1. 27 Nov, 2011 1 commit
  2. 10 Nov, 2011 2 commits
  3. 11 Oct, 2011 1 commit
  4. 10 Oct, 2011 1 commit
  5. 07 Oct, 2011 2 commits
  6. 30 Sep, 2011 1 commit
  7. 15 Sep, 2011 2 commits
  8. 01 Sep, 2011 1 commit
  9. 26 Aug, 2011 1 commit
    • Steve Beattie's avatar
      Attached is a patch to make the initscript not fail if /tmp is full · b8f486de
      Steve Beattie authored
      by converting the comm(1) usage on temporary files to an embedded
      awk script. On both Ubuntu and OpenSUSE, a version of awk (mawk in
      Ubuntu, gawk in OpenSUSE) is either a direct or indirect dependency
      on the minimal or base package set, and the original reporter also
      mentioned that an awk-based solution would be palatable in a way that
      converting to bash, or using perl or python here would not be.
      In the embedded awk script, I've tried to avoid gawk or mawk specific
      behaviors or extensions; e.g. this is the reason for the call to sort
      on the output of the awk script, rather than using gawk's asort(). But
      please let me know if you see anything that shouldn't be portable
      across awk implementations.
      An additional issue that is fixed in both scripts is handling child
      profiles (e.g. hats) during reload. If child profiles are filtered
      out (via grep -v '//') of the list to consider, then on reloading
      a profile where a child profile has been removed or renamed, that
      child profile will continue to stick around. However, if the profile
      containing child profiles is removed entirely, if the initscript
      attempts to unload the child profiles after the parent is removed,
      this will fail because they were unloaded when the parent was unloaded.
      Thus I removed any filtering of child profiles out, but do a post-awk
      reverse sort which guarantees that any child profiles will be removed
      before their parent is. I also added the LC_COLLATE=C (based on the
      Ubuntu version) to the sort call to ensure a consistent sort order.
      To restate, the problem with the existing code is that it creates
      temporary files in $TMPDIR (by default /tmp) and if that partition
      is full, problems with the reload action ensue. Alternate solutions
      include switching the initscript to use bash and its <$() extension
      or setting TMPDIR to /dev/shm/. The former is unpalatable to some
      (particularly for an initscript), and for the latter, /dev/shm is
      only guaranteed to exist on GNU libc based systems (glibc apparently
      expects /dev/shm to exist for its POSIX shared memory implementation;
      see shm_overview(7)).  So to me, awk (sans GNU extensions) looks to
      be the least bad option here.
      Bug: https://launchpad.net/bugs/775785
  10. 18 Aug, 2011 2 commits
  11. 13 Aug, 2011 3 commits
  12. 10 Aug, 2011 1 commit
    • John Johansen's avatar
      Update apparmor's handling of rlimits for cpu limit and more natural units · f6982210
      John Johansen authored
      Allow for rlimit cpu to specified which is now supported by the kernel.
      Previously the rlimit units where limited to K, M, G and would fail when
      KB, MB, GB where used.  Allow for both, also allow for units on lengths
      of time, by specifying "seconds", "minutes", "hours".. or any unique subset
      eg. "s", "sec", "m", "min", "h", "hour" ..
      This patch does not extend rlimits to be able to handle setting of tasks
      that are confined by other profiles.
      Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
  13. 09 Aug, 2011 3 commits
  14. 04 Aug, 2011 1 commit
  15. 01 Jun, 2011 1 commit
    • Steve Beattie's avatar
      Bug: https://bugs.launchpad.net/apparmor/+bug/788616 · fdae9784
      Steve Beattie authored
      This patch fixes the init scripts helper functions file to
      filter out the hat/child process separator as currently used
      by the parser, '//' rather than what used to be used, the '^'
      symbol. This fixes bugs where profiles that covered regexs (e.g.
      '/usr/lib/firefox-4.0.1/firefox{,*[^s][^h]}') and thus were being
      improperly filtered away and unloaded when reloading apparmor policy.
  16. 27 May, 2011 1 commit
    • Kees Cook's avatar
      In some cases, it is desirable to build the parser without building the · 156a980c
      Kees Cook authored
      binary portions (Hurd). This patch splits up the build targets so this is
      "main" becomes "arch"
      "indep" is created and depends on "docs"
      po building is moved from "main" to "indep"
      "all" has "tests" removed (standard build practices are to "make" then
      "make check" so I think "tests"/"check" should stay separate from "all").
      redundant chunk is removed (this exists twice in the Makefile):
      -.SILENT: check
      -check: tests
      "install" is split into "install-indep" and "install-arch"
      "install-arch" requires "arch" and only installs the binaries
      "install-indep" requires "indep" and only install non-binaries
      Additionally, update the README to mention the "check" target both for the
      parser and the utils.
      Signed-off-by: 's avatarKees Cook <kees.cook@canonical.com>
      Acked-by: Steve Beattie's avatarSteve Beattie <steve@nxnw.org>
  17. 23 May, 2011 1 commit
  18. 20 May, 2011 2 commits
  19. 13 May, 2011 1 commit
    • Kees Cook's avatar
      [v2: added clean-ups, backed off on some of the build silencing] · 6a68aa2e
      Kees Cook authored
      This is a rather large rearrangement of how a subset of the parser global
      variables are defined. Right now, there are unit tests built without
      linking against parser_main.c. As a result, none of the globals defined in
      parser_main.c could be used in the code that is built for unit tests
      (misc, regex, symtab, variable). To get a clean build, either stubs needed
      to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to
      depend on link-time optimizations that would throw out the unused routines.
      First, this is a problem because all the compile-time warnings had to be
      explicitly silenced, so reviewing the build logs becomes difficult on
      failures, and we can potentially (in really unlucky situations) test
      something that isn't actually part of the "real" parser.
      Second, not all compilers will allow this kind of linking (e.g. mips gcc),
      and the missing symbols at link time will fail the entire build even though
      they're technically not needed.
      To solve all of this, I've moved all of the global variables used in lex,
      yacc, and main to parser_common.c, and adjusted the .h files. On top of
      this, I made sure to fully link the tst builds so all symbols are resolved
      (including aare lib) and removedonly  tst build-log silencing (for now,
      deferring to another future patchset to consolidate the build silencing).
      Signed-off-by: 's avatarKees Cook <kees.cook@canonical.com>
  20. 02 May, 2011 2 commits
  21. 06 Apr, 2011 3 commits
  22. 01 Apr, 2011 1 commit
  23. 29 Mar, 2011 1 commit
  24. 28 Mar, 2011 1 commit
    • Steve Beattie's avatar
      The parser's lexer supports variables defined matching the regex · f8b43d5b
      Steve Beattie authored
      '[[:alpha:]][[:alnum:]_]*' (i.e. a single alpha followed by any number
      of alphanumerics or underscores). Unfortunately, the code that expends
      variables inside a profile does not match this, it incorrectly matched
      '([[:alpha:]]|_)+' (one or more alphas or underscores). This patch
      corrects the behavior there as well as synchronizing the expected
      variable names in the apparmor.d manpage and apparmor.vim syntax file.
      It also adds unit tests and testcases to verify the behavior.
      Signed-off-by: 's avatarSteve Beattie <sbeattie@ubuntu.com>
  25. 17 Mar, 2011 2 commits
  26. 13 Mar, 2011 2 commits