mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity
apparmor/parser
History
Georgia Garcia dc48e1417d parser: don't add mediation classes to unconfined profiles 
Adding mediation classes in unconfined profiles caused nested profiles
to be mediated, inside a container for example.

As a first step, skip the addition of mediation classes into the dfa.
The creation of unprivileged user namespaces is an exception, where we
always want to mediate it.

Fixes: https://bugs.launchpad.net/apparmor/+bug/2067900

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-06-13 15:22:31 -03:00
..
libapparmor_re
parser: fix regex parser leak on parsing failure
2023-11-23 17:37:46 -03:00
po
translations: update generated pot files
2020-10-14 03:56:38 -07:00
tst
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
aa-teardown
aa-teardown: Replace /bin/bash with /bin/sh
2018-05-05 17:46:19 -07:00
aa-teardown.pod
docs: update documentation to point bug reporting to gitlab
2020-05-05 00:10:53 -07:00
af_rule.cc
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
af_rule.h
parser: rework perms rule merging
2023-07-10 20:04:53 -07:00
af_unix.cc
parser: add ability to specify permission in network rules
2024-02-28 21:42:18 -03:00
af_unix.h
parser: refactor network to use rule class as its base.
2023-09-07 00:12:51 -07:00
all_rule.cc
parser: add fine grained conditionals to network rule
2024-02-29 16:25:59 -03:00
all_rule.h
parser: fix issues appointed by coverity
2024-03-18 10:36:56 -03:00
apparmor_parser.pod
fix typo: aggressive
2024-03-29 10:52:25 +01:00
apparmor_xattrs.pod
apparmor_xattrs.7: fix whatis entry
2020-10-25 11:54:47 +00:00
apparmor.d.pod
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
apparmor.pod
fix typo: globally
2024-03-29 10:57:33 +01:00
apparmor.service
Add Documentation=... to apparmor.service
2023-10-29 10:49:33 +01:00
apparmor.systemd
apparmor.systemd: fix shellcheck false positive
2024-04-30 18:30:01 -03:00
base_af_names.h
Add 'mctp' network domain keyword
2022-02-08 19:09:24 +01:00
base_cap_names.h
parser: Add support for CAP_CHECKPOINT_RESTORE
2020-10-13 21:30:19 -07:00
bignum.h
parser: fix coverity issues found in snapshot 70858
2024-02-28 10:24:08 -03:00
capability.h
parser/capability.h: add missing <cstdint> include
2022-05-23 23:13:14 +01:00
common_flags.h
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
common_optarg.c
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
common_optarg.h
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
COPYING.GPL
rpmlint complains about an outdated FSF address in parser/COPYING.GPL.
2011-11-27 13:52:06 +01:00
dbus.cc
parser: cleanup and rework optimization and dump flag handling
2023-07-07 17:47:41 -07:00
dbus.h
parser: rework perms rule merging
2023-07-10 20:04:53 -07:00
default_features.c
parser: Move to a pre-generated cap_names.h
2020-07-07 09:43:48 -07:00
file_cache.h
Fix comment wording in file_cache.h
2021-05-02 11:29:41 +02:00
frob_slack_rc
as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
immunix.h
parser: int mode to perms
2023-03-29 10:45:44 -07:00
io_uring.cc
parser: add support for a generic all rule type
2023-09-07 01:30:15 -07:00
io_uring.h
parser: add support for a generic all rule type
2023-09-07 01:30:15 -07:00
lib.c
Fix comment typo in parser/lib.c
2021-12-05 18:16:53 +01:00
lib.h
libapparmor: Use directory file descriptor in _aa_dirat_for_each()
2015-06-15 15:11:51 -05:00
Makefile
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
mount.cc
MountRule: sync flags_keywords with parser code
2024-03-03 15:37:59 +01:00
mount.h
parser: add rule dedup of mount rules
2023-07-07 17:38:47 -07:00
mqueue.cc
parser: fix getattr and setattr perm mapping on mqueue rules
2024-03-27 18:33:23 -03:00
mqueue.h
parser: fix getattr and setattr perm mapping on mqueue rules
2024-03-27 18:33:23 -03:00
network.cc
Merge parser: add network inet mediation documentation to apparmor.d
2024-04-12 03:46:23 +00:00
network.h
switch inet mediation from using anon to none
2024-04-11 19:03:43 -07:00
parser_alias.c
parser: make alias_ignore a bool
2023-03-31 02:17:28 -07:00
parser_common.c
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
parser_include.c
parser: fix definitely and possibly lost memory leaks
2023-03-16 18:03:57 -03:00
parser_include.h
parser: add include dedup cache to handle include loops
2021-04-27 20:26:57 -07:00
parser_interface.c
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
parser_lex.l
parser: change network conditionals to allow unquoted ids
2024-02-29 16:25:59 -03:00
parser_main.c
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
parser_merge.c
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
parser_misc.c
parser: add support for a generic all rule type
2023-09-07 01:30:15 -07:00
parser_policy.c
parser: refactor network to use rule class as its base.
2023-09-07 00:12:51 -07:00
parser_regex.c
parser: don't add mediation classes to unconfined profiles
2024-06-13 15:22:31 -03:00
parser_symtab.c
treewide: spelling/typo fixes in code strings
2020-12-01 12:47:18 -08:00
parser_variable.c
parser: add support for attach_disconnected.path
2023-08-14 01:42:28 -07:00
parser_yacc.y
parser: add fine grained conditionals to network rule
2024-02-29 16:25:59 -03:00
parser.conf
Revert "policy: pin policy to 4.0 abi for dev"
2023-07-19 17:37:24 -03:00
parser.h
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
policy_cache.c
Fix wording of some warnings
2020-10-11 12:22:23 +02:00
policy_cache.h
drop unused extern int debug_cache
2021-02-07 16:02:20 +01:00
policydb.h
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
profile-load
profile-load: use less ambiguous if/then construct
2022-02-15 07:34:17 +00:00
profile.cc
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
profile.h
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
ptrace.cc
parser: cleanup and rework optimization and dump flag handling
2023-07-07 17:47:41 -07:00
ptrace.h
parser: rework perms rule merging
2023-07-10 20:04:53 -07:00
rc.apparmor.functions
Fix aa-teardown for unconfined profiles
2024-05-28 21:13:47 +02:00
rc.apparmor.slackware
added missing functions to slackware init script
2019-11-08 13:49:48 +01:00
README
README: Move project contact info into the main README
2018-09-13 16:54:09 +00:00
README.devel
parser: add some developer documentation
2013-12-10 14:15:02 -08:00
rule.cc
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
rule.h
parser: add support for a generic all rule type
2023-09-07 01:30:15 -07:00
signal.cc
parser: add kill.signal=XXX flag support
2023-08-25 10:16:51 -07:00
signal.h
parser: add kill.signal=XXX flag support
2023-08-25 10:16:51 -07:00
techdoc.tex
treewide: spelling/typo fixes in comments and docs
2020-12-01 12:47:11 -08:00
unit_test.h
Convert codomain to a class
2013-09-27 16:16:37 -07:00
userns.cc
parser: cleanup and rework optimization and dump flag handling
2023-07-07 17:47:41 -07:00
userns.h
parser: add permission merging
2023-07-10 18:01:32 -03:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team