While `include/sys/apparmor.h` makes use of `socklen_t`, it doesn't
include the `<sys/socket.h>` header to make its declaration available.
While this works on systems using glibc via transitive includes, it
breaks compilation on musl libc.
Fix the issue by including the header.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
(cherry picked from commit 47263a3a74)
Signed-off-by: John Johansen <john.johansen@canonical.com>
While `_aa_asprintf` is supposed to be of private visibility, it's used
by apparmor_parser and thus required to be visible when linking. This
commit thus adds it to the list of private symbols to make it available
for linking in apparmor_parser.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/643
Signed-off-by: Patrick Steinhardt <ps@pks.im>
(cherry picked from commit 9a8fee6bf1)
abstractions/kerberosclient: allow reading /etc/krb5.conf.d/
See merge request apparmor/apparmor!425
Acked-by: Steve Beattie <steve@nxnw.org> for 2.10..master
Acked-by: John Johansen <john.johansen@canonical.com> for 2.10..master
(cherry picked from commit 663546c284)
dffed831 abstractions/kerberosclient: allow reading /etc/krb5.conf.d/
--log-facility option needs to have permission to open files.
Use '*' to allow using more files (for using more dnsmasq instances).
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Jamie Strandboge <jamie@canonical.com>
(cherry picked from commit 025c7dc6a1)
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
looping through the first 16 loop devices to find a free device will
fail if those mount devices are taken, and unfortunately there are
now services that use an excessive amount of loop devices causing
the regression test to fail.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/379
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
(cherry picked from commit ab0f2af1da)
Add several libapparmor/swig/ruby files to gitignore
See merge request apparmor/apparmor!366
(cherry picked from commit 9c11ce37c6)
7ed1a16a Add several libapparmor/swig/ruby files to gitignore
misc dovecot fixes (take #2)
See merge request apparmor/apparmor!336
Acked-by: Christian Boltz <apparmor@cboltz.de> for master..2.10
(cherry picked from commit e68beb988a)
a57f01d8 dovecot: allow FD passing between dovecot and dovecot's anvil
d0aa863f dovecot: allow chroot'ing the auth processes
9afeb225 dovecot: let dovecot/anvil rw the auth-penalty socket
17db8f38 dovecot: auth processes need to read from postfix auth socket
6a7c49b1 dovecot: add abstractions/ssl_certs to lmtp
parser/libapparmor_re/parse.cc is autogenerated during build parser/tst_lib gets compiled during "make check"
Both files get deleted by make clean.
This is the only remaining difference between 2.10 and newer .gitignore files, and the two files already get generated in 2.10.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/319
(cherry picked from commit 9d5934f5)
Signed-off-by: John Johansen john.johansen@canonical.com
- parser/libapparmor_re/parse.cc is autogenerated during build
- parser/tst_lib gets compiled during "make check"
Both files get deleted by make clean.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.11.
(cherry picked from commit 9d5934f5ff)
abstractions/ssl_{certs,keys}: dehydrated uses /var/lib on Debian
See merge request apparmor/apparmor!299
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.10..master
(cherry picked from commit 1f53de174d)
1306f9a6 abstractions/ssl_{certs,keys}: dehydrated uses /var/lib on Debian
c5a89d5d abstractions/ssl_{certs,keys}: sort the alternation for dehydrated and drop...
04b2842e abstractions/ssl_{certs,keys}: allow reading ocsp.der maintained by dehydrated for OCSP stapling
abi rule skipping is core dumping on some bad abi rule file names.
[ 112s] # Failed test './simple_tests//abi/bad_10.sd: Produced core dump (signal 6): abi testing - abi path quotes in <> with spaces'
[ 112s] # at simple.pl line 126.
[ 112s]
[ 112s] # Failed test './simple_tests//abi/bad_11.sd: Produced core dump (signal 6): abi testing - abi path quotes in <> with spaces'
[ 112s] # at simple.pl line 126.
[ 112s]
[ 112s] # Failed test './simple_tests//abi/bad_12.sd: Produced core dump (signal 6): abi testing - abi path quotes in <> with spaces'
[ 112s] # at simple.pl line 126.
This is caused by calling processquoted without ensuring that that the
length being processed is valid.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Add /etc/letsencrypt/archive to ssl_key abstraction
See merge request apparmor/apparmor!283
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.10..master
(cherry picked from commit 0a666b8e48)
cb468786 Add /etc/letsencrypt stuff to ssl_keys/ssl_certs abstraction
The only entries that wouldn't be needed in 2.11 are
- cscope.*
- libraries/libapparmor/src/PMurHash.lo
- libraries/libapparmor/src/PMurHash.o
but they don't hurt, and keeping .gitignore in sync in all branches
makes things easier.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/260
(cherry picked from commit 8bba589d2d)
Signed-off-by: John Johansen <john.johansen@canonical.com>
disable abi/ok_10 and abi/ok_12 tests
See merge request apparmor/apparmor!259
(cherry picked from commit 608af94dff)
a3305b51 disable abi/ok_10 and abi/ok_12 tests
profiles/Makefile: test abstractions against apparmor_parser
See merge request apparmor/apparmor!244
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.10, 2.11 and 2.12.
(cherry picked from commit 500b857d24)
93ccf15c profiles/Makefile: test abstractions against apparmor_parser
AppArmor 3.0 requires policy to use a feature abi rule for access to
new features. However some policy may start using abi rules even if
they don't have rules that require new features. This is especially
true for out of tree policy being shipped in other packages.
Add enough support to older releases that the parser will ignore the
abi rule and warn that it is falling back to the apparmor 2.x
technique of using the system abi.
If the profile contains rules that the older parser does not
understand it will fail policy compilation at the unknown rule instead
of the abi rule.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/196
(backported form commit 83df7c4747)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
[2.10] Initialize hats that don't exist in the /etc/apparmor.d profile yet
If a hat only exists in the to-be-merged profile, it needs to be
initialized in the /etc/apparmor.d/ profile. This patch does exactly
that to avoid an aa-mergeprof crash.
This bug only exists in the 2.10 branch. Newer branches already got it
"accidently fixed" during merging ask_the_questions() into aa.py and the
ProfileStorage implementation.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/235
Acked-by: John Johansen <john.johansen@canonical.com>
If a hat only exists in the to-be-merged profile, it needs to be
initialized in the /etc/apparmor.d/ profile. This patch does exactly
that to avoid an aa-mergeprof crash.
This bug only exists in the 2.10 branch. Newer branches already got it
"accidently fixed" during merging ask_the_questions() into aa.py and the
ProfileStorage implementation.
commit 94dfe15b28 attempted to remove
LD_RUN_PATH unfortunately
But all it actually does is cause the Makefile.perl to embed the rpath
"" instead. Which is still an rpath, only I guess an even worse one.
--
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User
This is because it cleared the setting of the variable LD_RUN_PATH
which was expanded in the command
$(INST_DYNAMIC) : $(OBJECT) $(MYEXTLIB) $(INST_ARCHAUTODIR)$(DFSEP).exists $(EXPORT_LIST) $(PERL_ARCHIVEDEP) $(PERL_ARCHIVE_AFTER) $(INST_DYNAMIC_DEP)
$(RM_F) $@
LD_RUN_PATH="$(LD_RUN_PATH)" $(LD) $(LDDLFLAGS) $(LDFROM) $(OTHERLDFLAGS) -o $@ $(MYEXTLIB) \
$(PERL_ARCHIVE) $(LDLOADLIBS) $(PERL_ARCHIVE_AFTER) $(EXPORT_LIST) \
$(INST_DYNAMIC_FIX)
$(CHMOD) $(PERM_RWX) $@
resulting in LD_RUN_PATH="" being passed to the command.
Finish removing LD_RUN_PATH from Makefile.perl by removing it from
the command invocation if it is present.
Note: we use \x24 instead of $ in the regex as there seems to be a bug
and no level of escaping $ would allow it to be used.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/207
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
(cherry picked from commit 958cc28876)
2.10: Add basic support for abi rules to the tools
Add basic "understand and keep" support for abi rules, where
"understand" means to not error out when seeing an abi rule, and "keep"
simply means to keep the original abi rule when serializing a profile.
On the long term, abi rules should be parsed (similar to include rules),
but for now, this patch is the smallest possible changeset and easy to
backport.
Note that the only added test is via cleanprof_test.* which is used by
minitools_test.py - and does not run if you do a 'make check'.
Oh, and of course the simple_tests/abi/ files also get parsed by
test-parser-simple-tests.py.
BTW: Even serialize_profile_from_old_profile() can handle abi rules ;-)
This is a backport of 072d3e04 / !202 (merged) to
2.10 (with some adjustments because that commit didn't appy cleanly)
PR: https://gitlab.com/apparmor/apparmor/merge_requests/225
Acked-by: John Johansen <john.johansen@canonical.com>
parser: fix Makefile hardcoded paths to flex and bison
Closes#4
See merge request apparmor/apparmor!224
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.10..master
(cherry picked from commit 34cf085036)
17e059a2 parser: fix Makefile hardcoded paths to flex and bison
Add basic "understand and keep" support for abi rules, where
"understand" means to not error out when seeing an abi rule, and "keep"
simply means to keep the original abi rule when serializing a profile.
On the long term, abi rules should be parsed (similar to include rules),
but for now, this patch is the smallest possible changeset and easy to
backport.
Note that the only added test is via cleanprof_test.* which is used by
minitools_test.py - and does _not_ run if you do a 'make check'.
Oh, and of course the simple_tests/abi/ files also get parsed by
test-parser-simple-tests.py.
BTW: Even serialize_profile_from_old_profile() can handle abi rules ;-)
This is a backport of 072d3e0451 / !202 to
2.10 (with some adjustments because that commit didn't appy cleanly)
This excludes the /etc/apparmor.d/cache.d/ directory from aa-logprof
parsing because parsing the binary cache, well, takes a while :-/
Reported on the opensuse-factory mailinglist by Frank Krüger and
confirmed by others.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/222
(cherry picked from commit 5b9497a8c6)
(cherry picked from commit cdaf5075cb)
Signed-off-by: John Johansen <john.johansen@canonical.com>
make 2.10 utils tests green
- mark path with "\o" as known-failing in the utils
- remove non-failing tests from unknown_line exception
- exclude several #include "does not exist" examples
- switch minitools_test.py to a profile without alternation
PR: https://gitlab.com/apparmor/apparmor/merge_requests/221
Acked-by: John Johansen <john.johansen@canonical.com>
Add missing paths to usr.sbin.nmbd, usr.sbin.smbd and abstractions/samba
See merge request apparmor/apparmor!210
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.10..master
(cherry picked from commit f76a718f28)
80e98f2d Update usr.sbin.nmbd & usr.sbin.smbd
This test was added with commit 5bae654061
(before test-parser-simple-tests.py was added).
Sadly bisecting is close to impossible because of the other issues that
broke the 2.10 tests, therefore I'll accept one "strange" test breakage
in this old branch.
bare_include_tests/ok_30.sd and ok_31.sd don't fail with the 2.10 tools.
Remove them from the unknown_line exception.
(Interestingly newer branches (2.12+) fail on these tests, but I didn't check why.)
These tests were added with the cherry-picked commit 4184b0c363
They are expected to fail, but don't fail with the 2.10 tools because
the regex only matches #include <...> which means #include "..."
is considered to be a comment.
Qt GUI applications that uses "platforminputcontexts"-class of plugins
might need reading and/or writing compose cache. Add read-only rule in
qt5 abstraction and create new writing dedicated for compose cache
writing.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/159
(cherry picked from commit 67816c42cf)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Qt-based applications stores QFileDialog (latest browsed directory) and
other shared user settings inside ~/.config/QtProject.conf. Currently
available qt abstraction only allows to read it (by design), so this
patch introduces abstraction that grants permissions for writing.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/159
(cherry picked from commit 69c4cabb93)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Harden abstractions part ii
- abstractions/private-files: disallow access to the dirs of private files
- private-files{,-strict}: disallow writes to parent dirs too
- user-files: disallow writes to parents dirs
PR: https://gitlab.com/apparmor/apparmor/merge_requests/206
Signed-off-by: John Johansen <john.johansen@canonical.com>
* Add -bin suffix to reach new Thunderbird executable.
(cherry picked from commit 7546413b43)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Harden abstractions
remove antiquated abstractions/launchpad-integration
abstractions/private-files-strict: disallow access to the dirs of private files
abstractions/private-files: disallow writes to thumbnailer dir (LP: #1788929)
ubuntu-browsers.d/user-files: disallow access to the dirs of private files
Nominating launchpad-integration and opencl-nvidia for 2.13. Nominating private-files-strict, private-files and user-files for 2.10 and higher
PR: https://gitlab.com/apparmor/apparmor/merge_requests/203
Signed-off-by: John Johansen <john.johansen@canonical.com>
Move README to README.md to provide better integration with gitlab
and sync changes from master branch so we have badges, build info
etc.
Signed-off-by: John Johansen <john.johansen@canonical.com>
This patch supports rolling a tarball for a release, as well as doing
'make tag'. Only stuff that's been committed should get incorporated
into the tarball.
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 0b719e4f86)
The URL redirect ends up at a page in the new wiki that doesn't exist.
We have to link directly to the gitlab URL here since the current URL
redirect doesn't let us use a wiki.apparmor.net URL and still reach the
expected Profiles page.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Allow /usr/local/lib/python3/dist-packages in abstractions/python
See merge request apparmor/apparmor!160
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.10..master
(cherry picked from commit 763a6787d8)
6a10f076 Allow /usr/local/lib/python3/dist-packages in abstractions/python
use_group is only honored if it is defined.
The "real" permission check is reading the logfile - the group check
in aa-notify is just an annoying additional check, and the default
"admin" only works on Ubuntu (other distributions typically use
"wheel").
This commit comments out use_group in the default config, which allows
everybody to use aa-notify. Permissions for reading the log file are of
course still needed.
PR: https://gitlab.com/apparmor/apparmor/merge_requests/82
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1058787
(cherry picked from commit 86ec3dd658)
Acked-by: Christian Boltz <apparmor@cboltz.de>
Signed-off-by: John Johansen <john.johansen@canonical.com>
parse_profile_start(): Error out on nested child profiles
See merge request apparmor/apparmor!136
Acked-by: John Johansen <john.johansen@canonical.com> for 2.10..master
(cherry picked from commit b7a4f37cbb)
8462c39b parse_profile_start(): Error out on nested child profiles
Writing a "link subset" rule missed a space, which resulted in something
like
link subset/foo -> /bar,
Also add a test rule to tests/cleanprof.* to ensure this doesn't break
again.
[Fixed up cleanprof_test.out to handle conflicting difference -- @smb]
(cherry picked from commit 514535608f)
Acked-by: Steve Beattie <steve@nxnw.org>
PR: https://gitlab.com/apparmor/apparmor/merge_requests/117
Merge branch 'sh-helper-read-locale' into 'master'
See merge request apparmor/apparmor!76
Signed-off-by: Steve Beattie <steve@nxnw.org>
(cherry picked from commit 130958a4a4)
2bc64070 tests: Allow shell helper test read the locale
set DBUS_SESSION_BUS_ADDRESS, needed by notify-send
See merge request apparmor/apparmor!53
Acked-by: intrigeri <intrigeri@debian.org> for 2.9..master
(cherry picked from commit 0eefeeb0e7)
cb5cdf26 set DBUS_SESSION_BUS_ADDRESS, needed by notify-send
Update base abstraction for ld.so.conf and friends.
See merge request apparmor/apparmor!62
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.9..master
(cherry picked from commit e88af93322)
6d22c871 Update base abstraction for ld.so.conf and friends.
The tools don't support having multiple rules in one line (they expect
\n after each rule), therefore mark some of the bare_include_tests as
known failures.
(cherry picked from commit 26af640fda)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Some of the regression tests are missing conditionals or have the
wrong conditionals so that they fail on current upstream kernels.
Fix this by adding and changing conditionals and requires where
appropriate. With the patches the tests report passing on 4.14 and
4.15 kernels.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Time out
(cherry picked from commit 6f1d054468)
This is a minimal patch to add conditional includes to the profile
language.
The syntax for conditional includes is similar to regular includes
except with the addition of "if exists" after "include"
include if exists <foo/bar>
include if exists "foo/bar"
include if exists "/foo/bar"
include if exists foo/bar
Note: The patch is designed to be backportable with minimum
effort. Cleanups and code refactoring are planned for follow up
patches that won't be back ported.
Signed-off-by: John Johansen <john.johansen@canonical.com>
(back-ported from commit 2ea3309942)
Conflicts:
parser/parser_lex.l
This is a minimal patch so that it can be backported to 2.11 and 2.10
which reverts the abort on error failure when the cache can not be
created and write-cache is set.
This is meant as a temporary fix for
https://bugzilla.suse.com/show_bug.cgi?id=1069906https://bugzilla.opensuse.org/show_bug.cgi?id=1074429
where the cache location is being mounted readonly and the cache
creation failure is causing policy to not be loaded. And the
thrown parser error to cause issues for openQA.
Note: A cache failure warning will be reported after the policy load.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz apparmor@cboltz.de
(cherry picked from commit 42b68b65fe1861609ffe31e05be02a007d11ca1c)
Fix local pulseaudio config file access
See merge request apparmor/apparmor!38
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.9..trunk
(cherry picked from commit 6713f9d94a)
f73627cb Fix local pulseaudio config file access
Fix signal sending for usr.sbin.dovecot
See merge request apparmor/apparmor!36
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.9..trunk
(cherry picked from commit 6db30f8faf)
9f24650e Fix signal sending for usr.sbin.dovecot
Exit rather than returning from shell snippets in Makefiles. It is
reported that returning causes the following error message with bash:
/bin/sh: line 4: return: can only `return' from a function or sourced script
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Christian Boltz <apparmor@cboltz.de>
Don't print a literal '\n' in aa-remove-unknown help
See merge request apparmor/apparmor!21
Acked-by: Tyler Hicks tyhicks@canonical.com for 2.9..trunk
(cherry picked from commit 3d40bc6f23)
4d4228d1 Don't print a literal '\n' in aa-remove-unknown help
Let read_inactive_profiles() do nothing when calling it the second time
See merge request apparmor/apparmor!17
(cherry picked from commit 794d1c4a07)
b307e535 Let read_inactive_profiles() do nothing when calling it the second time
allow dac_read_search and dac_override for dovecot/auth
See merge request apparmor/apparmor!14
Acked-by: Seth Arnold <seth.arnold@canonical.com> for 2.9, 2.10, 2.11 and trunk
(cherry picked from commit 42bd81df01)
6f6b3c57 allow dac_read_search and dac_override for dovecot/auth
Allow to read pulseaudio config subdirectories
See merge request apparmor/apparmor!12
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.9, 2.10, 2.11 and trunk
(cherry picked from commit 4b8b08562a)
9658471d Allow to read pulseaudio config subdirectories
https://launchpad.net/bugs/1546455
Don't filter out AF_UNSPEC from the list of valid protocol families so
that the parser will accept rules such as 'network unspec,'.
There are certain syscalls, such as socket(2), where the LSM hooks are
called before the protocol family is validated. In these cases, AppArmor
was emitting denials even though socket(2) will eventually fail. There
may be cases where AF_UNSPEC sockets are accepted and we need to make
sure that we're mediating those appropriately.
cherry-pick: r3376
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Suggested-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
[cboltz: Add 'unspec' to the network domain keywords of the utils]
Merge from trunk revision 3715
The added testcase for a ptrace target with an empty string
(ptrace_garbage_lp1689667_1.in) was causing the swig python test script
to fail. The generated python swig record for libapparmor ends up
setting a number of fields to None or other values that indicate the
value is unset, and the test script was checking if the value in the
field didn't evaluate to False in a python 'if' test.
Unfortunately, python evaluates the empty string '' as False in 'if'
tests, resulting in the specific field that contained the empty string
to be dropped from the returned record. This commit fixes that by
special case checking for the empty string.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix rules
however this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.
cherry-pick: lp:apparmor r3700
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: timeout
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1057900
------------------------------------------------------------
revno: 3690 [merge]
committer: Steve Beattie <sbeattie@ubuntu.com>
branch nick: apparmor
timestamp: Wed 2017-08-09 08:57:36 -0700
message:
traceroute profile: support TCP SYN for probes, quite net_admin request
Merge from Vincas Dargis, approved by intrigeri.
fix traceroute denies in tcp mode
Acked-by: Steve Beattie <steve@nxnw.org>
------------------------------------------------------------
Backport to 2.10 and 2.9 branch
Acked-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
'smc' seems to be new in kernel 4.12.
Note that the 2.10 apparmor.d manpage also misses the 'kcm' keyword, so
the patch also adds it there.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.11 and 2.10.
The Samba package used by the INVIS server (based on openSUSE) needs
some additional Samba permissions for the added ActiveDirectory /
Kerberos support.
As discussed with Seth, add /var/lib/sss/mc/initgroups read permissions
to abstractions/nameservice instead of only to the smbd profile because
it's probably needed by more than just Samba if someone uses sss.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for 2.9, 2.10, 2.11 and trunk.
- change abstractions/postfix-common to allow /etc/postfix/*.db k
- add several permissions to postfix/error, postfix/lmtp and postfix/pipe
- remove superfluous abstractions/kerberosclient from all postfix
profiles - it's included via abstractions/nameservice
Acked-by: Seth Arnold <seth.arnold@canonical.com> for 2.9, 2.10, 2.11 and trunk
2.10 branch r3387 and 2.9 branch r3052 (Ignore change_hat events
with error=-1 and "unconfined can not change_hat") accidently added
unconfined-change_hat.profile to the test_multi directory.
2.9 and 2.10 don't support the test_multi *.profile files and error out
in the tests saying "Found unknown file unconfined-change_hat.profile",
therefore delete this file.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This option exists in several aa-* tools since 2.9, but isn't mentioned
in the manpage.
Also drop some trailing whitespace in the manpages.
Acked-by: John Johansen <john.johansen@canonical.com>
for 2.9, 2.10, 2.11 and trunk.
Description: adjust the multiarch alternation rule in the perl abstraction for
modern Debian and Ubuntu systems which store some modules under the
architecture-specific perl-base directory instead of perl or perl5.
Signed-Off-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
dovecot-lda needs
- the attach_disconnected flags
- read access to /usr/share/dovecot/protocols.d/
- rw for /run/dovecot/auth-userdb
References: https://bugs.launchpad.net/bugs/1650827
Acked-by: Steve Beattie <steve@nxnw.org> for 2.9, 2.10 and trunk.
https://launchpad.net/bugs/1668892
This patch creates a new utility, with the code previously used in the
init script 'restart' action, that removes unknown profiles which are
not found in /etc/apparmor.d/. The functionality was removed from the
common init script code in the fix for CVE-2017-6507.
The new utility prints a message containing the name of each unknown
profile before the profiles are removed. It also supports a dry run mode
so that an administrator can check which profiles will be removed before
unloading any unknown profiles.
If you backport this utility with the fix for CVE-2017-6507 to an
apparmor 2.10 release and your backported aa-remove-unknown utility is
sourcing the upstream rc.apparmor.functions file, you'll want to include
the following bug fix to prevent the aa-remove-unknown utility from
removing child profiles that it shouldn't remove:
r3440 - Fix: parser: incorrect output of child profile names
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
CVE-2017-6507
https://launchpad.net/bugs/1668892
The common AppArmor 'restart' code used by some init scripts, upstart
jobs, and/or systemd units contained functionality that is no longer
appropriate to retain. Any profiles not found /etc/apparmor.d/ were
assumed to be obsolete and were unloaded. That behavior became
problematic now that there's a growing number of projects that maintain
their own internal set of AppArmor profiles outside of /etc/apparmor.d/.
It resulted in the AppArmor 'restart' code leaving some important
processes running unconfined. A couple examples are profiles managed by
LXD and Docker.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
That's much better than crashing aa-logprof ;-) (use the log line in
the added testcase if you want to see the crash)
Reported by pfak on IRC.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
Starting with python 3.6, the re.LOCALE flag can only be used with byte
patterns, and errors out if used with str. This patch removes the flag
in get_translated_hotkey().
References: https://bugs.launchpad.net/apparmor/+bug/1661766
Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
merge from trunk commit revision 3630
In the environ regression test, when the exec() of the child process
fails, we don't report FAIL to stdout, so the regression tests consider
it an error rather than a failure and abort, short-circuiting the
test script.
This commit fixes this by emitting the FAIL message when the result
from the wait() syscall indicates the child process did not succeed.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Some of the /usr/lib/dovecot/* rules already have mrPx permissions,
while others don't.
With a more recent kernel, I noticed that at least auth, config, dict,
lmtp, pop3 and ssl-params need mrPx instead of just Px (confirmed by the
audit.log and actual breakage caused by the missing mr permissions).
The mr additions for anvil, log and managesieve are just a wild guess,
but I would be very surprised if they don't need mr.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
Add several permissions to the dovecot profiles that are needed on ubuntu
(surprisingly not on openSUSE, maybe it depends on the dovecot config?)
As discussed some weeks ago, the added permissions use only /run/
instead of /{var/,}run/ (which is hopefully superfluous nowadays).
References: https://bugs.launchpad.net/apparmor/+bug/1512131
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
It was reported that converting the netstat command to examine
processes bound to ipv6 addresses broke on OpenSUSE due to the version
of nettools not supporting the short -4 -6 arguments.
This patch fixes the invocation of netstat to use the "--protocol
inet,inet6" arguments instead, which should return the same results
as the short options.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
ldd exits with $? == 1 if a file is 'not a dynamic executable'.
This is correct behaviour of ldd, so we should handle it instead of
raising an exception ;-)
[not in 2.9 and 2.10] Also extend fake_ldd and add a test to test-aa.py to cover this.
Note that 2.10 and 2.9 don't have tests for get_reqs() nor fake_ldd,
so those branches will only get the aa.py changes.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9.
nmbd needs some additional permissions:
- k for /var/cache/samba/lck/* (via abstractions/samba)
- rw for /var/cache/samba/msg/ (the log only mentioned r, but that
directory needs to be created first)
- w for /var/cache/samba/msg/* (the log didn't indicate any read access)
Reported by FLD on IRC, audit log on https://paste.debian.net/902010/
Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
openSUSE uses "php7" (not just "php") in several paths, so also allow that.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9.
Sometimes network events come with an operation keyword looking like
file_perm which makes them look like file events. Instead of ignoring
these events (which was a hotfix to avoid crashes), improve the type
detection.
In detail, this means:
- replace OPERATION_TYPES (which was basically a list of network event
keywords) with OP_TYPE_FILE_OR_NET (which is a list of keywords for
file and network events)
- change op_type() parameters to expect the whole event, not only the
operation keyword, and rebuild the type detection based on the event
details
- as a side effect, this simplifies the detection for file event
operations in parse_event_for_tree()
- remove workaround code from parse_event_for_tree()
Also add 4 new testcases with log messages that were ignored before.
References:
a) various bugreports about crashes caused by unexpected operation keywords:
https://bugs.launchpad.net/apparmor/+bug/1466812https://bugs.launchpad.net/apparmor/+bug/1509030https://bugs.launchpad.net/apparmor/+bug/1540562https://bugs.launchpad.net/apparmor/+bug/1577051https://bugs.launchpad.net/apparmor/+bug/1582374
b) the summary bug for this patch
https://bugs.launchpad.net/apparmor/+bug/1613061
Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.10.
Note: in 2.10, the test_multi/*.profile files are unexpected and not
checked because this part of the tests is trunk-only, therefore I don't
include them.
dev head -r3592
aa-unconfined currently does not check/display ipv6 fix this
and -r3593
In testing, I did notice one thing not getting turned up, from
netstat -nlp46 output:
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
On servers with not too much memory ("only" 16 GB), dovecot logins fail:
Nov 25 21:35:15 server dovecot[28737]: master: Fatal: setrlimit(RLIMIT_DATA, 268435456): Permission denied
Nov 25 21:35:15 server dovecot[28731]: master: Error: service(auth): command startup failed, throttling for 2 secs
Nov 25 21:35:15 server dovecot[28737]: auth: Fatal: master: service(auth): child 25976 returned error 89 (Fatal failure)
audit.log messages are:
... apparmor="DENIED" operation="capable" profile="/usr/sbin/dovecot" pid=25000 comm="dovecot" capability=24 capname="sys_resource"
... apparmor="DENIED" operation="setrlimit" profile="/usr/sbin/dovecot" pid=25000 comm="dovecot" rlimit=data value=268435456
After allowing capability sys_resource, dovecot can increase the limit
and works again.
Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
Storing these event details depending on the operation type only makes
things more difficult because it's hard to differenciate between file
and network events.
Note that this happens at the first log parsing stage (libapparmor log
event -> temporary python array) and therefore doesn't add a serious
memory footprint. The event tree will still only contain the elements
relevant for the actual event type.
This change means that lots of testcases now get 3 more fields (all
None) when testing parse_event(), so update all affected testcases.
(test-network doesn't need a change for probably obvious reasons.)
Also rename a misnamed test in test-change_profile.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.
Note: 2.10 has fewer rule classes, therefore less test-*.py files need
to be changed. Also, I had to slightly adjust the logparser.py patch
because 2.10 doesn't have support for signal events.
The latest glibc (including nscd) in openSUSE Tumbleweed comes with
glibc-2.3.3-nscd-db-path.diff: Move persistent nscd databases to
/var/lib/nscd
This needs updates (adding /var/lib/nscd/) to abstractions/nameservice
and the nscd profile.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9
nmbd, winbindd (and most probably also smbd - but it has a more
permissive profile that already allows this) need rw access to
/var/cache/samba/lck/* on Debian 8.6.
Reported by FLD on IRC.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9
The apparmor.d description about alias rules was broken in multiple
ways. The manpage
- didn't include the alias keyword
- listed alias rules in the "COMMA RULES" section - while that's correct
for the comma requirement, it's also wrong because COMMA RULES is
meant to be inside a profile
- didn't list alias rules in the PREAMBLE section
This patch fixes this.
It also moves the definition of VARIABLE, VARIABLE ASSIGNMENT (both
unchanged) and ALIAS RULE next to PREAMBLE.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10
Merge from trunk revision 3582.
Fix import errors with swig > 3.0.8 with the libapparmor python
bindings. Do this by removing the code to rename the generated
LibAppArmor.py, and instead use a stub __init__.py that automatically
imports everything from LibAppArmor.py. Also adjust bzrignore to
compensate for the autogenerated file name changing.
Bug: https://bugzilla.opensuse.org/show_bug.cgi?id=987607
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Newer kernels need m permissions for the binary the profile covers,
so add it before someone hits this problem in the wild ;-)
Also add a note that the mlmmj-recieve profile is probably superfluous
because upstream renamed the misspelled binary.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9
This patch updates the mlmmj profiles in the extras directory to the
profiles that are used on lists.opensuse.org now. Besides adding lots
of trailing slashes for directories, several permissions were added.
Also, usr.bin.mlmmj-receive gets added - it seems upstream renamed
mlmmj-recieve to fix a typo.
These profiles were provided by Per Jessen.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1000201
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
Merged from trunk commit 3566.
Add a basic wayland abstraction.
Include the wayland abstraction from the gnome one.
This is the least invasive solution to the problem I'm trying to
solve right now (Evince not starting in GNOME on Wayland, and probably
similar issues for other GNOME applications I suppose).
Bug: https://bugs.debian.org/827335
Bug: https://bugs.debian.org/807880
These files are needed for disk-based buffering (added in syslog-ng 3.8).
This was reported to me by Peter Czanik, one of the syslog-ng developers.
Note: I'm not sure about adding @{CHROOT_BASE} to this rule, so for now
I prefer not to do it - adding it later is easy, but finding out if it
could be removed is hard ;-)
Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9.
- dovecot/auth: allow to read stats-user
- dovecot/config: allow to read /usr/share/dovecot/**
- dovecot/imap: allow to ix doveconf, read /etc/dovecot/ and
/usr/share/dovecot/**
These things were reported by Félix Sipma in Debian Bug#835826
(with some help from sarnold on IRC)
References: https://bugs.debian.org/835826
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
Also allow reading ~/.dovecot.svbin (that's the default filename in the
dovecot config) in dovecot/lmtp profile.
(*.svbin files can probably also appear inside @{DOVECOT_MAILSTORE}, but
that's already covered by the existing rules.)
References: https://bugs.debian.org/835826 (again)
Acked-by: John Johansen <john.johansen@canonical.com> for trunk, 2.10 and 2.9
The latest version of pyflakes (1.3.0 / python 3.5) complains that
CMD_CONTINUE is defined twice in ui.py (with different texts).
Funnily CMD_CONTINUE isn't used anywhere, so we can just drop both.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9
The switch to FileRule made some bugs visible that survived unnoticed
with hasher for years.
If aa-logprof sees an exec event for a non-existing profile _and_ a
profile file matching the expected profile filename exists in
/etc/apparmor.d/, it asks for the exec mode nevertheless (instead of
being silent). In the old code, this created a superfluous entry
somewhere in the aa hasher, and caused the existing profile to be
rewritten (without changes).
However, with FileRule it causes a crash saying
File ".../utils/apparmor/aa.py", line 1335, in handle_children
aa[profile][hat]['file'].add(FileRule(exec_target, file_perm, exec_mode, rule_to_name, owner=False, log_event=True))
AttributeError: 'collections.defaultdict' object has no attribute 'add'
This patch makes sure exec events for unknown profiles get ignored.
Reproducer:
python3 aa-logprof -f <(echo 'type=AVC msg=audit(1407865079.883:215): apparmor="ALLOWED" operation="exec" profile="/sbin/klogd" name="/does/not/exist" pid=11832 comm="foo" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/sbin/klogd//null-1"')
This causes a crash without this patch because
/etc/apparmor.d/sbin.klogd exists, but has
profile klogd /{usr/,}sbin/klogd {
References: https://bugs.launchpad.net/bugs/1379874
Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
*** *** *** backport
*** *** *** --fixes lp:1379874
In 2011 (r1803), the traceroute profile was changed to also match
/usr/bin/traceroute.db:
/usr/{sbin/traceroute,bin/traceroute.db} {
However, permissions for /usr/bin/traceroute.db were never added.
This patch fixes this.
While on it, also change the /usr/sbin/traceroute permissions from
rmix to the less confusing mrix.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
Fixes build error when attempting to build and test the 2.10.95 release
on Ubuntu 14.04:
$ (cd libraries/libapparmor/ && ./autogen.sh && ./configure && \
make && make check) > /dev/null
...
libtool: Version mismatch error. This is libtool 2.4.6 Debian-2.4.6-0.1, but the
libtool: definition of this LT_INIT comes from libtool 2.4.2.
libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6 Debian-2.4.6-0.1
libtool: and run autoconf again.
make[2]: *** [grammar.lo] Error 63
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1
The --force option is needed to regenerate the libtool file in
libraries/libapparmor/.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This turned out to be a simple case of misinterpreting the promptUser()
result - it returns the answer and the selected option, and
"surprisingly" something like
('CMD_ADDHAT', 0)
never matched
'CMD_ADDHAT'
;-)
I also noticed that the new hat doesn't get initialized as
profile_storage(), and that the changed profile doesn't get marked as
changed. This is also fixed by this patch.
References: https://bugs.launchpad.net/apparmor/+bug/1538306
Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
pyflakes3 doesn't check sys.version and therefore complains about
'unicode' being undefined.
This patch defines unicode as alias of str to make pyflakes3 happy, and
as a side effect, simplifies type_is_str().
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.
By calling self.delete() inside the delete_duplicates() loop, the
self.rules list was modified. This resulted in some rules not being
checked and therefore (some, not all) superfluous rules not being
removed.
This patch switches to a temporary variable to loop over, and rebuilds
self.rules with the rules that are not superfluous.
This also fixes some strange issues already marked with a "Huh?" comment
in the tests.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.
Note that in 2.10 cleanprof_test.* doesn't contain a ptrace rule,
therefore the cleanprof_test.out change doesn't make sense for 2.10.
Network events can come with an operation= that looks like a file event.
Nevertheless, if the event has a typical network parameter (like
net_protocol) set, make sure to store the network-related flags in ev.
This fixes the test failure introduced in my last commit.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for trunk, 2.10 and 2.9
We already ignore network events that look like file events (based on
the operation keyword) if they have a request_mask of 'send' or
'receive' to avoid aa-logprof crashes because of "unknown" permissions.
It turned out that both can happen at once, so we should also ignore
this case.
Also add the now-ignored log event as test_multi testcase.
References: https://bugs.launchpad.net/apparmor/+bug/1577051#13
Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk, 2.10 and 2.9.
Date: Tue, 21 Jun 2016 18:18:45 +0100
Subject: abstractions/nameservice: also support ConnMan-managed resolv.conf
Follow the same logic we already did for NetworkManager,
resolvconf and systemd-resolved. The wonderful thing about
standards is that there are so many to choose from.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[modified by sarnold to fit the surroundings]
Thanks to reading the wrong directory in read_inactive_profiles()
(profile_dir instead of extra_profile_dir), aa-genprof never asked about
using a profile from the extra_profile_dir.
Sounds like an easy fix, right? ;-)
After fixing this (last chunk), several other errors popped up, one
after the other:
- get_profile() missed a required parameter in a serialize_profile() call
- when saving the profile, it was written to extra_profile_dir, not to
profile_dir where it (as a now-active profile) should be. This is
fixed by removing the filename from existing_profiles{} so that it can
pick up the default name.
- CMD_FINISHED (when asking if the extra profile should be used or a new
one) behaved exactly like CMD_CREATE_PROFILE, but this is surprising
for the user. Remove it to avoid confusion.
- displaying the extra profile was only implemented in YaST mode
- get_pager() returned None, not an actual pager. Since we have 'less'
hardcoded at several places, also return it in get_pager()
Finally, also remove CMD_FINISHED from the get_profile() test in
test-translations.py.
(test-translations.py is only in trunk, therefore this part of the patch
is obviously trunk-only.)
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk
Acked-by: John Johansen <john.johansen@canonical.com> for trunk + a 50% ACK for 2.10 and 2.9
Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for trunk, 2.10 and 2.9
The latest iputils merged ping and ping6 into a single binary that does
both IPv4 and IPv6 pings (by default, it really does both).
This means we need to allow network inet6 raw in the ping profile.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=980596
(contains more details and example output)
Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 4 May 2016 13:48:36 +0100
Subject: dbus-session-strict: allow access to the user bus socket
If dbus is configured with --enable-user-bus (for example in the
dbus-user-session package in Debian and its derivatives), and the user
session is started with systemd, then the "dbus-daemon --session" will be
started by "systemd --user" and listen on $XDG_RUNTIME_DIR/bus. Similarly,
on systems where dbus-daemon has been replaced with kdbus, the
bridge/proxy used to provide compatibility with the traditional D-Bus
protocol listens on that same socket.
In practice, $XDG_RUNTIME_DIR is /run/user/$uid on all systemd systems,
where $uid represents the numeric uid. I have not used /{var/,}run here,
because systemd does not support configurations where /var/run and /run
are distinct; in practice, /var/run is a symbolic link.
Based on a patch by Sjoerd Simons, which originally used the historical
path /run/user/*/dbus/user_bus_socket. That path was popularized by the
user-session-units git repository, but has never been used in a released
version of dbus and should be considered unsupported.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 11 May 2016 13:52:56 +0100
Subject: syscall_sysctl test: correctly skip if CONFIG_SYSCTL_SYSCALL=n
This test attempts to auto-skip the sysctl() part if that syscall
was not compiled into the current kernel, via
CONFIG_SYSCTL_SYSCALL=n. Unfortunately, this didn't actually work,
for two reasons:
* Because "${test} ro" wasn't in "&&", "||", a pipeline or an "if",
and it had nonzero exit status, the trap on ERR was triggered,
causing execution of the error_handler() shell function, which
aborts the test with a failed status. The rules for ERR are the
same as for "set -e", so we can circumvent it in the same ways.
* Because sysctl_syscall.c prints its diagnostic message to stderr,
but the $() operator only captures stdout, it never matched
in the string comparison. This is easily solved by redirecting
its stderr to stdout.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Variables can be used in several rule types (from the existing *Rule
classes: change_profile, dbus, ptrace, signal). It seems nobody uses
variables with those rules, otherwise we'd have received a bugreport ;-)
I noticed this while working on FileRule, where usage of variables is
more common. The file code in bzr (not using a *Rule class) already
loads the variables, so old versions don't need changes for file rule
handling.
However, 2.10 already has ChangeProfileRule and therefore also needs
this fix.
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.
[](https://gitlab.com/apparmor/apparmor/pipelines)
[](https://bestpractices.coreinfrastructure.org/projects/1699)
------------
Introduction
------------
@@ -17,9 +23,27 @@ library, available under the LGPL license, which allows change_hat(2)
and change_profile(2) to be used by non-GPL binaries).
For more information, you can read the techdoc.pdf (available after
building the parser) and by visiting the http://apparmor.net/ web
building the parser) and by visiting the https://apparmor.net/ web
site.
----------------
Getting in Touch
----------------
Please send all complaints, feature requests, rants about the software,
@@ -138,7 +138,7 @@ my $ratelimit_saved = sysctl_read($ratelimit_sysctl);
END { sysctl_write($ratelimit_sysctl, $ratelimit_saved); }
sysctl_write($ratelimit_sysctl, 0);
UI_Info(gettext("\nBefore you begin, you may wish to check if a\nprofile already exists for the application you\nwish to confine. See the following wiki page for\nmore information:\nhttp://wiki.apparmor.net/index.php/Profiles"));
UI_Info(gettext("\nBefore you begin, you may wish to check if a\nprofile already exists for the application you\nwish to confine. See the following wiki page for\nmore information:\nhttps://gitlab.com/apparmor/apparmor/wikis/Profiles"));
UI_Important(gettext("Please start the application to be profiled in \nanother window and exercise its functionality now.\n\nOnce completed, select the \"Scan\" button below in \norder to scan the system logs for AppArmor events. \n\nFor each AppArmor event, you will be given the \nopportunity to choose whether the access should be \nallowed or denied."));
@@ -195,7 +195,7 @@ for my $p (sort keys %helpers) {
}
UI_Info(gettext("Reloaded AppArmor profiles in enforce mode."));
UI_Info(gettext("\nPlease consider contributing your new profile! See\nthe following wiki page for more information:\nhttp://wiki.apparmor.net/index.php/Profiles\n"));
UI_Info(gettext("\nPlease consider contributing your new profile! See\nthe following wiki page for more information:\nhttps://gitlab.com/apparmor/apparmor/wikis/Profiles\n"));
UI_Info(sprintf(gettext('Finished generating profile for %s.'), $fqdbin));
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
