1. 22 Feb, 2011 1 commit
    • John Johansen's avatar
      Update x conflict failure message · db70a376
      John Johansen authored
      Output a better failure message when a conflict of x permissions cause
      policy compilation to fail.  We don't have enough information available
      to output which rules during the dfa compilation so just improve the
      message to let people know that it means there are conflicting x modifiers
      in the rules.
      Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
      db70a376
  2. 20 Dec, 2010 1 commit
    • John Johansen's avatar
      Fix two x transition conflict bugs. · bdea9e56
      John Johansen authored
      The is_merged_x_consistend macro was incorrect in that is tested for
      USER_EXEC_TYPE to determine if there was an x transition.  This fails
      for unconfined execs so an unconfined exec would not correctly conflict
      with another exec type.
      
      The dfa match flag table for xtransitions was not large enough and not
      indexed properly for pux, and cux transitions.  The index calculation did
      not take into account the pux flag so that pux and px aliased to the same
      location and cux and cx aliased to the same location.
      
      This would result in the first rule being processed defining what the
      transition type was for all following rules of the type following.  So
      if a px transition was processed first all pux, transitions in the profile
      would be treated pux.
      Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
      bdea9e56
  3. 20 Aug, 2009 1 commit
  4. 16 Apr, 2008 1 commit
  5. 09 Apr, 2008 2 commits
  6. 06 Apr, 2008 2 commits
  7. 05 Apr, 2008 1 commit
  8. 13 Mar, 2008 2 commits
  9. 29 Nov, 2007 1 commit
  10. 16 Nov, 2007 5 commits
  11. 27 Jul, 2007 5 commits
  12. 26 Jun, 2007 1 commit
  13. 11 Apr, 2007 1 commit
  14. 30 Mar, 2007 3 commits
  15. 27 Feb, 2007 1 commit
  16. 01 Feb, 2007 2 commits
  17. 04 Aug, 2006 3 commits
    • John Johansen's avatar
      update parser to use HAS_X macros · b96bd2cd
      John Johansen authored
      b96bd2cd
    • John Johansen's avatar
      [https://bugzilla.novell.com/show_bug.cgi?id=172061] · 3cb147e2
      John Johansen authored
      This (updated) patch to trunk adds support for Px and Ux (toggle
      bprm_secure on exec) in the parser, As requested, lowercase p and u
      corresponds to an unfiltered environmnet on exec, uppercase will filter
      the environment.  It applies after the 'm' patch.
      
      As a side effect, I tried to reduce the use of hardcoded characters in
      the debugging statements -- there are still a few warnings that have
      hard coded letters in them; not sure I can fix them all.
      
      This version issues a warning for every unsafe ux and issues a single
      warning for the first 'R', 'W', 'X', 'L', and 'I' it encounters,
      except when the "-q" or "--quiet" flag , "--remove" profile flag, or
      "-N" report names flags are passed.  Unfortunately, it made the logic
      somewhat more convoluted.  Wordsmithing improvements welcome.
      
      3cb147e2
    • John Johansen's avatar
      [https://bugzilla.novell.com/show_bug.cgi?id=175388] · cafbfe7c
      John Johansen authored
      This (updated) patch to trunk adds the m flag to the parser language. The
      m flag explicitly does -not- conflict with px, ux, or ix.
      
      It does not add exec mmap as implicit to inherited execs, as it was
      asserted that the module should do this.
      
      I have not fixed up the testcases to match.
      
      cafbfe7c
  18. 11 Apr, 2006 1 commit