1. 02 Apr, 2018 2 commits
  2. 24 Mar, 2017 1 commit
  3. 24 Feb, 2012 1 commit
  4. 10 Nov, 2011 1 commit
    • John Johansen's avatar
      Author: Michael (kensington) · 9c39909a
      John Johansen authored
      When executing apparmor_status from rc functions and utils are not installed, this message is received:
      AppArmor is enabled,
      Install the apparmor-utils package to receive more detailed
      status information here (or examine directly).
      Signed-off-by: default avatarJohn Johansen <[email protected]>
  5. 11 Oct, 2011 1 commit
  6. 15 Sep, 2011 1 commit
  7. 26 Aug, 2011 1 commit
    • Steve Beattie's avatar
      Attached is a patch to make the initscript not fail if /tmp is full · b8f486de
      Steve Beattie authored
      by converting the comm(1) usage on temporary files to an embedded
      awk script. On both Ubuntu and OpenSUSE, a version of awk (mawk in
      Ubuntu, gawk in OpenSUSE) is either a direct or indirect dependency
      on the minimal or base package set, and the original reporter also
      mentioned that an awk-based solution would be palatable in a way that
      converting to bash, or using perl or python here would not be.
      In the embedded awk script, I've tried to avoid gawk or mawk specific
      behaviors or extensions; e.g. this is the reason for the call to sort
      on the output of the awk script, rather than using gawk's asort(). But
      please let me know if you see anything that shouldn't be portable
      across awk implementations.
      An additional issue that is fixed in both scripts is handling child
      profiles (e.g. hats) during reload. If child profiles are filtered
      out (via grep -v '//') of the list to consider, then on reloading
      a profile where a child profile has been removed or renamed, that
      child profile will continue to stick around. However, if the profile
      containing child profiles is removed entirely, if the initscript
      attempts to unload the child profiles after the parent is removed,
      this will fail because they were unloaded when the parent was unloaded.
      Thus I removed any filtering of child profiles out, but do a post-awk
      reverse sort which guarantees that any child profiles will be removed
      before their parent is. I also added the LC_COLLATE=C (based on the
      Ubuntu version) to the sort call to ensure a consistent sort order.
      To restate, the problem with the existing code is that it creates
      temporary files in $TMPDIR (by default /tmp) and if that partition
      is full, problems with the reload action ensue. Alternate solutions
      include switching the initscript to use bash and its <$() extension
      or setting TMPDIR to /dev/shm/. The former is unpalatable to some
      (particularly for an initscript), and for the latter, /dev/shm is
      only guaranteed to exist on GNU libc based systems (glibc apparently
      expects /dev/shm to exist for its POSIX shared memory implementation;
      see shm_overview(7)).  So to me, awk (sans GNU extensions) looks to
      be the least bad option here.
      Bug: https://launchpad.net/bugs/775785
  8. 13 Aug, 2011 2 commits
  9. 04 Aug, 2011 1 commit
  10. 01 Jun, 2011 1 commit
    • Steve Beattie's avatar
      Bug: https://bugs.launchpad.net/apparmor/+bug/788616 · fdae9784
      Steve Beattie authored
      This patch fixes the init scripts helper functions file to
      filter out the hat/child process separator as currently used
      by the parser, '//' rather than what used to be used, the '^'
      symbol. This fixes bugs where profiles that covered regexs (e.g.
      '/usr/lib/firefox-4.0.1/firefox{,*[^s][^h]}') and thus were being
      improperly filtered away and unloaded when reloading apparmor policy.
  11. 17 Mar, 2011 1 commit
  12. 22 Feb, 2011 1 commit
  13. 13 Jan, 2011 1 commit
  14. 20 Dec, 2010 1 commit
  15. 29 Nov, 2010 1 commit
  16. 04 Nov, 2010 1 commit
  17. 16 Feb, 2010 1 commit
  18. 11 Nov, 2009 1 commit
  19. 24 Jul, 2009 2 commits
  20. 19 Mar, 2009 1 commit
  21. 18 Nov, 2008 1 commit
    • Steve Beattie's avatar
      Submitted By: Mario Fetka (mario dot fetka at gmail dot com) · 6cfcb1a8
      Steve Beattie authored
      Description: fix compile on build
      Patch from Gentoo community:
        - fix up a couple of missing semicolons in syntax (bison compensates
          by emitting it's own)
        - Fix yet another variable tyop in rc.apparmor.functions
        - dump stderr of ls in rc.apparmor.functions to /dev/null
        - add an install-unknown make target
  22. 07 Nov, 2008 3 commits
  23. 09 Jun, 2008 1 commit
  24. 04 Jun, 2008 1 commit
    • John Johansen's avatar
      fix · be495f21
      John Johansen authored
      - rc.apparmor.functions were not correctly removing profiles on replace and
        reload, also convert to using the module interface directly bypassing the
      - fix cx ->  named transitions
      - fix apparmor_parser -N so that it emits hats as profiles under new kernel
        modules.  This is the correct behavior as hats are promoted to profiles.
  25. 29 May, 2008 2 commits
  26. 24 Apr, 2008 1 commit
  27. 03 Jan, 2008 2 commits
  28. 14 Aug, 2007 1 commit
  29. 27 Jul, 2007 1 commit
  30. 24 May, 2007 1 commit
  31. 11 Apr, 2007 1 commit
  32. 04 Apr, 2007 2 commits
    • Steve Beattie's avatar
      Subject: initscript: subdomain -> apparmor · 77cc0302
      Steve Beattie authored
      This patch converts some of the internal references from subdomain to
      apparmor (and s/sd/aa/ as well). Variables referenced in
      /etc/apparmor/subdomain.conf (which also needs to be renamed) are not
    • Steve Beattie's avatar
      Subject: initscript: kill debug option · 1696851e
      Steve Beattie authored
      The apparmor module no longer supports being loaded with the
      subdomain_debug module argument. Kill the option that tried to do this.