1. 20 Sep, 2013 2 commits
    • Steve Beattie's avatar
      add optional allow prefix to the language · 17f0565a
      Steve Beattie authored
      From: John Johansen <john.johansen@canonical.com>
      
      let allow be used as a prefix in place of deny.  Allow is the default
      and is implicit so it is not needed but some user keep tripping over
      it, and it makes the language more symmetric
      
         eg.
            /foo rw,
            allow /foo rw,
            deny /foo rw,
      
      Patch history:
        v1: - initial revision
      
        v2: - rename yacc target rule from opt_deny to opt_perm_mode to
      reflect
              that it can be either an allow or deny modifier
            - break apart tests into more digestible chunks and to clarify
              their purpose
            - fix some tests to exercise 'audit allow'
            - add negative tests for 'allow' and 'deny' in the same rule
            - add support for 'allow' keyword to apparmor.vim
            - fix a bug in apparmor.vim to let it recognize multiple
              capability entries in a single line.
      
        v3: - add support for optional keywords on capability rules in
              regression tests, as well as the bare capability keyword (via
              'cap:ALL')
            - add allow, deny, and conflicting capability behavioral
              regression tests
            - fix vim syntax modeline to refer to apparmor in parser tests
            - adjust FILE regex in vim syntax file creator script
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: Steve Beattie's avatarSteve Beattie <steve@nxnw.org>
      Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
      17f0565a
    • Christian Boltz's avatar
      aa-unconfined displays less unconfined processes in some languages (for · ec738148
      Christian Boltz authored
      example with LANG=pt_BR) because a regex relies on netstat output.
      
      Enforce LANG=C to make sure aa-unconfined always sees the expected output.
      Acked-by: Steve Beattie's avatarSteve Beattie <steve@nxnw.org>
      ec738148
  2. 19 Sep, 2013 1 commit
  3. 13 Sep, 2013 1 commit
  4. 26 Aug, 2013 1 commit
  5. 23 Aug, 2013 1 commit
  6. 13 Aug, 2013 1 commit
  7. 09 Jul, 2013 1 commit
  8. 05 Jul, 2013 1 commit
  9. 29 Jun, 2013 1 commit
  10. 27 Jun, 2013 1 commit
  11. 12 Jun, 2013 1 commit
  12. 09 Apr, 2013 1 commit
    • Jamie Strandboge's avatar
      Fix two race conditions: · ae2cdf0f
      Jamie Strandboge authored
      1) make sure that the xpra socket exists before trying to attach to it
      2) make sure that the client has attached before we start the application
      
      The fix for '1' solves a problem when the system is under load and the
      one for '2' fixes a problem with firefox starting too soon and not
      having system themes applied.
      
      Exercising the 1 week rule. Seth Arnold commented on the added sleeps and I
      adjusted one based on his comments and replied to the list that the other is
      needed and that this improves the sandbox/xpra code but that there are
      limitations with driving xpra.
      Acked-By: default avatarJamie Strandboge <jamie@canonical.com>
      ae2cdf0f
  13. 14 Jan, 2013 1 commit
  14. 01 Jan, 2013 1 commit
  15. 04 Dec, 2012 1 commit
  16. 06 Nov, 2012 1 commit
    • Steve Beattie's avatar
      Subject: aa-decode test script v3 · 8e70fdcd
      Steve Beattie authored
      This patch adds a test script/driver for the aa-decode utility. The only
      change from the previous versions is to support overriding the location
      of the aa-decode to test via the APPARMOR_DECODE environment variable
      and documenting the utils/ tests in the top level README.
      
      The aa-decode test can be run directly from the commandline in the utils
      directory like so:
      
        test/test-aa-decode.py -v
      Signed-off-by: default avatarSteve Beattie <sbeattie@ubuntu.com>
      Acked-By: Christian Boltz's avatarChristian Boltz <apparmor@cboltz.de>
      8e70fdcd
  17. 15 Oct, 2012 1 commit
    • Christian Boltz's avatar
      Fix aa-decode handling of stdin · 50d89bc5
      Christian Boltz authored
      Handling stdin was totally broken (= no output) with the current log 
      format because aa-decode expected name= to be the last entry in the 
      log line.
      
      This patch for stdin handling
      - fixes the pattern to match the current log format (name= is NOT the
        last part in the log entry)
      - uses bash replacement to avoid some sed calls (which also means the 
        script now needs an explicit "#!/bin/bash")
      - prints decoded filenames in double instead of single quotes to be
        consistent with filenames that were not encoded
      - also prints lines that do not contain an encoded filename (instead of 
        grepping them away)
      - replace tr calls by perl's uc() (also for non-stdin mode)
      - also handle encoded profile names (introduced by Steve)
      - don't fail if a file or profile name contains a '
      
      In other words: you can pipe your audit.log through aa-decode, and the 
      only difference to the raw audit.log is that filenames are decoded.
      Acked-By: default avatarSteve Beattie <sbeattie@ubuntu.com>
      50d89bc5
  18. 27 Sep, 2012 1 commit
  19. 17 Sep, 2012 1 commit
  20. 03 Sep, 2012 1 commit
  21. 29 Aug, 2012 3 commits
  22. 28 Aug, 2012 7 commits
  23. 27 Aug, 2012 6 commits
  24. 24 Aug, 2012 3 commits