On Sat, Jul 27, 2013 at 02:45:15AM -0700, Tyler Hicks wrote:
> +Some AppArmor DBus permissions are not compatible with all AppArmor DBus
> rules.
> +The 'bind' permission cannot be used in message rules. The 'send' and
> 'receive'
> +permission cannot be used in service rules.
^ "per
On Sat, Jul 27, 2013 at 02:45:15AM -0700, Tyler Hicks wrote:
> Document the DBus rule syntax and provide several examples.
Very nice, a few comments inline.
> Signed-off-by: Tyler Hicks
> ---
> parser/apparmor.d.pod | 79
> +--
> 1 file changed,
On Sat, Jul 27, 2013 at 05:12:57PM -0700, John Johansen wrote:
> > C++ sure feels old and busted after reading through this patch. I hope
> > the end result is worth it...
> >
> well I wouldn't really call this C++ its C that is compatible with the C++
> compiler
>
> eventually as we get to movin
On 07/25/2013 03:59 PM, Seth Arnold wrote:
> On Sun, Jul 21, 2013 at 10:32:49PM -0700, John Johansen wrote:
>> This conversion is nothing more than what is required to get it to
>> compile. Further improvements will come as the code is refactored.
>>
>> Unfortunately due to C++ not supporting desig
On 07/24/2013 12:33 AM, Seth Arnold wrote:
<< snip >>
>> {
>> -({IDS}|{QUOTED_ID}) {
>> - /* Ugh, this is a gross hack. I used to use
>> - * {IDS} to match all TOK_IDs, but that would
>> - * also match TOK_MODE + TOK_END_OF
On 07/27/2013 10:02 AM, Christian Boltz wrote:
> Hello,
>
> see the attached file for r26 and r27 review notes.
>
> @John: I'm still waiting for your answer about
> # ix implies m, so we don't need to add m if ix is present
>
so ignore this, as we are not doing this
> I have some profiles t
Hello,
see the attached file for r26 and r27 review notes.
@John: I'm still waiting for your answer about
# ix implies m, so we don't need to add m if ix is present
I have some profiles that contain "mrix" (for example sbin.dhclient and
usr.sbin.ntpd), so either the old logprof was buggy or
Document the DBus rule syntax and provide several examples.
Signed-off-by: Tyler Hicks
---
parser/apparmor.d.pod | 79 +--
1 file changed, 77 insertions(+), 2 deletions(-)
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index 046c47c..a
This test is to verify that a list of profiles compile down into the
same binary representation. This is useful, for example, when testing a
rule syntax that includes permission aliases, as well as implied and
explicit accesses.
Signed-off-by: Tyler Hicks
---
parser/tst/Makefile| 7 ++-
pa
This is a test in the style of gen-xtrans.pl that attempts to run
through the most commonly constructed DBus rules. It also attempts to
run through some common mistakes to ensure that the parser fails
appropriately.
Signed-off-by: Tyler Hicks
---
parser/tst/Makefile| 7 ++-
parser/tst/gen-
Here's the latest set of parser changes needed to support DBus rules.
The second patch, which implements the actual parser support for DBus, is large
but I hope it won't be too bad to review. Do take a close look at it as Lex and
Yacc aren't on any list of skills that I claim to possess (and I'm n
This patch implements the parsing of DBus rules.
It attempts to catch all corner cases, such as specifying a bind
permission with an interface conditional or specifying a subject name
conditional and a peer name conditional in the same rule.
It introduces the concept of conditional lists to the l
12 matches
Mail list logo
