On Mon, Feb 24, 2014 at 11:17:59PM -0800, Steve Beattie wrote:
On Mon, Feb 24, 2014 at 11:13:23PM -0800, Steve Beattie wrote:
On Mon, Feb 24, 2014 at 04:23:13PM -0800, Seth Arnold wrote:
In the course of building updated apparmor 2.8.95 packages for Ubuntu, I
updated the libtool variables
On 02/25/2014 12:35 AM, Steve Beattie wrote:
On Mon, Feb 24, 2014 at 11:17:59PM -0800, Steve Beattie wrote:
On Mon, Feb 24, 2014 at 11:13:23PM -0800, Steve Beattie wrote:
On Mon, Feb 24, 2014 at 04:23:13PM -0800, Seth Arnold wrote:
In the course of building updated apparmor 2.8.95 packages for
Hello,
Am Montag, 24. Februar 2014 schrieb Steve Beattie:
On Tue, Feb 25, 2014 at 12:20:33AM +0100, Christian Boltz wrote:
Change aa-complain / set_complain() to (only) add the complain flag.
We don't need to additionally create a force-complain symlink.
Acked-by: Steve Beattie
Hello,
Am Montag, 24. Februar 2014 schrieb Tomáš Bažant:
I added 2 new sections - aa-notify + profile flags. I hope it's the
last major change in the aa chapter for now. Would you be so kind and
have a look at the added text if it's correct? Mainly the flags, the
wording is too technical and
On Tue, Feb 25, 2014 at 12:35:29AM -0800, Steve Beattie wrote:
Actually, NACK.
I think we all have agreed that the library changes that have occurred
on trunk should be considered as having added only new interfaces
over 2.8. Given that, we should not be bumping the SO version.
Part of
This is not the cleanup this code needs, but a quick hack to add the
-M flag so we can specify a feature file (or directory) to use for
the compile.
It mostly just moves around existing code and adds the -M option,
though it does introduce a few changes.
While I didn't do it in this patch I
Make it more generic so that it can be shared with signals.
Signed-off-by: John Johansen john.johan...@canonical.com
---
parser/dbus.c| 71
parser/parser.h |1
parser/parser_misc.c | 75
This cleans things up a bit and fixes a bug where not all rules are
getting properly counted so that the addition of policy_mediation
rules fails to generate the policy dfa in some cases.
Because the policy dfa is being generated correctly now we need to
fix some tests to use the new -M flag to
Yes its seems pointless because these will eventually get replaced by
stl. But until then
Signed-off-by: John Johansen john.johan...@canonical.com
---
parser/dbus.c | 11 ---
parser/mount.c | 12 ++--
parser/parser.h | 34 ++
3 files
This will allow for the parser to invalidate its caches separate of whether
the kernel policy version has changed. This can be desirable if a parser
bug is discovered, a new version the parser is shipped and we need to
force cache files to be regenerated.
Policy current stores a 32 bit version
Add signal rules and make sure the parser encodes support for them
if the supported feature set reports supporting them.
The current format of the signal rule is
[audit] [deny] signal [signal_perms] [signal_set] target_profile,
signal_perm := 'send'|'receive'|'r'|'w'|'rw'
signal_perms :=
ptrace rules currently take the form of
ptrace [ptrace_perms] [peer_profile_name],
ptrace_perm := read|trace|readby|tracedby
ptrace_perms := ptrace_perm | '(' ptrace_perm+ ')'
After having used the cross check (permission needed in both profiles)
I am not sure it is correct for ptrace.
Signed-off-by: John Johansen john.johan...@canonical.com
---
parser/parser_lex.l | 19 +--
1 file changed, 9 insertions(+), 10 deletions(-)
--- 2.9-test.orig/parser/parser_lex.l
+++ 2.9-test/parser/parser_lex.l
@@ -52,7 +52,7 @@
/* #define DEBUG */
#ifdef DEBUG
static int
Signed-off-by: John Johansen john.johan...@canonical.com
---
parser/parser.h|1 +
parser/parser_common.c |3 ++-
parser/parser_main.c |6 ++
3 files changed, 9 insertions(+), 1 deletion(-)
--- 2.9-test.orig/parser/parser.h
+++ 2.9-test/parser/parser.h
@@ -259,6 +259,7
Tag start of entries in the policydb as being mediated. This makes
the start state for any class being mediated be none 0. The kernel
can detect this to determine whether the parser expected mediation
for the class.
This is just a way of encoding what features expect mediation within
the policydb
15 matches
Mail list logo