1. 01 Sep, 2011 1 commit
  2. 31 Aug, 2011 4 commits
  3. 27 Aug, 2011 5 commits
  4. 26 Aug, 2011 4 commits
    • Christian Boltz's avatar
      From: Jeff Mahoney <jeffm@suse.com> · 66d51b57
      Christian Boltz authored
      Subject: apparmor-profiles: Add samba config files
      References: bnc#679182 bnc#666450
      Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
      
      - updated to match trunk
      - added changed path to nmbd profile (/var/cache/samba has moved to 
        /var/lib/samba on (at least) openSUSE 11.4), bnc#679182#c8
        For backward compability, it also allows /var/spool/samba.
      - Note: The smbd profile already contains both locations.
      by Christian Boltz <apparmor@cboltz.de>
      
      updated according to the comments from Steve Beattie
      by Christian Boltz <apparmor@cboltz.de>
      Acked-By: default avatarSteve Beattie <sbeattie@ubuntu.com>
      66d51b57
    • Christian Boltz's avatar
      Dovecot profile update: · f26df713
      Christian Boltz authored
      - allow /var/spool/mail, not only the /var/mail symlink
      - allow @{HOME}/Mail/
      - allow capability fsetid, read access to /etc/lsb-release and 
        SuSE-release and k for /var/{lib,run}/dovecot in usr.bin.dovecot
      
      References:
      - dovecot: Added support for /var/spool/mail (bnc#691072)
      - Updated dovecot profile (bnc#681267).
      
      Patch taken from openSUSE:11.4:Update:Test, file apparmor-profiles-dovecot
      updated to match trunk by Christian Boltz <apparmor@cboltz.de>
      
      Change compared to the patch posted to the ML:
      - link rule instead of adding l permissions for /var/lib/dovecot and 
        /var/run/dovecot (as proposed by John Johansen)
      
      Acked-By: John Johansen <john.johansen@canonical.com> on IRC
      f26df713
    • Steve Beattie's avatar
      Attached is a patch to make the initscript not fail if /tmp is full · b8f486de
      Steve Beattie authored
      by converting the comm(1) usage on temporary files to an embedded
      awk script. On both Ubuntu and OpenSUSE, a version of awk (mawk in
      Ubuntu, gawk in OpenSUSE) is either a direct or indirect dependency
      on the minimal or base package set, and the original reporter also
      mentioned that an awk-based solution would be palatable in a way that
      converting to bash, or using perl or python here would not be.
      
      In the embedded awk script, I've tried to avoid gawk or mawk specific
      behaviors or extensions; e.g. this is the reason for the call to sort
      on the output of the awk script, rather than using gawk's asort(). But
      please let me know if you see anything that shouldn't be portable
      across awk implementations.
      
      An additional issue that is fixed in both scripts is handling child
      profiles (e.g. hats) during reload. If child profiles are filtered
      out (via grep -v '//') of the list to consider, then on reloading
      a profile where a child profile has been removed or renamed, that
      child profile will continue to stick around. However, if the profile
      containing child profiles is removed entirely, if the initscript
      attempts to unload the child profiles after the parent is removed,
      this will fail because they were unloaded when the parent was unloaded.
      Thus I removed any filtering of child profiles out, but do a post-awk
      reverse sort which guarantees that any child profiles will be removed
      before their parent is. I also added the LC_COLLATE=C (based on the
      Ubuntu version) to the sort call to ensure a consistent sort order.
      
      To restate, the problem with the existing code is that it creates
      temporary files in $TMPDIR (by default /tmp) and if that partition
      is full, problems with the reload action ensue. Alternate solutions
      include switching the initscript to use bash and its <$() extension
      or setting TMPDIR to /dev/shm/. The former is unpalatable to some
      (particularly for an initscript), and for the latter, /dev/shm is
      only guaranteed to exist on GNU libc based systems (glibc apparently
      expects /dev/shm to exist for its POSIX shared memory implementation;
      see shm_overview(7)).  So to me, awk (sans GNU extensions) looks to
      be the least bad option here.
      
      Bug: https://launchpad.net/bugs/775785
      b8f486de
    • Christian Boltz's avatar
      ac7e6668
  5. 25 Aug, 2011 1 commit
  6. 23 Aug, 2011 2 commits
  7. 22 Aug, 2011 1 commit
  8. 21 Aug, 2011 1 commit
  9. 19 Aug, 2011 1 commit
    • John Johansen's avatar
      Remove tags · fb7f0dda
      John Johansen authored
        apparmor_2.6.0~rc1
        apparmor_2.6.1~rc1
      
      that have crept in yet again!!!
      fb7f0dda
  10. 18 Aug, 2011 8 commits
  11. 17 Aug, 2011 6 commits
    • Steve Beattie's avatar
      logprof and genprof were creating Px and Cx execute permissions with · 386a5abc
      Steve Beattie authored
      the modifiers as lowercase (meaning to pass on sensitive environment
      variables to the exec'ed process) even if the user told them not to
      when prompted. This patch fixes the issue.
      386a5abc
    • Jamie Strandboge's avatar
      utils/aa-notify: · 084233a2
      Jamie Strandboge authored
      aa-notify would abort if it could not stat the logfile, as can happen
      when using auditd and the directory perms for the logfile do not allow access
      (x). Add raise_privileges() and drop_privileges() helper functions and adjust
      get_logfile_size() and get_logfile_inode() to raise then drop privileges if the
      logfile parent directory is not executable. Also adjust reopen_logfile() to use
      these helpers.
      
      When error checking in these helpers, use '$> == ...' instead of '$> = ... or
      die...' since perl always dies when raising privs in this manner even though
      the euid did change (and $!, $@, $^E, and $? are all the same). Not sure why
      this is happening but the '==' check should be sufficient.
      084233a2
    • Jamie Strandboge's avatar
      utils/aa-notify: · 94e665b3
      Jamie Strandboge authored
      aa-notify would abort if it could not stat the logfile, as can happen
      when using auditd and the directory perms for the logfile do not allow access
      (x). Add raise_privileges() and drop_privileges() helper functions and adjust
      get_logfile_size() and get_logfile_inode() to raise then drop privileges if the
      logfile parent directory is not executable. Also adjust reopen_logfile() to use
      these helpers.
      
      When error checking, use '$> == ...' instead of '$> = ... or die...' since perl
      always dies when raising privs in this manner even though the euid did change
      (and $!, $@, $^E, and $? are all the same). Not sure why this is happening but
      the '==' check should be sufficient.
      94e665b3
    • Jamie Strandboge's avatar
      utils/aa-notify: · 0a5c4fa1
      Jamie Strandboge authored
      - drop supplemental group privileges too. While POSIX::setgid() works nice in
        that it will set both the real uid and euid, it doesn't do anything with the
        supplemental groups (sigh). Instead, assign to $( and $) in a manner that
        clears the supplemental groups.
      0a5c4fa1
    • Jamie Strandboge's avatar
    • Steve Beattie's avatar
  12. 16 Aug, 2011 3 commits
  13. 13 Aug, 2011 3 commits