mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 05:17:59 +00:00
Code Issues Releases Wiki Activity
apparmor/parser
History
John Johansen d22a867723 Fix compilation of audit modifiers 
This fixes the incorrect compilation of audit modifiers for exec and
pivot_root as detailed in

https://launchpad.net/bugs/1431717
https://launchpad.net/bugs/1432045

The permission accumulation routine on the backend was incorrectly setting
the audit mask based off of the exec type bits (info about the exec) and
not the actual exec permission.

This bug could have also caused permissions issues around overlapping exec
generic and exact match exec rules, except the encoding of EXEC_MODIFIERS
ensured that the
  exact_match_allow & AA_USER/OTHER_EXEC_TYPE
  test would never fail for a permission accumulation with the exec permission
  set.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
2015-03-18 10:05:55 -07:00
..
libapparmor_re
Fix compilation of audit modifiers
2015-03-18 10:05:55 -07:00
po
Entire tree: makefile cruft removal
2015-01-23 15:52:09 -08:00
tst
split flags_bad5.sd parser test into multiple tests
2015-03-02 19:56:07 +01:00
af_rule.cc
parser: fix more gcc 5 compilation problems
2015-02-26 14:55:13 -08:00
af_rule.h
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
af_unix.cc
And the related patch to fix globbing for af_unix abstract names
2015-02-12 10:19:16 -08:00
af_unix.h
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
apparmor_parser.pod
Document the ability for apparmor_parser to load profiles from a dir
2014-10-20 13:38:24 -04:00
apparmor.d.pod
delete traces of program-chunks directory from apparmor.d(5)
2015-02-26 18:44:22 +01:00
apparmor.pod
can ?not fix apparmor.pod
2013-12-12 03:07:37 +01:00
common_optarg.c
Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs
2014-04-23 11:10:41 -07:00
common_optarg.h
Split dfa optimization and dump flag handling into a separate file so that it can be shared with DFA test programs
2014-04-23 11:10:41 -07:00
COPYING.GPL
rpmlint complains about an outdated FSF address in parser/COPYING.GPL.
2011-11-27 13:52:06 +01:00
dbus.cc
This should fix a gcc 5 build failure (untested) with os << .. << os
2015-02-12 13:20:57 -08:00
dbus.h
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
frob_slack_rc
as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
immunix.h
Remove the old unused ptrace code that snuck in years ago.
2014-03-12 05:02:32 -07:00
lib.c
parser: Fix return value of dirat_for_each()
2015-03-02 09:50:07 -06:00
lib.h
parser: fix i386 breakage on min() argument mismatches
2014-04-17 09:20:40 -07:00
Makefile
rename _clean to pod_clean in Makefiles
2015-01-30 22:15:53 +01:00
mount.cc
And the related patch to fix globbing for af_unix abstract names
2015-02-12 10:19:16 -08:00
mount.h
parser: Clean up the use of MS_REC in mount.h
2014-12-12 08:21:25 -06:00
network.c
Remove unused net_find_af_val function, and network_families array
2015-02-27 16:20:31 +00:00
network.h
Remove unused net_find_af_val function, and network_families array
2015-02-27 16:20:31 +00:00
parser_alias.c
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
parser_common.c
disable downgrade and not enforced rule messages by default
2014-10-08 13:20:20 -07:00
parser_include.c
put the gettext define in one place
2014-08-23 23:50:43 -07:00
parser_include.h
allow directories to be passed to the parser
2013-10-26 00:15:13 -07:00
parser_interface.c
fix: parser: close of fd with value of -1
2014-10-25 16:26:59 -04:00
parser_lex.l
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
parser_main.c
parser: Fix error checking of file opening in features_dir_cb()
2015-03-03 20:28:22 -06:00
parser_merge.c
put the gettext define in one place
2014-08-23 23:50:43 -07:00
parser_misc.c
parser: Fix -Wformat-extra-args warning
2015-03-02 09:50:14 -06:00
parser_policy.c
parser: Fix "PDEBUG" redefined warning
2015-03-02 09:50:17 -06:00
parser_regex.c
And the related patch to fix globbing for af_unix abstract names
2015-02-12 10:19:16 -08:00
parser_symtab.c
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
parser_variable.c
put the gettext define in one place
2014-08-23 23:50:43 -07:00
parser_yacc.y
fix: auditing of capabilities
2014-10-07 12:50:23 -07:00
parser.conf
parser: adjust parser.conf example Include statements
2015-03-09 10:43:13 -07:00
parser.h
parser: Send PDEBUG() to stderr
2015-03-02 09:50:11 -06:00
policydb.h
Add the ability to mediate signals.
2014-04-23 11:35:29 -07:00
profile.cc
parser: first step implementing fine grained mediation for unix domain sockets
2014-09-03 13:22:26 -07:00
profile.h
parser: make flags defintion consistent
2014-09-12 23:53:39 -07:00
ptrace.cc
And the related patch to fix globbing for af_unix abstract names
2015-02-12 10:19:16 -08:00
ptrace.h
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
rc.apparmor.debian
as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
rc.apparmor.functions
Update the copyright dates for the apparmor_parser
2012-02-24 04:21:59 -08:00
rc.apparmor.redhat
as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
rc.apparmor.slackware
as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
rc.apparmor.suse
It looks like rc.apparmor.functions renamed "aa_log_action_begin()" to
2011-09-15 20:20:23 +02:00
README
parser - update README information
2013-10-11 22:14:28 -07:00
README.devel
parser: add some developer documentation
2013-12-10 14:15:02 -08:00
rule.cc
Move C++ files from .c suffix to .cc suffix
2014-05-09 15:34:34 -07:00
rule.h
Add missing rule.[hc] files that should have been part of commit 2449
2014-04-07 11:41:25 -07:00
signal.cc
And the related patch to fix globbing for af_unix abstract names
2015-02-12 10:19:16 -08:00
signal.h
C tools: rename __unused macro to unused
2014-10-02 12:58:54 -07:00
subdomain.conf
Here's an update to rename another chunk of things that still used
2011-01-13 13:58:26 -08:00
subdomain.conf.pod
fix broken URLs in various utils/*.pod files.
2013-09-19 21:17:39 +02:00
techdoc.tex
various changes in building techdoc.tex:
2012-05-09 00:41:06 +02:00
unit_test.h
Convert codomain to a class
2013-09-27 16:16:37 -07:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at http://wiki.apparmor.net

Please send all complaints, feature requests, rants about the software,
and questions to the apparmor@lists.ubuntu.com mailing list. Bug
reports can be filed against the AppArmor project on launchpad.net at
https://launchpad.net/apparmor or reported to the mailing list directly
for those who wish not to register for an account on launchpad.

Security issues can be filed as security bugs on launchpad
or directed to security@ubuntu.com. We will attempt to
conform to the RFP vulnerability disclosure protocol:
http://www.wiretrip.net/rfp/policy.html

Thanks.

-- The AppArmor development team