apparmor.h
-* Thu Jan  5 2006 Steve Beattie <sbeattie@suse.de> 2.0-2
-- Add svn repo number to tarball
-* Wed Dec  7 2005 Steve Beattie <sbeattie@suse.de> 2.0-1
-- Reset version for inclusion is SUSE autobuild
-* Wed Dec  7 2005 Steve Beattie <sbeattie@suse.de> 1.99-8
-- Disable 32bit builds on 64bit platforms for now
-* Mon Dec  5 2005 Steve Beattie <sbeattie@suse.de> 1.99-7
-- Rename package to libapparmor
-* Wed Aug 10 2005 Steve Beattie <sbeattie@suse.de> 1.99-6_imnx
-- Cleanup some of the deprecated exported symbols
-* Thu Aug  4 2005 John Johansen <jjohansen@novell.com> 1.99-5_imnx
-- and -m31 flag for s390
-* Mon Jul 11 2005 Steve Beattie <sbeattie@novell.com> 1.99-4_imnx
-- get rid of libimmunix_post_upgrade
-- Re-license to LGPL
-- update description
-* Fri May 27 2005 Steve Beattie <steve@immunix.com> 1.99-3_imnx
-- Clear token buffer before freeing.
-- Error handling cleanup.
-* Fri Feb 18 2005 Steve Beattie <steve@immunix.com> 1.99-2_imnx
-- Use the right command for the 32bit env on 64bit platforms
-- Support for 64bit builds on systems with combined 32/64 support
-* Fri Feb  4 2005 Seth Arnold <sarnold@immunix.com> 1.99-1_imnx
-- Reversion to 1.99
-* Mon Nov  8 2004 Steve Beattie <steve@immunix.com> 1.2-3_imnx
-- Finish conversion to slack-capable infrastructure.
-* Thu Oct 28 2004 Steve Beattie <steve@immunix.com> 1.2-2_imnx
-- Added a 'make install' target for prelim slack support
-* Tue Oct 12 2004 Steve Beattie <steve@immunix.com> 1.2-1_imnx
-- Bump version after shass-1.1 branched off
-* Thu Sep 23 2004 Steve Beattie <steve@immunix.com> 1.0-13_imnx
-- Vastly simplify the string handling in change_hat().
-* Thu Sep  9 2004 Steve Beattie <steve@immunix.com> 1.0-12_imnx
-- Conditionalize group the package shows up in.
-* Thu Sep  9 2004 Steve Beattie <steve@immunix.com> 1.0-11_imnx
-- Fix so change_hat functions correctly even when the token is zero.
-* Thu Sep  2 2004 Steve Beattie <steve@immunix.com> 1.0-10_imnx
-- Added that it provides %{_prefix}/sbin/libimmunix_post_upgrade, this
-  was somehow breaking yast.
-* Mon Aug 30 2004 Steve Beattie <steve@immunix.com> 1.0-9_imnx
-- Copyright cleanups.
-* Wed Jul 21 2004 Steve Beattie <steve@immunix.com> 1.0-8_imnx
-- add basis for conditional distro support
-* Thu May  28 2004 Tony Jons <tony@immunix.com> 1.0-7_imnx
-- Add "changehat" command word to start of string written to /proc/pid/attr

changehat/libapparmor-deprecated/libimmunix_warning.c

@@ -1,23 +0,0 @@
-/*   $Id$
-
-     Copyright (c) 2006 Novell, Inc. (All rights reserved)
-     The libimmunix library is licensed under the terms of the GNU
-     Lesser General Public License, version 2.1. Please see the file
-     COPYING.LGPL.
-
-*/
-
-#include <syslog.h>
-
-void __libimmunix_warning(void) __attribute__ ((constructor));
-void __libimmunix_warning(void)
-{
-	extern const char *__progname; /* global from linux crt0 */
-	openlog (__progname, LOG_PID|LOG_PERROR, LOG_USER);
-	syslog(LOG_NOTICE,
-			"%s links against libimmunix.so, which is deprecated. "
-			"Please link against libapparmor instead\n",
-			__progname);
-	closelog();
-
-}

changehat/libapparmor/COPYING.LGPL

@@ -1,504 +0,0 @@
-		  GNU LESSER GENERAL PUBLIC LICENSE
-		       Version 2.1, February 1999
-
- Copyright (C) 1991, 1999 Free Software Foundation, Inc.
-     51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-[This is the first released version of the Lesser GPL.  It also counts
- as the successor of the GNU Library Public License, version 2, hence
- the version number 2.1.]
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-Licenses are intended to guarantee your freedom to share and change
-free software--to make sure the software is free for all its users.
-
-  This license, the Lesser General Public License, applies to some
-specially designated software packages--typically libraries--of the
-Free Software Foundation and other authors who decide to use it.  You
-can use it too, but we suggest you first think carefully about whether
-this license or the ordinary General Public License is the better
-strategy to use in any particular case, based on the explanations below.
-
-  When we speak of free software, we are referring to freedom of use,
-not price.  Our General Public Licenses are designed to make sure that
-you have the freedom to distribute copies of free software (and charge
-for this service if you wish); that you receive source code or can get
-it if you want it; that you can change the software and use pieces of
-it in new free programs; and that you are informed that you can do
-these things.
-
-  To protect your rights, we need to make restrictions that forbid
-distributors to deny you these rights or to ask you to surrender these
-rights.  These restrictions translate to certain responsibilities for
-you if you distribute copies of the library or if you modify it.
-
-  For example, if you distribute copies of the library, whether gratis
-or for a fee, you must give the recipients all the rights that we gave
-you.  You must make sure that they, too, receive or can get the source
-code.  If you link other code with the library, you must provide
-complete object files to the recipients, so that they can relink them
-with the library after making changes to the library and recompiling
-it.  And you must show them these terms so they know their rights.
-
-  We protect your rights with a two-step method: (1) we copyright the
-library, and (2) we offer you this license, which gives you legal
-permission to copy, distribute and/or modify the library.
-
-  To protect each distributor, we want to make it very clear that
-there is no warranty for the free library.  Also, if the library is
-modified by someone else and passed on, the recipients should know
-that what they have is not the original version, so that the original
-author's reputation will not be affected by problems that might be
-introduced by others.
-
-  Finally, software patents pose a constant threat to the existence of
-any free program.  We wish to make sure that a company cannot
-effectively restrict the users of a free program by obtaining a
-restrictive license from a patent holder.  Therefore, we insist that
-any patent license obtained for a version of the library must be
-consistent with the full freedom of use specified in this license.
-
-  Most GNU software, including some libraries, is covered by the
-ordinary GNU General Public License.  This license, the GNU Lesser
-General Public License, applies to certain designated libraries, and
-is quite different from the ordinary General Public License.  We use
-this license for certain libraries in order to permit linking those
-libraries into non-free programs.
-
-  When a program is linked with a library, whether statically or using
-a shared library, the combination of the two is legally speaking a
-combined work, a derivative of the original library.  The ordinary
-General Public License therefore permits such linking only if the
-entire combination fits its criteria of freedom.  The Lesser General
-Public License permits more lax criteria for linking other code with
-the library.
-
-  We call this license the "Lesser" General Public License because it
-does Less to protect the user's freedom than the ordinary General
-Public License.  It also provides other free software developers Less
-of an advantage over competing non-free programs.  These disadvantages
-are the reason we use the ordinary General Public License for many
-libraries.  However, the Lesser license provides advantages in certain
-special circumstances.
-
-  For example, on rare occasions, there may be a special need to
-encourage the widest possible use of a certain library, so that it becomes
-a de-facto standard.  To achieve this, non-free programs must be
-allowed to use the library.  A more frequent case is that a free
-library does the same job as widely used non-free libraries.  In this
-case, there is little to gain by limiting the free library to free
-software only, so we use the Lesser General Public License.
-
-  In other cases, permission to use a particular library in non-free
-programs enables a greater number of people to use a large body of
-free software.  For example, permission to use the GNU C Library in
-non-free programs enables many more people to use the whole GNU
-operating system, as well as its variant, the GNU/Linux operating
-system.
-
-  Although the Lesser General Public License is Less protective of the
-users' freedom, it does ensure that the user of a program that is
-linked with the Library has the freedom and the wherewithal to run
-that program using a modified version of the Library.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.  Pay close attention to the difference between a
-"work based on the library" and a "work that uses the library".  The
-former contains code derived from the library, whereas the latter must
-be combined with the library in order to run.
-
-		  GNU LESSER GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License Agreement applies to any software library or other
-program which contains a notice placed by the copyright holder or
-other authorized party saying it may be distributed under the terms of
-this Lesser General Public License (also called "this License").
-Each licensee is addressed as "you".
-
-  A "library" means a collection of software functions and/or data
-prepared so as to be conveniently linked with application programs
-(which use some of those functions and data) to form executables.
-
-  The "Library", below, refers to any such software library or work
-which has been distributed under these terms.  A "work based on the
-Library" means either the Library or any derivative work under
-copyright law: that is to say, a work containing the Library or a
-portion of it, either verbatim or with modifications and/or translated
-straightforwardly into another language.  (Hereinafter, translation is
-included without limitation in the term "modification".)
-
-  "Source code" for a work means the preferred form of the work for
-making modifications to it.  For a library, complete source code means
-all the source code for all modules it contains, plus any associated
-interface definition files, plus the scripts used to control compilation
-and installation of the library.
-
-  Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running a program using the Library is not restricted, and output from
-such a program is covered only if its contents constitute a work based
-on the Library (independent of the use of the Library in a tool for
-writing it).  Whether that is true depends on what the Library does
-and what the program that uses the Library does.
-  
-  1. You may copy and distribute verbatim copies of the Library's
-complete source code as you receive it, in any medium, provided that
-you conspicuously and appropriately publish on each copy an
-appropriate copyright notice and disclaimer of warranty; keep intact
-all the notices that refer to this License and to the absence of any
-warranty; and distribute a copy of this License along with the
-Library.
-
-  You may charge a fee for the physical act of transferring a copy,
-and you may at your option offer warranty protection in exchange for a
-fee.
-
-  2. You may modify your copy or copies of the Library or any portion
-of it, thus forming a work based on the Library, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) The modified work must itself be a software library.
-
-    b) You must cause the files modified to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    c) You must cause the whole of the work to be licensed at no
-    charge to all third parties under the terms of this License.
-
-    d) If a facility in the modified Library refers to a function or a
-    table of data to be supplied by an application program that uses
-    the facility, other than as an argument passed when the facility
-    is invoked, then you must make a good faith effort to ensure that,
-    in the event an application does not supply such function or
-    table, the facility still operates, and performs whatever part of
-    its purpose remains meaningful.
-
-    (For example, a function in a library to compute square roots has
-    a purpose that is entirely well-defined independent of the
-    application.  Therefore, Subsection 2d requires that any
-    application-supplied function or table used by this function must
-    be optional: if the application does not supply it, the square
-    root function must still compute square roots.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Library,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Library, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote
-it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Library.
-
-In addition, mere aggregation of another work not based on the Library
-with the Library (or with a work based on the Library) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may opt to apply the terms of the ordinary GNU General Public
-License instead of this License to a given copy of the Library.  To do
-this, you must alter all the notices that refer to this License, so
-that they refer to the ordinary GNU General Public License, version 2,
-instead of to this License.  (If a newer version than version 2 of the
-ordinary GNU General Public License has appeared, then you can specify
-that version instead if you wish.)  Do not make any other change in
-these notices.
-
-  Once this change is made in a given copy, it is irreversible for
-that copy, so the ordinary GNU General Public License applies to all
-subsequent copies and derivative works made from that copy.
-
-  This option is useful when you wish to copy part of the code of
-the Library into a program that is not a library.
-
-  4. You may copy and distribute the Library (or a portion or
-derivative of it, under Section 2) in object code or executable form
-under the terms of Sections 1 and 2 above provided that you accompany
-it with the complete corresponding machine-readable source code, which
-must be distributed under the terms of Sections 1 and 2 above on a
-medium customarily used for software interchange.
-
-  If distribution of object code is made by offering access to copy
-from a designated place, then offering equivalent access to copy the
-source code from the same place satisfies the requirement to
-distribute the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  5. A program that contains no derivative of any portion of the
-Library, but is designed to work with the Library by being compiled or
-linked with it, is called a "work that uses the Library".  Such a
-work, in isolation, is not a derivative work of the Library, and
-therefore falls outside the scope of this License.
-
-  However, linking a "work that uses the Library" with the Library
-creates an executable that is a derivative of the Library (because it
-contains portions of the Library), rather than a "work that uses the
-library".  The executable is therefore covered by this License.
-Section 6 states terms for distribution of such executables.
-
-  When a "work that uses the Library" uses material from a header file
-that is part of the Library, the object code for the work may be a
-derivative work of the Library even though the source code is not.
-Whether this is true is especially significant if the work can be
-linked without the Library, or if the work is itself a library.  The
-threshold for this to be true is not precisely defined by law.
-
-  If such an object file uses only numerical parameters, data
-structure layouts and accessors, and small macros and small inline
-functions (ten lines or less in length), then the use of the object
-file is unrestricted, regardless of whether it is legally a derivative
-work.  (Executables containing this object code plus portions of the
-Library will still fall under Section 6.)
-
-  Otherwise, if the work is a derivative of the Library, you may
-distribute the object code for the work under the terms of Section 6.
-Any executables containing that work also fall under Section 6,
-whether or not they are linked directly with the Library itself.
-
-  6. As an exception to the Sections above, you may also combine or
-link a "work that uses the Library" with the Library to produce a
-work containing portions of the Library, and distribute that work
-under terms of your choice, provided that the terms permit
-modification of the work for the customer's own use and reverse
-engineering for debugging such modifications.
-
-  You must give prominent notice with each copy of the work that the
-Library is used in it and that the Library and its use are covered by
-this License.  You must supply a copy of this License.  If the work
-during execution displays copyright notices, you must include the
-copyright notice for the Library among them, as well as a reference
-directing the user to the copy of this License.  Also, you must do one
-of these things:
-
-    a) Accompany the work with the complete corresponding
-    machine-readable source code for the Library including whatever
-    changes were used in the work (which must be distributed under
-    Sections 1 and 2 above); and, if the work is an executable linked
-    with the Library, with the complete machine-readable "work that
-    uses the Library", as object code and/or source code, so that the
-    user can modify the Library and then relink to produce a modified
-    executable containing the modified Library.  (It is understood
-    that the user who changes the contents of definitions files in the
-    Library will not necessarily be able to recompile the application
-    to use the modified definitions.)
-
-    b) Use a suitable shared library mechanism for linking with the
-    Library.  A suitable mechanism is one that (1) uses at run time a
-    copy of the library already present on the user's computer system,
-    rather than copying library functions into the executable, and (2)
-    will operate properly with a modified version of the library, if
-    the user installs one, as long as the modified version is
-    interface-compatible with the version that the work was made with.
-
-    c) Accompany the work with a written offer, valid for at
-    least three years, to give the same user the materials
-    specified in Subsection 6a, above, for a charge no more
-    than the cost of performing this distribution.
-
-    d) If distribution of the work is made by offering access to copy
-    from a designated place, offer equivalent access to copy the above
-    specified materials from the same place.
-
-    e) Verify that the user has already received a copy of these
-    materials or that you have already sent this user a copy.
-
-  For an executable, the required form of the "work that uses the
-Library" must include any data and utility programs needed for
-reproducing the executable from it.  However, as a special exception,
-the materials to be distributed need not include anything that is
-normally distributed (in either source or binary form) with the major
-components (compiler, kernel, and so on) of the operating system on
-which the executable runs, unless that component itself accompanies
-the executable.
-
-  It may happen that this requirement contradicts the license
-restrictions of other proprietary libraries that do not normally
-accompany the operating system.  Such a contradiction means you cannot
-use both them and the Library together in an executable that you
-distribute.
-
-  7. You may place library facilities that are a work based on the
-Library side-by-side in a single library together with other library
-facilities not covered by this License, and distribute such a combined
-library, provided that the separate distribution of the work based on
-the Library and of the other library facilities is otherwise
-permitted, and provided that you do these two things:
-
-    a) Accompany the combined library with a copy of the same work
-    based on the Library, uncombined with any other library
-    facilities.  This must be distributed under the terms of the
-    Sections above.
-
-    b) Give prominent notice with the combined library of the fact
-    that part of it is a work based on the Library, and explaining
-    where to find the accompanying uncombined form of the same work.
-
-  8. You may not copy, modify, sublicense, link with, or distribute
-the Library except as expressly provided under this License.  Any
-attempt otherwise to copy, modify, sublicense, link with, or
-distribute the Library is void, and will automatically terminate your
-rights under this License.  However, parties who have received copies,
-or rights, from you under this License will not have their licenses
-terminated so long as such parties remain in full compliance.
-
-  9. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Library or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Library (or any work based on the
-Library), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Library or works based on it.
-
-  10. Each time you redistribute the Library (or any work based on the
-Library), the recipient automatically receives a license from the
-original licensor to copy, distribute, link with or modify the Library
-subject to these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties with
-this License.
-
-  11. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Library at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Library by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under any
-particular circumstance, the balance of the section is intended to apply,
-and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  12. If the distribution and/or use of the Library is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Library under this License may add
-an explicit geographical distribution limitation excluding those countries,
-so that distribution is permitted only in or among countries not thus
-excluded.  In such case, this License incorporates the limitation as if
-written in the body of this License.
-
-  13. The Free Software Foundation may publish revised and/or new
-versions of the Lesser General Public License from time to time.
-Such new versions will be similar in spirit to the present version,
-but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Library
-specifies a version number of this License which applies to it and
-"any later version", you have the option of following the terms and
-conditions either of that version or of any later version published by
-the Free Software Foundation.  If the Library does not specify a
-license version number, you may choose any version ever published by
-the Free Software Foundation.
-
-  14. If you wish to incorporate parts of the Library into other free
-programs whose distribution conditions are incompatible with these,
-write to the author to ask for permission.  For software which is
-copyrighted by the Free Software Foundation, write to the Free
-Software Foundation; we sometimes make exceptions for this.  Our
-decision will be guided by the two goals of preserving the free status
-of all derivatives of our free software and of promoting the sharing
-and reuse of software generally.
-
-			    NO WARRANTY
-
-  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
-WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
-EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
-OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
-KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
-LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
-THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
-WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
-AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
-FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
-CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
-LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
-RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
-FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
-SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-           How to Apply These Terms to Your New Libraries
-
-  If you develop a new library, and you want it to be of the greatest
-possible use to the public, we recommend making it free software that
-everyone can redistribute and change.  You can do so by permitting
-redistribution under these terms (or, alternatively, under the terms of the
-ordinary General Public License).
-
-  To apply these terms, attach the following notices to the library.  It is
-safest to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least the
-"copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the library's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This library is free software; you can redistribute it and/or
-    modify it under the terms of the GNU Lesser General Public
-    License as published by the Free Software Foundation; either
-    version 2.1 of the License, or (at your option) any later version.
-
-    This library is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
-Also add information on how to contact you by electronic and paper mail.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the library, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the
-  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
-
-  <signature of Ty Coon>, 1 April 1990
-  Ty Coon, President of Vice
-
-That's all there is to it!
-
-

changehat/libapparmor/src/Makefile.am

@@ -1,33 +0,0 @@
-INCLUDES = $(all_includes)
-
-BUILT_SOURCES = grammar.h scanner.h
-AM_LFLAGS = -v
-AM_YFLAGS = -d -p aalogparse_
-AM_CFLAGS = @CFLAGS@ -D_GNU_SOURCE -Wall
-scanner.h: scanner.l
-	$(LEX) -v $<
-
-scanner.c: scanner.l
-
-changehatdir = $(includedir)/sys
-changehat_HEADERS = apparmor.h
-
-aalogparsedir = $(includedir)/aalogparse
-aalogparse_HEADERS = aalogparse.h
-
-lib_LTLIBRARIES = libapparmor.la libimmunix.la
-noinst_HEADERS = grammar.h parser.h scanner.h
-
-libapparmor_la_SOURCES = grammar.y libaalogparse.c change_hat.c scanner.c
-libapparmor_la_LDFLAGS = -version-info 1:2:0 -XCClinker -dynamic \
-	-Wl,--version-script=libapparmor.map -Wl,-soname=libapparmor.so.1
-
-libimmunix_la_SOURCES = change_hat.c libimmunix_warning.c
-libimmunix_la_LDFLAGS = -version-info 1:2:0 -Wl,--version-script=libapparmor.map -Wl,-soname=libimmunix.so.1
-
-tst_aalogmisc_SOURCES = tst_aalogmisc.c
-tst_aalogmisc_LDADD = .libs/libapparmor.a
-check_PROGRAMS = tst_aalogmisc
-TESTS = $(check_PROGRAMS)
-
-EXTRA_DIST = grammar.y scanner.l libapparmor.map

changehat/libapparmor/src/apparmor.h

@@ -1,27 +0,0 @@
-/*   $Id: apparmor.h 132 2006-09-28 07:45:55Z steve-beattie $
-
-     Copyright (c) 2003-2007 Novell, Inc. (All rights reserved)
-
-     The libapparmor library is licensed under the terms of the GNU
-     Lesser General Public License, version 2.1. Please see the file
-     COPYING.LGPL.
-*/
-
-#ifndef _SYS_APPARMOR_H_
-#define _SYS_APPARMOR_H	1
-
-__BEGIN_DECLS
-
-/* Prototype for change_hat as defined by the AppArmor project
-   <http://forge.novell.com/modules/xfmod/project/?apparmor>
-   Please see the change_hat(2) manpage for information. */
-
-extern int (change_hat)(const char *subprofile, unsigned int magic_token);
-extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
-extern int aa_change_profile(const char *profile);
-
-#define change_hat(X, Y) aa_change_hat((X), (Y))
-
-__END_DECLS
-
-#endif	/* sys/apparmor.h */

changehat/libapparmor/src/change_hat.c

@@ -1,134 +0,0 @@
-/*   $Id: change_hat.c 13 2006-04-12 21:43:34Z steve-beattie $
-
-     Copyright (c) 2003-2007 Novell, Inc. (All rights reserved)
-
-     The libapparmor library is licensed under the terms of the GNU
-     Lesser General Public License, version 2.1. Please see the file
-     COPYING.LGPL.
-
-*/
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <limits.h>
-
-#define symbol_version(real, name, version) \
-		__asm__ (".symver " #real "," #name "@" #version)
-#define default_symbol_version(real, name, version) \
-		__asm__ (".symver " #real "," #name "@@" #version)
-
-static int setprocattr(const char *buf, int len)
-{
-	int rc = -1;
-	int fd, ret, ctlerr = 0;
-	char *ctl = NULL;
-	pid_t tid = syscall(SYS_gettid);
-
-	if (!buf) {
-		errno = EINVAL;
-		goto out;
-	}
-
-	ctlerr = asprintf(&ctl, "/proc/%d/attr/current", tid);
-	if (ctlerr < 0) {
-		goto out;
-	}
-
-	fd = open(ctl, O_WRONLY);
-	if (fd == -1) {
-		goto out;
-	}
-
-	ret = write(fd, buf, len);
-	if (ret != len) {
-		int saved;
-		if (ret != -1) {
-			errno = EPROTO;
-		}
-		saved = errno;
-		(void)close(fd);
-		errno = saved;
-		goto out;
-	}
-
-	rc = 0;
-	(void)close(fd);
-
-out:
-	if (ctl) {
-		free(ctl);
-	}
-	return rc;
-}
-
-int aa_change_hat(const char *subprofile, unsigned long token)
-{
-	int rc = -1;
-	int len = 0;
-	char *buf = NULL;
-	const char *fmt = "changehat %016x^%s";
-
-	/* both may not be null */
-	if (!(token || subprofile)) {
-		errno = EINVAL;
-		goto out;
-	}
-
-	if (subprofile && strnlen(subprofile, PATH_MAX + 1) > PATH_MAX) {
-		errno = EPROTO;
-		goto out;
-	}
-
-	len = asprintf(&buf, fmt, token, subprofile ? subprofile : "");
-	if (len < 0) {
-		goto out;
-	}
-
-	rc = setprocattr(buf, len);
-out:
-	if (buf) {
-		/* clear local copy of magic token before freeing */
-		memset(buf, '\0', len);
-		free(buf);
-	}
-	return rc;
-}
-
-/* original change_hat interface */
-int __change_hat(char *subprofile, unsigned int token)
-{
-	return aa_change_hat(subprofile, (unsigned long) token);
-}
-
-int aa_change_profile(const char *profile)
-{
-	char *buf = NULL;
-	int len;
-	int rc;
-
-	if (!profile) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	len = asprintf(&buf, "changeprofile %s", profile);
-	if (len < 0)
-		return -1;
-
-	rc = setprocattr(buf, len);
-
-	free(buf);
-	return rc;
-}
-
-/* create an alias for the old change_hat@IMMUNIX_1.0 symbol */
-extern typeof((__change_hat)) __old_change_hat __attribute__((alias ("__change_hat")));
-symbol_version(__old_change_hat, change_hat, IMMUNIX_1.0);
-default_symbol_version(__change_hat, change_hat, APPARMOR_1.0);

changehat/libapparmor/src/grammar.y

@@ -1,438 +0,0 @@
-/*
- *   Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
- *   NOVELL (All rights reserved)
- *
- *   This program is free software; you can redistribute it and/or
- *   modify it under the terms of version 2 of the GNU General Public
- *   License published by the Free Software Foundation.
- *
- *   This program is distributed in the hope that it will be useful,
- *   but WITHOUT ANY WARRANTY; without even the implied warranty of
- *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *   GNU General Public License for more details.
- *
- *   You should have received a copy of the GNU General Public License
- *   along with this program; if not, contact Novell, Inc.
- */
-
-
-%{
-
-#define YYDEBUG 0
-#include <string.h>
-#include "aalogparse.h"
-#include "parser.h"
-#include "grammar.h"
-#include "scanner.h"
-
-aa_log_record *ret_record;
-
-/* Since we're a library, on any errors we don't want to print out any
- * error messages. We should probably add a debug interface that does
- * emit messages when asked for. */
-void aalogparse_error(void *scanner, char const *s)
-{
-	/* printf("Error: %s\n", s); */
-	ret_record->event = AA_RECORD_INVALID;
-}
-
-struct aa_type_table {
-	unsigned int audit_type;
-	aa_record_event_type event;
-};
-
-static struct aa_type_table aa_type_table[] = {
-	{AUDIT_APPARMOR_AUDIT,   AA_RECORD_AUDIT},
-	{AUDIT_APPARMOR_ALLOWED, AA_RECORD_ALLOWED},
-	{AUDIT_APPARMOR_DENIED,  AA_RECORD_DENIED},
-	{AUDIT_APPARMOR_HINT,    AA_RECORD_HINT},
-	{AUDIT_APPARMOR_STATUS,  AA_RECORD_STATUS},
-	{AUDIT_APPARMOR_ERROR,   AA_RECORD_ERROR},
-	{0,                      AA_RECORD_INVALID},
-};
-
-aa_record_event_type lookup_aa_event(unsigned int type)
-{
-	int i;
-
-	for (i = 0; aa_type_table[i].audit_type != 0; i++)
-		if (type == aa_type_table[i].audit_type)
-			break;
-
-	return aa_type_table[i].event;
-}
-%}
-
-%defines
-%pure_parser
-%lex-param{void *scanner}
-%parse-param{void *scanner}
-
-%union
-{
-	char	*t_str;
-	long	t_long;
-}
-
-%type <t_str> old_profile safe_string protocol
-%token <t_long> TOK_DIGITS TOK_TYPE_UNKNOWN
-%token <t_str> TOK_QUOTED_STRING TOK_PATH TOK_ID TOK_NULL_COMPLAIN TOK_MODE TOK_DMESG_STAMP
-%token <t_str> TOK_SINGLE_QUOTED_STRING TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE_TIME
-%token <t_str> TOK_HEXSTRING TOK_TYPE_OTHER TOK_MSG_REST
-
-%token TOK_EQUALS
-%token TOK_COLON
-%token TOK_OPEN_PAREN
-%token TOK_CLOSE_PAREN
-%token TOK_PERIOD
-
-%token TOK_TYPE_REJECT
-%token TOK_TYPE_AUDIT
-%token TOK_TYPE_COMPLAIN
-%token TOK_TYPE_HINT
-%token TOK_TYPE_STATUS
-%token TOK_TYPE_ERROR
-%token TOK_OLD_TYPE_APPARMOR
-%token TOK_OLD_APPARMOR_REJECT
-%token TOK_OLD_APPARMOR_PERMIT
-%token TOK_OLD_APPARMOR_AUDIT
-%token TOK_OLD_APPARMOR_LOGPROF_HINT
-%token TOK_OLD_UNKNOWN_HAT
-%token TOK_OLD_ACTIVE
-%token TOK_OLD_UNKNOWN_PROFILE
-%token TOK_OLD_MISSING_PROFILE
-%token TOK_OLD_CHANGING_PROFILE
-%token TOK_OLD_ACCESS
-%token TOK_OLD_TO
-%token TOK_OLD_FROM
-%token TOK_OLD_PIPE
-%token TOK_OLD_EXTENDED
-%token TOK_OLD_ATTRIBUTE
-%token TOK_OLD_ON
-%token TOK_OLD_MKDIR
-%token TOK_OLD_RMDIR
-%token TOK_OLD_XATTR
-%token TOK_OLD_CHANGE
-%token TOK_OLD_CAPABILITY
-%token TOK_OLD_SYSCALL
-%token TOK_OLD_LINK
-%token TOK_OLD_FORK
-%token TOK_OLD_CHILD
-
-%token TOK_KEY_TYPE
-%token TOK_KEY_MSG
-%token TOK_KEY_OPERATION
-%token TOK_KEY_NAME
-%token TOK_KEY_NAME2
-%token TOK_KEY_DENIED_MASK
-%token TOK_KEY_REQUESTED_MASK
-%token TOK_KEY_ATTRIBUTE
-%token TOK_KEY_TASK
-%token TOK_KEY_PARENT
-%token TOK_KEY_MAGIC_TOKEN
-%token TOK_KEY_INFO
-%token TOK_KEY_PID
-%token TOK_KEY_PROFILE
-%token TOK_AUDIT
-%token TOK_KEY_IMAGE
-%token TOK_KEY_FAMILY
-%token TOK_KEY_SOCK_TYPE
-%token TOK_KEY_PROTOCOL
-
-%token TOK_SYSLOG_KERNEL
-
-%%
-
-log_message: audit_type
-	| syslog_type
-	;
-
-audit_type: TOK_KEY_TYPE TOK_EQUALS type_syntax ;
-
-type_syntax: old_syntax { ret_record->version = AA_RECORD_SYNTAX_V1; }
-	| new_syntax { ret_record->version = AA_RECORD_SYNTAX_V2; }
-	| other_audit
-	;
-
-old_syntax: TOK_OLD_TYPE_APPARMOR audit_msg old_msg
-	| TOK_TYPE_UNKNOWN audit_msg old_msg
-	;
-
-new_syntax:
-	  TOK_TYPE_REJECT audit_msg key_list { ret_record->event = AA_RECORD_DENIED; }
-	| TOK_TYPE_AUDIT audit_msg key_list { ret_record->event = AA_RECORD_AUDIT; }
-	| TOK_TYPE_COMPLAIN audit_msg key_list { ret_record->event = AA_RECORD_ALLOWED; }
-	| TOK_TYPE_HINT audit_msg key_list { ret_record->event = AA_RECORD_HINT; }
-	| TOK_TYPE_STATUS audit_msg key_list { ret_record->event = AA_RECORD_STATUS; }
-	| TOK_TYPE_ERROR audit_msg key_list { ret_record->event = AA_RECORD_ERROR; }
-	| TOK_TYPE_UNKNOWN audit_msg key_list { ret_record->event = lookup_aa_event($1); }
-	;
-
-other_audit: TOK_TYPE_OTHER audit_msg TOK_MSG_REST
-	{
-		ret_record->operation = $1;
-		ret_record->event = AA_RECORD_INVALID;
-		ret_record->info = $3;
-	}
-	;
-
-syslog_type:
-	  syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id old_msg
-	  { ret_record->version = AA_RECORD_SYNTAX_V1; }
-	| syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
-	  { ret_record->version = AA_RECORD_SYNTAX_V2; }
-	| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP audit_id key_list
-	  { ret_record->version = AA_RECORD_SYNTAX_V2; }
-	;
-
-old_msg:
-	  old_permit_reject_type old_permit_reject_syntax
-	| TOK_OLD_APPARMOR_LOGPROF_HINT old_logprof_syntax { ret_record->event = AA_RECORD_HINT; }
-	;
-
-old_permit_reject_type:
-	  TOK_OLD_APPARMOR_REJECT { ret_record->event = AA_RECORD_DENIED; }
-	| TOK_OLD_APPARMOR_PERMIT { ret_record->event = AA_RECORD_ALLOWED; }
-	| TOK_OLD_APPARMOR_AUDIT  { ret_record->event = AA_RECORD_AUDIT; }
-	;
-
-old_permit_reject_syntax:
-	  TOK_MODE TOK_OLD_ACCESS old_permit_reject_path_pipe_extended
-		TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
-	{
-		ret_record->requested_mask = $1;
-		ret_record->operation = strdup("access");
-	}
-	| dir_action TOK_OLD_ON TOK_PATH
-		TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
-	{
-		ret_record->name = $3;
-	}
-	| TOK_OLD_XATTR TOK_ID TOK_OLD_ON TOK_PATH
-		TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
-	{
-		ret_record->operation = strdup("xattr");
-		ret_record->attribute = $2;
-		ret_record->name = $4;
-	}
-	| TOK_KEY_ATTRIBUTE TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
-		TOK_OLD_CHANGE TOK_OLD_TO TOK_PATH
-		TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
-	{
-		ret_record->operation = strdup("setattr");
-		ret_record->attribute = $3;
-		ret_record->name = $7;
-	}
-	| TOK_OLD_ACCESS TOK_OLD_TO TOK_OLD_CAPABILITY TOK_SINGLE_QUOTED_STRING
-		TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
-	{
-		ret_record->operation = strdup("capability");
-		ret_record->name = $4;
-	}
-	| TOK_OLD_ACCESS TOK_OLD_TO TOK_OLD_SYSCALL TOK_SINGLE_QUOTED_STRING
-		TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
-	{
-		ret_record->operation = strdup("syscall");
-		ret_record->name = $4;
-	}
-	| TOK_OLD_LINK TOK_OLD_ACCESS TOK_OLD_FROM TOK_PATH TOK_OLD_TO TOK_PATH
-		TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
-	{
-		ret_record->requested_mask = strdup("l");
-		ret_record->name = $4;
-		ret_record->name2 = $6;
-	}
-	;
-
-dir_action:
-	  TOK_OLD_MKDIR { ret_record->operation = strdup("mkdir"); }
-	| TOK_OLD_RMDIR { ret_record->operation = strdup("rmdir"); }
-	;
-
-old_process_state:
-	  TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN old_profile_names
-	{
-		ret_record->info = $1;
-		ret_record->pid = atol($3);
-		free($3);
-	}
-	;
-
-old_profile_names:
-	  TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile
-	{	ret_record->profile = $2;
-		ret_record->active_hat = $4;
-	}
-	;
-
-old_permit_reject_path_pipe_extended:
-	  TOK_OLD_TO TOK_PATH
-		{
-			ret_record->name = $2;
-		}
-	| TOK_OLD_TO TOK_OLD_PIPE /* Frankly, I don't think this is used */
-		{
-			ret_record->info = strdup("pipe");
-		}
-	| TOK_OLD_EXTENDED TOK_KEY_ATTRIBUTE /* Nor this */
-		{
-			ret_record->info = strdup("extended attribute");
-		}
-	;
-old_logprof_syntax:
-	  old_logprof_syntax2 key_pid
-		TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
-		{
-			ret_record->profile = strdup($5);
-			free($5);
-			ret_record->active_hat = strdup($8);
-			free($8);
-		}
-	| old_logprof_fork_syntax
-	| TOK_OLD_CHANGING_PROFILE key_pid
-	  { ret_record->profile = strdup("null-complain-profile"); }
-	;
-
-old_logprof_syntax2:
-	  TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
-		{
-			ret_record->operation = strdup("profile_set");
-			ret_record->info = strdup("unknown profile");
-			ret_record->name = strdup($4);
-			free($4);
-		}
-	| TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
-		{
-			ret_record->operation = strdup("exec");
-			ret_record->info = strdup("mandatory profile missing");
-			ret_record->name = strdup($4);
-			free($4);
-		}
-	| TOK_OLD_UNKNOWN_HAT TOK_ID
-		{
-			ret_record->operation = strdup("change_hat");
-			ret_record->name = strdup($2);
-			free($2);
-			ret_record->info = strdup("unknown_hat");
-		}
-	;
-
-/* TODO: Clean this up */
-old_logprof_fork_syntax:
-	  TOK_OLD_FORK key_pid
-		TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
-	{
-		ret_record->operation = strdup("clone");
-		ret_record->task = $5;
-	}
-	;
-
-old_logprof_fork_addition:
-	/* Nothin */
-	| TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
-	{
-		ret_record->profile = $3;
-		ret_record->active_hat = $6;
-	}
-	;
-
-old_profile:
-	  TOK_PATH { $$ = $1; }
-	| TOK_ID   { $$ = $1; }
-	| TOK_NULL_COMPLAIN { $$ = strdup("null-complain-profile"); }
-	;
-
-audit_msg: TOK_KEY_MSG TOK_EQUALS audit_id
-	;
-
-audit_id: TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
-	{
-		asprintf(&ret_record->audit_id, "%s.%s:%s", $3, $5, $7);
-		ret_record->epoch = atol($3);
-		ret_record->audit_sub_id = atoi($7);
-		free($3);
-		free($5);
-		free($7);
-	} ;
-
-syslog_date: TOK_DATE_MONTH TOK_DIGITS TOK_DATE_TIME { /* do nothing? */ }
-	;
-
-key_list: key
-	| key_list key
-	;
-
-key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
-	{ ret_record->operation = $3;}
-	| TOK_KEY_NAME TOK_EQUALS safe_string
-	{ ret_record->name = $3;}
-	| TOK_KEY_NAME2 TOK_EQUALS safe_string
-	{ ret_record->name2 = $3;}
-	| TOK_KEY_DENIED_MASK TOK_EQUALS TOK_QUOTED_STRING
-	{ ret_record->denied_mask = $3;}
-	| TOK_KEY_REQUESTED_MASK TOK_EQUALS TOK_QUOTED_STRING
-	{ ret_record->requested_mask = $3;}
-	| TOK_KEY_ATTRIBUTE TOK_EQUALS TOK_QUOTED_STRING 
-	{ ret_record->attribute = $3;}
-	| TOK_KEY_TASK TOK_EQUALS TOK_DIGITS
-	{ ret_record->task = $3;}
-	| TOK_KEY_PARENT TOK_EQUALS TOK_DIGITS
-	{ ret_record->parent = $3;}
-	| TOK_KEY_MAGIC_TOKEN TOK_EQUALS TOK_DIGITS
-	{ ret_record->magic_token = $3;}
-	| TOK_KEY_INFO TOK_EQUALS TOK_QUOTED_STRING
-	{ ret_record->info = $3;}
-	| key_pid
-	| TOK_KEY_PROFILE TOK_EQUALS safe_string
-	{ ret_record->profile = $3;}
-	| TOK_KEY_FAMILY TOK_EQUALS TOK_QUOTED_STRING
-	{ ret_record->net_family = $3;}
-	| TOK_KEY_SOCK_TYPE TOK_EQUALS TOK_QUOTED_STRING
-	{ ret_record->net_sock_type = $3;}
-	| TOK_KEY_PROTOCOL TOK_EQUALS protocol
-	{ ret_record->net_protocol = $3;}
-	| TOK_KEY_TYPE TOK_EQUALS TOK_DIGITS
-	{ ret_record->event = lookup_aa_event($3);}
-	;
-
-key_pid: TOK_KEY_PID TOK_EQUALS TOK_DIGITS { ret_record->pid = $3; }
-	;
-
-safe_string: TOK_QUOTED_STRING
-	| TOK_HEXSTRING
-	;
-
-protocol: TOK_QUOTED_STRING
-	| TOK_DIGITS
-	{ /* FIXME: this should probably convert back to a string proto name */
-	  char *ret = NULL;
-	  if (asprintf(&ret, "%ld", $1) < 0)
-	  	yyerror(NULL, "Unable to allocate protocol string");
-	  $$ = ret;
-	}
-	;
-%%
-
-aa_log_record *
-_parse_yacc(char *str)
-{
-	/* yydebug = 1;  */
-	YY_BUFFER_STATE lex_buf;
-	yyscan_t scanner;
-	int parser_return;
-
-	ret_record = NULL;
-	ret_record = (aa_log_record *) malloc(sizeof(aa_log_record));
-
-	_init_log_record(ret_record);
-
-	if (ret_record == NULL)
-		return NULL;
-
-	aalogparse_lex_init(&scanner);
-	lex_buf = aalogparse__scan_string(str, scanner);
-	parser_return = aalogparse_parse(scanner);
-	aalogparse__delete_buffer(lex_buf, scanner);
-	aalogparse_lex_destroy(scanner);
-	return ret_record;
-}

changehat/libapparmor/src/libapparmor.map

@@ -1,25 +0,0 @@
-IMMUNIX_1.0 {
-  global:
-        change_hat;
-  local:
-        *;
-};
-
-APPARMOR_1.0 {
-  global:
-        change_hat;
-        parse_record;
-        free_record;
-  local:
-        *;
-} IMMUNIX_1.0;
-
-APPARMOR_1.1 {
-  global:
-        aa_change_hat;
-        aa_change_profile;
-        parse_record;
-        free_record;
-  local:
-	*;
-} APPARMOR_1.0;

changehat/libapparmor/src/libimmunix_warning.c

@@ -1,23 +0,0 @@
-/*   $Id: libimmunix_warning.c 13 2006-04-12 21:43:34Z steve-beattie $
-
-     Copyright (c) 2006 Novell, Inc. (All rights reserved)
-     The libimmunix library is licensed under the terms of the GNU
-     Lesser General Public License, version 2.1. Please see the file
-     COPYING.LGPL.
-
-*/
-
-#include <syslog.h>
-
-void __libimmunix_warning(void) __attribute__ ((constructor));
-void __libimmunix_warning(void)
-{
-	extern const char *__progname; /* global from linux crt0 */
-	openlog (__progname, LOG_PID|LOG_PERROR, LOG_USER);
-	syslog(LOG_NOTICE,
-			"%s links against libimmunix.so, which is deprecated. "
-			"Please link against libapparmor instead\n",
-			__progname);
-	closelog();
-
-}

changehat/libapparmor/src/parser.h

@@ -1,36 +0,0 @@
-/*
- *   Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
- *   NOVELL (All rights reserved)
- *
- *   This program is free software; you can redistribute it and/or
- *   modify it under the terms of version 2 of the GNU General Public
- *   License published by the Free Software Foundation.
- *
- *   This program is distributed in the hope that it will be useful,
- *   but WITHOUT ANY WARRANTY; without even the implied warranty of
- *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *   GNU General Public License for more details.
- *
- *   You should have received a copy of the GNU General Public License
- *   along with this program; if not, contact Novell, Inc.
- */
-
-
-#ifndef __AA_LOG_PARSER_H__
-#define __AA_LOG_PARSER_H__
-
-extern void _init_log_record(aa_log_record *record);
-extern aa_log_record *_parse_yacc(char *str);
-extern char *hex_to_string(char *str);
-
-/* FIXME: this ought to be pulled from <linux/audit.h> but there's no
- * guarantee these will exist there. */
-#define AUDIT_APPARMOR_AUDIT    1501    /* AppArmor audited grants */
-#define AUDIT_APPARMOR_ALLOWED  1502    /* Allowed Access for learning */
-#define AUDIT_APPARMOR_DENIED   1503
-#define AUDIT_APPARMOR_HINT     1504    /* Process Tracking information */
-#define AUDIT_APPARMOR_STATUS   1505    /* Changes in config */
-#define AUDIT_APPARMOR_ERROR    1506    /* Internal AppArmor Errors */
-
-#endif
-

changehat/libapparmor/src/tst_aalogmisc.c

@@ -1,35 +0,0 @@
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include "aalogparse.h"
-#include "parser.h"
-
-
-#define MY_TEST(statement, error)               \
-	if (!(statement)) {                     \
-		fprintf(stderr, "FAIL: %s\n", error); \
-		rc = 1; \
-	}
-
-int main(void)
-{
-	int rc = 0;
-	char *retstr = NULL;
-
-	retstr = hex_to_string(NULL);
-	MY_TEST(!retstr, "basic NULL test");
-
-	retstr = hex_to_string("2F746D702F646F6573206E6F74206578697374");
-	MY_TEST(retstr, "basic allocation");
-	MY_TEST(strcmp(retstr, "/tmp/does not exist") == 0, "basic dehex 1");
-
-	retstr = hex_to_string("61");
-	MY_TEST(strcmp(retstr, "a") == 0, "basic dehex 2");
-
-	retstr = hex_to_string("");
-	MY_TEST(strcmp(retstr, "") == 0, "empty string");
-
-	return rc;
-}
-
-

changehat/libapparmor/swig/SWIG/libapparmor.i

@@ -1,14 +0,0 @@
-%module LibAppArmor
-
-%{
-#include "aalogparse.h"
-extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
-extern int aa_change_profile(const char *profile, unsigned long magic_token);
-
-%}
-
-%include "typemaps.i"
-%include "aalogparse.h"
-extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
-extern int aa_change_profile(const char *profile, unsigned long magic_token);
-

changehat/libapparmor/swig/perl/Makefile.PL

@@ -1,9 +0,0 @@
-use ExtUtils::MakeMaker;
-
-use vars qw($CCFLAGS $OBJECT $VERSION $OPTIMIZE);
-
-WriteMakefile(
-	'NAME'			=>	'LibAppArmor',
-	'MAKEFILE'		=>	'Makefile.perl',
-	'FIRST_MAKEFILE'	=>	'Makefile.perl',
-	);

changehat/libapparmor/swig/perl/Makefile.am

@@ -1,34 +0,0 @@
-if HAVE_PERL
-
-PERL_MAKEFILE = Makefile.perl
-
-WRAPPER_SOURCES = libapparmor_wrap.c LibAppArmor.pm
-
-all-local: .build-stamp
-
-.build-stamp: $(WRAPPER_SOURCES) $(PERL_MAKEFILE)
-	make -f $(PERL_MAKEFILE)
-	touch .build-stamp
-
-check-local: .build-stamp
-	make -f $(PERL_MAKEFILE) test
-
-install-exec-local: .build-stamp
-	make -f $(PERL_MAKEFILE) install_vendor
-
-clean-local: $(PERL_MAKEFILE)
-	make -f $(PERL_MAKEFILE) clean
-	rm -f $(PERL_MAKEFILE).old
-	rm -rf build
-
-$(PERL_MAKEFILE): Makefile.PL
-	$(PERL) Makefile.PL VERSION="0.1" OBJECT="../../src/.libs/libapparmor.so libapparmor_wrap.o" CCFLAGS="-I../../src -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -Wdeclaration-after-statement" OPTIMIZE="$(CFLAGS) -shared -I$(includedir) -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -Wdeclaration-after-statement"
-
-
-$(WRAPPER_SOURCES): ../SWIG/*.i
-	$(SWIG) -perl -I../../src -I../SWIG -o libapparmor_wrap.c libapparmor.i
-
-endif
-
-EXTRA_DIST = Makefile.PL $(WRAPPER_SOURCES) examples/*.pl
-

changehat/libapparmor/swig/perl/examples/example.pl

@@ -1,15 +0,0 @@
-require LibAppArmor;
-
-$msg = "type=APPARMOR msg=audit(1168662182.495:58): PERMITTING r access to /home/matt/projects/change_hat_test/test (test_hat(27871) profile /home/matt/projects/change_hat_test/test_hat active null-complain-profile)";
-
-my($test) = AppArmorLogRecordParser::parse_record($msg);
-
-if (AppArmorLogRecordParser::aa_log_record::swig_event_get($test) == $AppArmorLogRecordParser::AA_RECORD_ALLOWED )
-{
-	print "AA_RECORD_ALLOWED\n";
-}
-
-print "Audit ID: " . AppArmorLogRecordParser::aa_log_record::swig_audit_id_get($test) . "\n";
-print "PID: " . AppArmorLogRecordParser::aa_log_record::swig_pid_get($test) . "\n";
-
-AppArmorLogRecordParser::free_record($test);

changehat/libapparmor/swig/python/Makefile.am

@@ -1,17 +0,0 @@
-if HAVE_PYTHON
-BUILT_SOURCES = libapparmor_wrap.c
-
-SWIG_SOURCES = ../SWIG/libapparmor.i
-
-
-pkgpython_PYTHON = LibAppArmor.py
-pkgpyexec_LTLIBRARIES = _libapparmor.la
-_libapparmor_la_SOURCES = libapparmor_wrap.c $(SWIG_SOURCES)
-_libapparmor_la_CPPFLAGS = $(SWIG_PYTHON_CFLAGS) -I$(top_srcdir)/src -I/usr/include/python
-_libapparmor_la_LDFLAGS = -module
-_libapparmor_la_LIBADD = ../../src/.libs/libapparmor.so
-
-libapparmor_wrap.c: $(SWIG_SOURCES)
-	$(SWIG) -python -I$(top_srcdir)/src -o $@ $<
-
-endif 

changehat/libapparmor/swig/ruby/Makefile.am

@@ -1,24 +0,0 @@
-if HAVE_RUBY
-
-RUBY_MAKEFILE = Makefile.ruby
-
-WRAPPER_FILES = LibAppArmor_wrap.* LibAppArmor.so extension.mak .build-stamp
-
-BUILT_SOURCES = LibAppArmor_wrap.c
-
-all-local: .build-stamp
-
-.build-stamp: LibAppArmor_wrap.c
-	CFLAGS="$(CFLAGS) -I../../src" $(RUBY) extconf.rb build
-	touch .build-stamp
-
-install-exec-local: .build-stamp
-	make -f $(RUBY_MAKEFILE) install
-
-LibAppArmor_wrap.c: ../SWIG/*.i
-	$(SWIG) -ruby -I../SWIG -I../../src -o ./LibAppArmor_wrap.c libapparmor.i
-
-endif 
-
-EXTRA_DIST = extconf.rb $(BUILT_SOURCES) examples/*.rb
-

changehat/libapparmor/swig/ruby/extconf.rb

@@ -1,76 +0,0 @@
-require 'mkmf'
-require 'ftools'
-
-$CFLAGS   += " " + (ENV['CFLAGS'] || "") + (ENV['CXXFLAGS'] || "")
-$LDFLAGS = "../../src/.libs/libapparmor.so"
-
-def usage
-	puts <<EOF
-Usage: ruby extconf.rb command
-	build				Build the extension
-	clean				Clean the source directory
-	install				Install the extention
-	test				Test the extension
-	wrap				Generate SWIG wrappers
-EOF
-	exit
-end
-
-cmd = ARGV.shift or usage()
-cmd = cmd.downcase
-
-usage() unless ['build', 'clean', 'install', 'test', 'wrap'].member? cmd
-usage() if ARGV.shift
-
-class Commands
-	def initialize(&block)
-		@block = block
-	end
-	
-	def execute
-		@block.call
-	end
-end
-
-Build = Commands.new {
-	# I don't think we can tell mkmf to generate a makefile with a different name
-	if File.exists?("Makefile")
-		File.rename("Makefile", "Makefile.old")
-	end
-	create_makefile('LibAppArmor')
-	File.rename("Makefile", "Makefile.ruby")
-	if File.exists?("Makefile.old")
-		File.rename("Makefile.old", "Makefile")
-	end
-	system("make -f Makefile.ruby")
-}
-Install = Commands.new {
-    Build.execute
-    if defined? Prefix
-        # strip old prefix and add the new one
-        oldPrefix = Config::CONFIG["prefix"]
-        if defined? Debian
-          archDir = Config::CONFIG["archdir"]
-          libDir = Config::CONFIG["rubylibdir"]
-        else
-          archDir = Config::CONFIG["sitearchdir"]
-          libDir = Config::CONFIG["sitelibdir"]
-        end
-        archDir    = Prefix + archDir.gsub(/^#{oldPrefix}/,"")
-        libDir     = Prefix + libDir.gsub(/^#{oldPrefix}/,"")
-    else
-        archDir    = Config::CONFIG["sitearchdir"]
-        libDir     = Config::CONFIG["sitelibdir"]
-    end
-    [archDir,libDir].each { |path| File.makedirs path }
-     	 binary = 'LibAppArmor.so'
-    File.install "./"+binary, archDir+"/"+binary, 0555, true
-    File.install "./LibAppArmor.so", libDir+"/LibAppArmor.so", 0555, true
-}
-
-availableCommands = {
-	"build"	=> Build,
-	"install" => Install
-}
-
-availableCommands[cmd].execute

changehat/libapparmor/testsuite/test_multi/testcase10.out

@@ -1,11 +0,0 @@
-START
-File: test_multi/testcase10.in
-Event type: AA_RECORD_HINT
-Audit ID: 1168661976.062:55
-Operation: clone
-Profile: /home/matt/projects/change_hat_test/test_hat
-Task: 38229
-PID: 27764
-Active hat: /home/matt/projects/change_hat_test/test_hat
-Epoch: 1168661976
-Audit subid: 55

changehat/libapparmor/testsuite/test_multi/testcase11.out

@@ -1,9 +0,0 @@
-START
-File: test_multi/testcase11.in
-Event type: AA_RECORD_HINT
-Audit ID: 1168661976.062:55
-Operation: clone
-Task: 38229
-PID: 27764
-Epoch: 1168661976
-Audit subid: 55

changehat/libapparmor/testsuite/test_multi/testcase18.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase18.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1157215966.604:46
-Operation: access
-Mask: r
-Profile: /usr/sbin/httpd2-prefork
-Name: /bin/df
-Info: sh
-PID: 7902
-Active hat: SYSINFO
-Epoch: 1157215966
-Audit subid: 46

changehat/libapparmor/testsuite/test_multi/testcase19.out

@@ -1,8 +0,0 @@
-START
-File: test_multi/testcase19.in
-Event type: AA_RECORD_HINT
-Audit ID: 1164007073.953:518
-Profile: null-complain-profile
-PID: 29420
-Epoch: 1164007073
-Audit subid: 518

changehat/libapparmor/testsuite/test_multi/testcase2.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase2.in
-Event type: AA_RECORD_ALLOWED
-Audit ID: 1168662182.495:58
-Operation: access
-Mask: r
-Profile: /home/matt/projects/change_hat_test/test_hat
-Name: /home/matt/projects/change_hat_test/test
-Info: test_hat
-PID: 27871
-Active hat: null-complain-profile
-Epoch: 1168662182
-Audit subid: 58

changehat/libapparmor/testsuite/test_multi/testcase20.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase20.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1167188680.127:54
-Operation: access
-Mask: r
-Profile: /bin/freak-aa-out
-Name: /bin/freak-aa-out
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
-Epoch: 1167188680
-Audit subid: 54

changehat/libapparmor/testsuite/test_multi/testcase23.in

@@ -1 +0,0 @@
-Sep 13 13:11:13 lizaveta kernel: AppArmor: REJECTING exec(2) of image '/usr/lib/mailman/mail/mailman'. Profile mandatory and not found (local(20700) profile /usr/lib/postfix/local active /usr/lib/postfix/local)

changehat/libapparmor/testsuite/test_multi/testcase27.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase27.in
-Event type: AA_RECORD_AUDIT
-Audit ID: 1177962426.395:2107
-Operation: access
-Mask: mr
-Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/changehat_wrapper
-Name: /lib/ld-2.4.so
-Info: open
-PID: 7139
-Active hat: open
-Epoch: 1177962426
-Audit subid: 2107

changehat/libapparmor/testsuite/test_multi/testcase28.out

@@ -1,12 +0,0 @@
-START
-File: test_multi/testcase28.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1173790298.651:1662
-Operation: syscall
-Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
-Name: ptrace
-Info: syscall_ptrace
-PID: 25210
-Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
-Epoch: 1173790298
-Audit subid: 1662

changehat/libapparmor/testsuite/test_multi/testcase29.out

@@ -1,12 +0,0 @@
-START
-File: test_multi/testcase29.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1173790298.983:1669
-Operation: syscall
-Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
-Name: sysctl (write)
-Info: syscall_sysctl
-PID: 25423
-Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
-Epoch: 1173790298
-Audit subid: 1669

changehat/libapparmor/testsuite/test_multi/testcase3.out

@@ -1,12 +0,0 @@
-START
-File: test_multi/testcase3.in
-Event type: AA_RECORD_HINT
-Audit ID: 1168661976.062:55
-Operation: change_hat
-Profile: /home/matt/projects/change_hat_test/test_hat
-Name: TESTHAT
-Info: unknown_hat
-PID: 27764
-Active hat: /home/matt/projects/change_hat_test/test_hat
-Epoch: 1168661976
-Audit subid: 55

changehat/libapparmor/testsuite/test_multi/testcase30.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase30.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1177962395.525:1837
-Mask: l
-Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
-Name: /tmp/sdtest.3676-13458-it3683/target
-Name2: /tmp/sdtest.3676-13458-it3683/src
-Info: link
-PID: 3823
-Active hat: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
-Epoch: 1177962395
-Audit subid: 1837

changehat/libapparmor/testsuite/test_multi/testcase4.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase4.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1167188680.127:54
-Operation: access
-Mask: r
-Profile: /bin/freak-aa-out
-Name: /bin/freak-aa-out
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
-Epoch: 1167188680
-Audit subid: 54

changehat/libapparmor/testsuite/test_multi/testcase5.out

@@ -1,12 +0,0 @@
-START
-File: test_multi/testcase5.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1167188680.127:54
-Operation: mkdir
-Profile: /bin/freak-aa-out
-Name: /path/to/something
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
-Epoch: 1167188680
-Audit subid: 54

changehat/libapparmor/testsuite/test_multi/testcase6.out

@@ -1,12 +0,0 @@
-START
-File: test_multi/testcase6.in
-Event type: AA_RECORD_ALLOWED
-Audit ID: 1167188680.127:54
-Operation: rmdir
-Profile: /bin/freak-aa-out
-Name: /path/to/something
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
-Epoch: 1167188680
-Audit subid: 54

changehat/libapparmor/testsuite/test_multi/testcase7.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase7.in
-Event type: AA_RECORD_DENIED
-Audit ID: 1167188680.127:54
-Operation: xattr
-Profile: /bin/freak-aa-out
-Name: /path/to/something
-Attribute: set
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
-Epoch: 1167188680
-Audit subid: 54

changehat/libapparmor/testsuite/test_multi/testcase8.out

@@ -1,13 +0,0 @@
-START
-File: test_multi/testcase8.in
-Event type: AA_RECORD_ALLOWED
-Audit ID: 1167188680.127:54
-Operation: setattr
-Profile: /bin/freak-aa-out
-Name: /else
-Attribute: something
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
-Epoch: 1167188680
-Audit subid: 54

changehat/libapparmor/testsuite/test_multi/testcase9.out

@@ -1,12 +0,0 @@
-START
-File: test_multi/testcase9.in
-Event type: AA_RECORD_ALLOWED
-Audit ID: 1167188680.127:54
-Operation: capability
-Profile: /bin/freak-aa-out
-Name: cap
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
-Epoch: 1167188680
-Audit subid: 54

changehat/mod_apparmor/Makefile

@@ -1,4 +1,3 @@
-#	$Id$
 # ----------------------------------------------------------------------
 #    Copyright (c) 2004, 2005 NOVELL (All rights reserved)
 #
@@ -42,16 +41,15 @@ APXS:=$(shell if [ -x "/usr/sbin/apxs2" ] ; then \
 	      fi ) 
 APXS_INSTALL_DIR=$(shell ${APXS} -q LIBEXECDIR)
 DESTDIR=
-LIBAPPARMOR_FLAGS=$(shell if [ -f /usr/lib/libapparmor.so -o -f /usr/lib64/libapparmor.so ] ; then \
-				echo -lapparmor ; \
-			  else \
-			  	echo -DUSE_COMPAT_IMMUNIX_H -limmunix ;\
-			  fi)
+# Need to pass -Wl twice here to get past both apxs2 and libtool, as
+# libtool will add the path to the RPATH of the library if passed -L/some/path
+LIBAPPARMOR_FLAGS=-I../../libraries/libapparmor/src -Wl,-Wl,-L../../libraries/libapparmor/src/.libs
+LDLIBS=-lapparmor
 
 all: $(TARGET) ${MANPAGES} ${HTMLMANPAGES}
 
 %.so: %.c
-	${APXS} ${LIBAPPARMOR_FLAGS} -c $<
+	${APXS} ${LIBAPPARMOR_FLAGS} -c $< ${LDLIBS}
 	mv .libs/$@ .
 
 .PHONY: install

changehat/mod_apparmor/apache2-mod_apparmor.spec.in

@@ -1,4 +1,3 @@
-# $Id$
 # ----------------------------------------------------------------------
 #    Copyright (c) 2004, 2005 NOVELL (All rights reserved)
 #

changehat/mod_apparmor/frob_sysconfig

@@ -1,6 +1,5 @@
 #!/usr/bin/perl -w
 #
-# $Id: frob_sysconfig 5910 2005-12-09 03:41:29Z steve $
 # ----------------------------------------------------------------------
 #    Copyright (c) 2004, 2005 NOVELL (All rights reserved)
 #

changehat/mod_apparmor/mod_apparmor.c

@@ -1,5 +1,4 @@
-/* $Id$
- *
+/*
  *   Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
  *
  *    The mod_apparmor module is licensed under the terms of the GNU
@@ -24,11 +23,7 @@
 #include "apr_strings.h"
 #include "apr_lib.h"
 
-#ifndef USE_COMPAT_IMMUNIX_H
-#include <sys/apparmor.h>
-#else
-#include <sys/immunix.h>
-#endif
+#include <apparmor.h>
 #include <unistd.h>
 
 /* #define DEBUG */

changehat/mod_apparmor/mod_apparmor.pod

@@ -1,96 +1,125 @@
-# $Id$
-# This publication is intellectual property of Novell Inc. Its contents
-# can be duplicated, either in part or in whole, provided that a copyright
-# label is visibly located on each copy.
+# This publication is intellectual property of Novell Inc. and Canonical
+# Ltd. Its contents can be duplicated, either in part or in whole, provided
+# that a copyright label is visibly located on each copy.
 #
 # All information found in this book has been compiled with utmost
 # attention to detail. However, this does not guarantee complete accuracy.
-# Neither SUSE LINUX GmbH, the authors, nor the translators shall be held
-# liable for possible errors or the consequences thereof.
+# Neither SUSE LINUX GmbH, Canonical Ltd, the authors, nor the translators
+# shall be held liable for possible errors or the consequences thereof.
 #
 # Many of the software and hardware descriptions cited in this book
 # are registered trademarks. All trade names are subject to copyright
 # restrictions and may be registered trade marks. SUSE LINUX GmbH
-# essentially adheres to the manufacturer's spelling.
+# and Canonical Ltd. essentially adhere to the manufacturer's spelling.
 #
 # Names of products and trademarks appearing in this book (with or without
 # specific notation) are likewise subject to trademark and trade protection
 # laws and may thus fall under copyright restrictions.
 #
-# Please direct suggestions and comments to apparmor-general@forge.novell.com.
 
 
 =pod
 
 =head1 NAME
 
-mod_apparmor - fine-grained AppArmor confinement for apache
+mod_apparmor - fine-grained AppArmor confinement for Apache
 
 =head1 DESCRIPTION
 
 An AppArmor profile applies to an executable program; if a portion of
 the program needs different access permissions than other portions,
-the program can "change hats" via change_hat(2) to a different role,
-also known as a subprofile.  The mod_apparmor apache module uses the
-change_hat(2) mechanism to offer more fine-grained confinement of dynamic
-elements within apache such as individual php and perl scripts, while
+the program can "change hats" via aa_change_hat(2) to a different role,
+also known as a subprofile.  The mod_apparmor Apache module uses the
+aa_change_hat(2) mechanism to offer more fine-grained confinement of dynamic
+elements within Apache such as individual php and perl scripts, while
 still allowing the performance benefits of using mod_php and mod_perl.
 
-To use mod_apparmor with apache, ensure that mod_apparmor is configured to
-be loaded into apache, either via yast or manual editing of the httpd(8)
-configuration files, and restart apache. Make sure that apparmor is also
-functioning.
+To use mod_apparmor with Apache, ensure that mod_apparmor is configured to
+be loaded into Apache, either via a2enmod, yast or manual editing of the
+apache2(8)/httpd(8) configuration files, and restart Apache. Make sure that
+apparmor is also functioning.
 
-Once mod_apparmor is loaded within apache, all requests to apache will
+Once mod_apparmor is loaded within Apache, all requests to Apache will
 cause mod_apparmor to attempt to change into a hat named by the URI
 (e.g. /app/some.cgi). If no such hat is found, it will fall back to
 attempting to use the hat DEFAULT_URI; if that also does not exist,
-it will fall back to using the global apache profile. Most static web
+it will fall back to using the global Apache profile. Most static web
 pages can simply make use of the DEFAULT_URI hat.
 
-However, defining hats for every URI/URL would become tedious, so there
-are a couple of configuration options that mod_apparmor supports:
+Additionally, before any requests come in to Apache, mod_apparmor
+will attempt to change hat into the HANDLING_UNTRUSTED_INPUT hat.
+mod_apparmor will attempt to use this hat while Apache is doing the
+initial parsing of a given http request, before its given to a specific
+handler (like mod_php) for processing.
+
+Because defining hats for every URI/URL often becomes tedious, mod_apparmor
+provides the AAHatName and AADefaultHatName Apache configuration options.
 
 =over 4
 
 =item B<AAHatName>
 
-AAHatName allows you to specify a hat to be used for a given apache
-directory or location directive (see the apache documenation for more
+AAHatName allows you to specify a hat to be used for a given Apache
+E<lt>DirectoryE<gt>, E<lt>DirectoryMatch>, E<lt>LocationE<gt> or
+E<lt>LocationMatchE<gt> directive (see the Apache documenation for more
 details). Note that mod_apparmor behavior can become confused if
-directory and location directives are intermingled; it's preferred to
-stick to one type of directive. If the hat specified by AAHatName does
-not exist in the apache profile, then it falls back to the behavior
-above.
+E<lt>Directory*E<gt> and E<lt>Location*E<gt> directives are intermingled
+and it is recommended to use one type of directive. If the hat specified by
+AAHatName does not exist in the Apache profile, then it falls back to the
+behavior described above.
 
 =item B<AADefaultHatName>
 
 AADefaultHatName allows you to specify a default hat to be used for
-vhosts and other apache server directives, so that you can have
-different defaults for different virtual hosts. This can be overridden
-by an AAHatName directive. If the AADefaultHatName hat does not exist,
-it falls back to the behavior described above.
+virtual hosts and other Apache server directives, so that you can have
+different defaults for different virtual hosts. This can be overridden by
+the AAHatName directive and is checked for only if there isn't a matching
+AAHatName or hat named by the URI. If the AADefaultHatName hat does not
+exist, it falls back to the DEFAULT_URI hat if it exists (as described
+above).
 
 =back
 
-Additionally, before any requests come in to apache, mod_apparmor
-will attempt to change hat into the HANDLING_UNTRUSTED_INPUT hat.
-mod_apparmor will attempt to use this hat while apache is doing the
-initial parsing of a given http request, before its given to a specific
-handler (like mod_php) for processing.
+=head1 URI REQUEST SUMMARY
+
+When profiling with mod_apparmor, it is helpful to keep the following order
+of operations in mind:
+
+On each URI request, mod_apparmor will first aa_change_hat(2) into
+^HANDLING_UNTRUSTED_INPUT, if it exists.
+
+Then, after performing the initial parsing of the request, mod_apparmor
+will:
+
+=over 2
+
+1. try to aa_change_hat(2) into a matching AAHatName hat if it exists and
+applies, otherwise it will
+
+2. try to aa_change_hat(2) into the URI itself, otherwise it will
+
+3. try to aa_change_hat(2) into an AADefaultHatName hat if it has been defined
+for the server/vhost, otherwise it will
+
+4. try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists, otherwise it
+will
+
+5. fall back to the global Apache policy
+
+=back
 
 =head1 BUGS
 
 mod_apparmor() currently only supports apache2, and has only been tested
-with the prefork MPM configuration -- threaded configurations of apache
+with the prefork MPM configuration -- threaded configurations of Apache
 may not work correctly.
 
 There are likely other bugs lurking about; if you find any, please report
-them to bugzilla at L<http://bugzilla.novell.com>.
+them at L<http://https://bugs.launchpad.net/apparmor/+filebug>.
 
 =head1 SEE ALSO
 
-apparmor(7), subdomain.conf(5), apparmor_parser(8), and
-L<http://forge.novell.com/modules/xfmod/project/?apparmor>.
+apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and
+L<http://wiki.apparmor.net>.
 
 =cut

changehat/pam_apparmor/Makefile

@@ -1,4 +1,3 @@
-# 	$Id$
 # ----------------------------------------------------------------------
 #    Copyright (c) 1999, 2004, 2005 NOVELL (All rights reserved)
 #
@@ -27,8 +26,8 @@ common/Make.rules: $(COMMONDIR)/Make.rules
 	ln -sf $(COMMONDIR) .
 endif
 
-EXTRA_CFLAGS=$(CFLAGS) -fPIC -shared -Wall
-LINK_FLAGS=-Xlinker -x
+EXTRA_CFLAGS=$(CFLAGS) -fPIC -shared -Wall -I../../libraries/libapparmor/src/
+LINK_FLAGS=-Xlinker -x -L../../libraries/libapparmor/src/.libs
 LIBS=-lpam -lapparmor
 OBJECTS=${NAME}.o get_options.o
 
@@ -42,7 +41,7 @@ $(NAME).so: ${OBJECTS}
 
 # need some better way of determining this
 DESTDIR=/
-SECDIR=${DESTDIR}/lib/security
+SECDIR ?= ${DESTDIR}/lib/security
 
 .PHONY: install
 install: $(NAME).so

changehat/pam_apparmor/get_options.c

@@ -1,6 +1,4 @@
 /*
- * $Id$
- *
  * Written by Steve Beattie <sbeattie@suse.de> 2006/10/25
  *
  * Modeled after the option parsing code in pam_unix2 by:

changehat/pam_apparmor/pam_apparmor.c

@@ -1,10 +1,14 @@
 /* pam_apparmor module */
 
 /*
- * $Id$
+ * Copyright (c) 2006
+ * NOVELL (All rights reserved)
+ *
+ * Copyright (c) 2010
+ * Canonical, Ltd. (All rights reserved)
  *
  * Written by Jesse Michael <jmichael@suse.de> 2006/08/24
- *	  and Steve Beattie <sbeattie@suse.de> 2006/10/25
+ *	  and Steve Beattie <sbeattie@ubuntu.com> 2006/10/25
  *
  * Based off of pam_motd by:
  *   Ben Collins <bcollins@debian.org> 2005/10/04
@@ -23,7 +27,7 @@
 #include <grp.h>
 #include <syslog.h>
 #include <errno.h>
-#include <sys/apparmor.h>
+#include <apparmor.h>
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>
 
@@ -165,8 +169,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
 			 * stop attempting to use change_hat */
 			goto nodefault;
 			break;
-		case EPERM: /* Disable when ECHILD patch gets accepted */
 		case EACCES:
+		case ENOENT:
 			/* failed to change into attempted hat, so we'll
 			 * jump back out and try the next one */
 			break;

changehat/pam_apparmor/pam_apparmor.h

@@ -1,8 +1,6 @@
 /* pam_apparmor module */
 
 /*
- * $Id$
- *
  * Written by Jesse Michael <jmichael@suse.de> 2006/08/24
  *	  and Steve Beattie <sbeattie@suse.de> 2006/10/25
  *

changehat/tomcat_apparmor/tomcat_5_0/Makefile

@@ -1,4 +1,3 @@
-# 	$Id: Makefile 10 2006-04-12 20:31:08Z steve-beattie $
 # ----------------------------------------------------------------------
 #    Copyright (c) 1999, 2004, 2005, 2006 NOVELL (All rights reserved)
 #
@@ -38,4 +37,4 @@ clean:
 	rm -f tomcat_apparmor.spec ${NAME}-*.tar.gz Make.rules
 
 install: $(SPECFILE)
-	 ant  -Dversion=$(VERSION) -Drelease=$(RELEASE) -Dcatalina_home=${CATALINA_HOME} -Dinstall_lib=${LIB} install_jar install_jni
+	 ant  -Dversion=$(VERSION) -Drelease=$(MAN_RELEASE) -Dcatalina_home=${CATALINA_HOME} -Dinstall_lib=${LIB} install_jar install_jni

changehat/tomcat_apparmor/tomcat_5_0/tomcat_apparmor.spec.in

@@ -1,4 +1,3 @@
-# $Id:$
 # ----------------------------------------------------------------------
 #    Copyright (c) 2006 NOVELL (All rights reserved)
 #

changehat/tomcat_apparmor/tomcat_5_5/Makefile

@@ -1,4 +1,3 @@
-# 	$Id: Makefile 10 2006-04-12 20:31:08Z steve-beattie $
 # ----------------------------------------------------------------------
 #    Copyright (c) 1999, 2004, 2005, 2006 NOVELL (All rights reserved)
 #
@@ -38,4 +37,4 @@ clean:
 	rm -f tomcat_apparmor.spec ${NAME}-*.tar.gz Make.rules
 
 install: $(SPECFILE)
-	 ant  -Dversion=$(VERSION) -Drelease=$(RELEASE) -Dcatalina_home=${CATALINA_HOME} -Dinstall_lib=${LIB} install_jar install_jni
+	 ant  -Dversion=$(VERSION) -Drelease=$(MAN_RELEASE) -Dcatalina_home=${CATALINA_HOME} -Dinstall_lib=${LIB} install_jar install_jni

changehat/tomcat_apparmor/tomcat_5_5/build.xml

@@ -4,8 +4,8 @@
     <property name="jni_src" location="src/jni_src"/>
     <property name="build" location="build"/>
     <property name="install_root" location="/"/>
-    <property name="catalina_home" location="/usr/share/tomcat5"/>
-    <property name="lib" location="lib"/>
+    <property name="catalina_home" location="/usr/share/tomcat6"/>
+    <property name="lib" location="/usr/share/tomcat6/bin"/>
     <property name="install_lib" value="/lib"/>
     <property name="dist" location="dist"/>
     <property name="jarfile" location="${dist}/${ant.project.name}.jar"/>
@@ -18,10 +18,11 @@
         <include name="**/*.jar"/>
     </fileset>
 
-    <fileset id="tomcat.jars" dir="${catalina_home}/server/lib">
+    <fileset id="tomcat.jars" dir="${catalina_home}/lib">
 	   <include name="**/*.jar"/>
 	</fileset>
-    <fileset id="servlet.jars" dir="${catalina_home}/common/lib">
+
+    <fileset id="servlet.jars" dir="${catalina_home}/lib">
 	   <include name="**/*.jar"/>
 	</fileset>
 	
@@ -80,9 +81,9 @@
     </target>
 
     <target name="install_jar" depends="jni_so" description="Install jar file">
-        <mkdir dir="${install_root}/${catalina_home}/server/lib/"/>
-        <copy file="${jarfile}" tofile="${install_root}/${catalina_home}/server/lib/${ant.project.name}.jar"/>
-        <chmod perm="644" file="${install_root}/${catalina_home}/server/lib/${ant.project.name}.jar"/>
+        <mkdir dir="${install_root}/${catalina_home}/lib/"/>
+        <copy file="${jarfile}" tofile="${install_root}/${catalina_home}/lib/${ant.project.name}.jar"/>
+        <chmod perm="644" file="${install_root}/${catalina_home}/lib/${ant.project.name}.jar"/>
     </target>
 
     <target name="clean" description="Remove build and dist directories">

changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/JNIChangeHat.c

@@ -13,7 +13,7 @@
 
 #include "jni.h"
 #include <errno.h>
-#include "sys/apparmor.h"
+#include <apparmor.h>
 #include "com_novell_apparmor_JNIChangeHat.h"
 
 /* c intermediate lib call for Java -> JNI -> c library execution of the change_hat call */

changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile

@@ -4,7 +4,7 @@ LIB            = lib/
 LIBDIR         = /usr/${LIB}
 INCLUDE        = ${LIBDIR}/jvm/java/include
 CFLAGS         = -g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe  -fpic -D_REENTRANT
-INCLUDES       = -I$(INCLUDE)  -I$(INCLUDE)/linux
+INCLUDES       = -I$(INCLUDE)  -I$(INCLUDE)/linux -I$(TOP)/../../../libraries/libapparmor/src/
 CLASSFILE      = ${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class
 DESTDIR        = ${TOP}/dist
 SO_VERS        = 1
@@ -20,7 +20,7 @@ ${JAVA_CLASSNAME}.java com_novell_apparmor_${JAVA_CLASSNAME}.h:  ${CLASSFILE}
 	javah -jni -classpath ${CLASSPATH} com.novell.apparmor.${JAVA_CLASSNAME} 
 
 ${TARGET}.so:    ${JAVA_CLASSNAME}.c  ${JAVA_CLASSNAME}.java com_novell_apparmor_${JAVA_CLASSNAME}.h
-	gcc ${INCLUDES} ${CFLAGS} -shared -o ${TARGET}.so  ${JAVA_CLASSNAME}.c -lapparmor
+	gcc ${INCLUDES} ${CFLAGS} -shared -o ${TARGET}.so  ${JAVA_CLASSNAME}.c -L$(TOP)/../../../libraries/libapparmor/src/.libs -lapparmor
 
 install: ${TARGET}.so
 	install -d $(DESTDIR)/${LIB} $(DESTDIR)${LIBDIR}

changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in

@@ -1,4 +1,3 @@
-# $Id:$
 # ----------------------------------------------------------------------
 #    Copyright (c) 2006 NOVELL (All rights reserved)
 #

common/Make-po.rules

@@ -1,12 +1,19 @@
-# 	$Id$
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (c) 1999-2008 NOVELL (All rights reserved)
+# Copyright 2009-2010 Canonical Ltd.
 #
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public 
-#    License published by the Free Software Foundation.
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public 
+# License published by the Free Software Foundation.
 #
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 # ------------------------------------------------------------------
 #
 # The including makefile needs to define LANG, which lists the lang
@@ -14,13 +21,14 @@
 # exist
 LOCALEDIR=/usr/share/locale
 
-XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor-general@forge.novell.com -d ${NAME}
+XGETTEXT_ARGS=--copyright-holder="NOVELL, Inc." --msgid-bugs-address=apparmor@lists.ubuntu.com -d ${NAME}
 
 # When making the .pot file, it's expected that the parent Makefile will
 # pass in the list of sources in the SOURCES variable
 PARENT_SOURCES=$(foreach source, ${SOURCES}, ../${source})
 
-LANGS=$(patsubst %.po, %, $(wildcard *.po))
+# Can override by passing LANGS=whatever here
+LANGS?=$(patsubst %.po, %, $(wildcard *.po))
 TARGET_MOS=$(foreach lang, $(filter-out $(DISABLED_LANGS),$(LANGS)), ${lang}.mo)
 
 .PHONY: all

common/Make.rules

@@ -1,7 +1,7 @@
-# $Id$
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) 2010 Canonical, Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public 
@@ -25,7 +25,12 @@
 #     directories
 
 DISTRIBUTION=AppArmor
-VERSION=2.1
+VERSION=$(shell cat common/Version)
+
+AWK:=$(shell which awk)
+ifndef AWK
+$(error awk utility required for build but not available)
+endif
 
 # OVERRIDABLE variables
 # Set these variables before including Make.rules to change its behavior
@@ -48,16 +53,21 @@ BUILDDIR=$(shell if [ -d "${TESTBUILDDIR}" ] ; then \
 		    echo "/tmp/${NAME}"  ; \
 		  fi ;)
 endif
-RPMHOSTVENDOR=$(shell rpm --eval "%{_host_vendor}")
 ifndef DISTRO
 DISTRO=$(shell if [ -f /etc/slackware-version ] ; then \
 		  echo slackware ; \
 	       elif [ -f /etc/debian_version ] ; then \
 	       	  echo debian ;\
-	       elif [ ${RPMHOSTVENDOR} = "suse" ] ; then \
-	          echo suse ;\
-	       elif [ ${RPMHOSTVENDOR} = "redhat" ] ; then \
-	          echo rhel4 ;\
+	       elif which rpm > /dev/null ; then \
+	         if [ "$(rpm --eval '0%{?suse_version}')" != "0" ] ; then \
+	             echo suse ;\
+	         elif [ "$(rpm --eval '%{_host_vendor}')" = redhat ] ; then \
+	            echo rhel4 ;\
+	         elif [ "$(rpm --eval '0%{?fedora}')" != "0" ] ; then \
+	            echo rhel4 ;\
+	         else \
+	            echo unknown ;\
+	         fi ;\
 	       else \
 	          echo unknown ;\
 	       fi)
@@ -70,20 +80,7 @@ RPMARG=--define "_topdir $(BUILDDIR:/=)" \
 	$(shell [ -d ${BUILDDIR}/BUILDROOT ] && echo --define \"buildroot $(BUILDDIR:/=)/BUILDROOT\") \
 	$(shell [ -n "${DISTRO}" ] && echo --define \"distro ${DISTRO}\")
 
-#REPO_VERSION=$(shell if [ -x /usr/bin/svn ] ; then \
-#			if ! /usr/bin/svn info -r HEAD . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; then \
-#				/usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; \
-#			fi ; \
-#		      fi)
-REPO_VERSION=$(shell if [ -x /usr/bin/svn ] ; then \
-				/usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; \
-		      fi)
-REPO_URL=$(shell if [ -x /usr/bin/svn ] ; then \
-			/usr/bin/svn info . 2> /dev/null | grep "^URL:" | sed "s/^URL: //" ; \
-		 fi)
-COMMON_REPO_URL=$(shell if [ -x /usr/bin/svn ] ; then \
-			/usr/bin/svn info $(COMMONDIR)  2> /dev/null | grep "^URL:" | sed "s/^URL: //" ; \
-		 fi)
+REPO_VERSION_CMD=([ -x /usr/bin/bzr ] && /usr/bin/bzr version-info . 2> /dev/null || awk '{ print "revno: "$2 }' common/.stamp_rev) | awk '/^revno:/ { print $2 }'
 
 ifdef EXTERNAL_PACKAGE
 RPMARG+=--define "_sourcedir $(shell pwd)"
@@ -92,30 +89,14 @@ endif
 ifndef SPECFILE
 SPECFILE        = $(NAME).spec
 endif
-RELEASE = $(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} --qf "%{RELEASE}" ${SPECFILE})
 RELEASE_DIR	= $(NAME)-$(VERSION)
-TARBALL		= $(NAME)-$(VERSION)-${REPO_VERSION}.tar.gz
-TAR		= /bin/tar czvp -h --exclude .svn --exclude CVS --exclude .cvsignore --exclude ${TARBALL} --exclude ${RELEASE_DIR}/${RELEASE_DIR}  $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
+TAR		= /bin/tar czvp -h --exclude .svn --exclude .bzr --exclude .bzrignore --exclude ${RELEASE_DIR}/${RELEASE_DIR} $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
 LDCONFIG	= /sbin/ldconfig
 
-CVSPKG_VERSION=$(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} ${SPECFILE} | head -1 | tr "." "_")
-
 RPMSUBDIRS=SOURCES SPECS BUILD BUILDROOT SRPMS RPMS/i386 RPMS/i586 \
         RPMS/i686 RPMS/athlon RPMS/noarch RPMS/x86_64
 BUILDRPMSUBDIRS=$(foreach subdir, $(RPMSUBDIRS), $(BUILDDIR:/=)/$(subdir))
 
-.PHONY: cvs_tag
-cvs_tag:
-	cvs tag IMMUNIX-${CVSPKG_VERSION}
-
-.PHONY: checkin
-checkin:
-	if cvs -q up -d | grep -q "^\?" ; then echo "Hey! You have" \
-		"files in the directory you have not added into cvs."; exit 1; \
-	fi
-	cvs ci
-	make cvs_tag
-
 ifdef EXTERNAL_PACKAGE
 .PHONY: rpm
 rpm: clean $(BUILDRPMSUBDIRS)
@@ -123,21 +104,25 @@ rpm: clean $(BUILDRPMSUBDIRS)
 
 else
 .PHONY: rpm
-rpm: clean $(TARBALL) $(BUILDRPMSUBDIRS)
-	cp $(TARBALL) $(BUILDDIR)/SOURCES/
+rpm: clean $(BUILDRPMSUBDIRS)
+	__REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
+	__TARBALL=$(NAME)-$(VERSION)-$${__REPO_VERSION}.tar.gz ; \
+	make $${__TARBALL} ; \
+	cp $${__TARBALL} $(BUILDDIR)/SOURCES/
 	cp ${SPECFILE} $(BUILDDIR)/SPECS/
 	rpmbuild -ba ${RPMARG} ${SPECFILE}
 
 .PHONY: ${SPECFILE}
 ${SPECFILE}: ${SPECFILE}.in
+	__REPO_VERSION=`$(value REPO_VERSION_CMD)` ; \
 	sed -e "s/@@immunix_version@@/${VERSION}/g" \
-	    -e "s/@@repo_version@@/${REPO_VERSION}/g" $< > $@
+	    -e "s/@@repo_version@@/$${__REPO_VERSION}/g" $< > $@
 
-${TARBALL}: clean ${SPECFILE}
+%.tar.gz: clean ${SPECFILE}
 	-rm -rf $(RELEASE_DIR)
 	mkdir $(RELEASE_DIR)
-	$(TAR) . | tar xz -C $(RELEASE_DIR)
-	$(TAR) -f $@ $(RELEASE_DIR)
+	$(TAR) --exclude $@ . | tar xz -C $(RELEASE_DIR)
+	$(TAR) --exclude $@ -f $@ $(RELEASE_DIR)
 	rm -rf $(RELEASE_DIR)
 
 ifndef OVERRIDE_TARBALL
@@ -145,15 +130,6 @@ ifndef OVERRIDE_TARBALL
 tarball: clean $(TARBALL)
 endif
 
-.PHONY: dist
-dist: clean $(SPECFILE)
-	-rm -rf $(RELEASE_DIR)
-	svn export -r $(REPO_VERSION) $(REPO_URL) $(RELEASE_DIR)
-	svn export $(COMMON_REPO_URL) $(RELEASE_DIR)/common
-	make -C $(RELEASE_DIR) $(SPECFILE) REPO_VERSION=${REPO_VERSION} COMMONDIR_EXISTS=false
-	$(TAR) -f $(TARBALL) $(RELEASE_DIR)
-	rm -rf $(RELEASE_DIR)
-
 endif
 
 .PHONY: version
@@ -161,6 +137,12 @@ endif
 version:
 	 rpm -q --define "_sourcedir ." ${RPMARG} --specfile ${SPECFILE}
 
+.PHONY: repo_version
+.SILENT: repo_version
+repo_version:
+	 $(value REPO_VERSION_CMD)
+
+
 .PHONY: build_dir 
 build_dir: $(BUILDRPMSUBDIRS)
 
@@ -173,6 +155,40 @@ _clean:
 	-rm -f ${NAME}-${VERSION}-*.tar.gz
 	-rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
 
+# =====================
+# generate list of capabilities based on
+# /usr/include/linux/capabilities.h for use in multiple locations in
+# the source tree
+# =====================
+
+# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
+CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
+
+.PHONY: list_capabilities
+list_capabilities: /usr/include/linux/capability.h
+	@echo "$(CAPABILITIES)"
+
+# =====================
+# generate list of network protocols based on
+# sys/socket.h for use in multiple locations in
+# the source tree
+# =====================
+
+# These are the families that it doesn't make sense for apparmor
+# to mediate. We use PF_ here since that is what is required in
+# bits/socket.h, but we will rewrite these as AF_.
+
+FILTER_FAMILIES=PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK
+
+__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
+
+# emits the AF names in a "AF_NAME NUMBER," pattern
+AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e '/$(__FILTER)/d' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
+
+.PHONY: list_af_names
+list_af_names:
+	@echo "$(AF_NAMES)"
+
 # =====================
 # manpages
 # =====================
@@ -191,32 +207,12 @@ install_manpages: $(MANPAGES)
 	$(foreach dir, ${MANDIRS}, \
 	     install -d ${DESTDIR}/${MANDIR}/man${dir} ; \
 	     install -m 644 $(filter %.${dir}, ${MANPAGES}) ${DESTDIR}/${MANDIR}/man${dir}; \
-	     $(foreach aa_page, $(filter %.${dir}, ${AA_MANPAGES}), \
-	     	ln -sf $(aa_page) ${DESTDIR}/${MANDIR}/man${dir}/${aa_page:%=aa-%};))
+	)
 
-%.1: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=1 > $@
+MAN_RELEASE="AppArmor ${VERSION}"
 
-%.2: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=2 > $@
-
-%.3: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=3 > $@
-
-%.4: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=4 > $@
-
-%.5: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=5 > $@
-
-%.6: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=6 > $@
-
-%.7: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=7 > $@
-
-%.8: %.pod
-	$(POD2MAN) $< --release=NOVELL/SUSE --center=AppArmor --section=8 > $@
+%.1 %.2 %.3 %.4 %.5 %.6 %.7 %.8: %.pod
+	$(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --stderr --section=$(subst .,,$(suffix $@)) > $@
 
 %.1.html: %.pod
 	$(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
@@ -242,43 +238,6 @@ install_manpages: $(MANPAGES)
 %.8.html: %.pod
 	$(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
 
-# =====================
-# Slackware poo
-# =====================
-.PHONY: slack
-slack: 
-	rm -rf ${BUILDDIR}
-	mkdir -p ${BUILDDIR}/install
-	make install DESTDIR=${BUILDDIR} DISTRO=slackware
-	# comment line is there so grep always has something to match
-	( echo "# install script pulled from ${SPECFILE}" ; rpm -q --specfile --define "_sourcedir ." ${RPMARG} --qf "%{POSTIN}\n" ${SPECFILE}) | grep -v "^(none)$$" >> ${BUILDDIR}/install/doinst.sh
-	( cd ${BUILDDIR} && makepkg -l y -c y -p ${PWD}/${NAME}-${VERSION}-${RELEASE}.tgz )
-
-# =====================
-# Debian poo
-# =====================
-.PHONY: deb
-deb: ${TARBALL}
-	rm -rf ${BUILDDIR}
-	mkdir -p ${BUILDDIR}
-	tar -xvzf ${TARBALL} -C ${BUILDDIR} 
-	( cd ${BUILDDIR}/${RELEASE_DIR} && sh -c "DEBFULLNAME='NOVELL, Inc' dh_make -e apparmor-general@forge.novell.com --library -f ~/svn/immunix/immunix/libimmunix/libimmunix-2.0.tar.gz << EOM \
-\
-EOM" )
-	make ${NAME}-deb -C ${BUILDDIR}/${RELEASE_DIR}
-	# ( cd ${BUILDDIR}/${RELEASE_DIR} && dpkg-buildpackage -b -sd -rfakeroot)
-
-DEBIAN_DISTRO=stable
-
-DEB_CHANGELOG_OUTPUT="${NAME} (${VERSION}-${RELEASE}) ${DEBIAN_DISTRO}; urgency=low\n\
-    \n   * Automatically generated by the AppArmor Build System.\n\
-    \n -- AppArmor Development Team <apparmor-general@forge.novell.com> $(shell date -R)"
-
-
-.PHONY: debian/changelog
-debian/changelog: 
-	echo -e ${DEB_CHANGELOG_OUTPUT} > $@ 
-
 A2PS_ARGS=-Ec -g --line-numbers=1
 ENSCRIPT_ARGS=-C -2jGr -f Courier6 -E
 %.c.ps: %.c

common/Version

@@ -0,0 +1 @@
+2.8.1

deprecated/management/apparmor-dbus/apparmor-dbus.spec

@@ -6,7 +6,7 @@
 Name:		apparmor-dbus
 BuildRequires:	audit-devel dbus-1-devel pkgconfig libapparmor-devel
 Requires:	libapparmor
-Version:	1.2
+Version:	2.3
 Release:	0
 License:	GPL
 Group:		System/Management

deprecated/management/apparmor-dbus/configure.in

@@ -0,0 +1,16 @@
+AC_INIT(configure.in)
+
+AM_INIT_AUTOMAKE(apparmor-dbus, 2.3)
+
+AC_LANG_C
+AC_PROG_CC
+
+AC_CHECK_HEADERS(libaudit.h,,AC_MSG_ERROR([libaudit header file not found!]))
+AC_CHECK_LIB(audit, audit_open)
+AC_CHECK_HEADERS(aalogparse/aalogparse.h)
+AC_CHECK_LIB(apparmor, parse_record)
+PKG_CHECK_MODULES(DBUS, dbus-1 >= 0.60)
+CFLAGS="${CFLAGS} ${DBUS_CFLAGS}"
+AC_CHECK_LIB(dbus-1, exit,,AC_MSG_ERROR([dbus-1 not found!]))
+
+AC_OUTPUT(Makefile src/Makefile)

deprecated/management/apparmor-dbus/src/Makefile.am

@@ -0,0 +1,2 @@
+bin_PROGRAMS = apparmor-dbus
+apparmor_dbus_SOURCES = aadbus.c