On Sun, Apr 12, 2015 at 03:09:04PM +0200, Christian Boltz wrote:
> Hello,
>
> Am Donnerstag, 9. April 2015 schrieb Tyler Hicks:
> > On 2015-04-06 21:02:16, Christian Boltz wrote:
> > > "make distclean" shrinks the list a bit:
> > >
> > > unknown:
> > > libraries/libapparmor/test-driver
> > >
On Sun, Apr 12, 2015 at 03:32:25AM +0200, Christian Boltz wrote:
> Hello,
>
> CleanProf.remove_duplicate_rules() didn't call
> $profile['capability'].delete_duplicates()
> because aa-cleanprof sets same_file=True.
>
> Fix this by calling delete_duplicates(None) so that it
> only checks the prof
On Sat, Apr 11, 2015 at 08:23:09PM +0200, Christian Boltz wrote:
> this patch adds setUp() to AATest that sets "self.maxDiff = None"
> (unlimited). This gives us unlimited array diffs everywhere where AATest
> is used.
> === modified file utils/test/common_test.py
> --- utils/test/common_test.py
On Sat, Apr 11, 2015 at 10:34:54PM +0200, Christian Boltz wrote:
> "capability foo".is_covered("deny capability foo") should return False
> even if check_allow_deny is False.
>
> Also add some tests with check_allow_deny=False.
>
> [ 40-ruleclass-is_covered-check-deny.diff ]
Acked-by: Steve Beatt
On 2015-04-12 15:09:04, Christian Boltz wrote:
> Hello,
>
> Am Donnerstag, 9. April 2015 schrieb Tyler Hicks:
> > On 2015-04-06 21:02:16, Christian Boltz wrote:
> > > "make distclean" shrinks the list a bit:
> > >
> > > unknown:
> > > libraries/libapparmor/test-driver
> > > libraries/libappar
The libapparmor aa_getcon(2) family of functions retrieves a confinement
context from the kernel and splits it up into separate label and mode strings.
The logic for splitting a confinement context has always been internal to
libapparmor. However, there is now a need to make the splitting functiona
The parse_confinement_mode() function returned NULL when a confinement
mode was not present (unconfined) and when it could not properly parse
the confinement context. The two situations should be differentiated
since the latter should be treated as an error.
This patch reworks parse_confinement_mo
Create a new libapparmor public function that allows external code to
split an AppArmor confinement context.
This is immediately useful for code that retrieves a D-Bus peer's
AppArmor confinement context using the
org.freedesktop.DBus.GetConnectionCredentials bus method.
https://launchpad.net/bug
Use the passed in confinement context string size to improve the
comparison by only doing the string comparison if the size matches and
removing the possibility of reading past the end of the buffer.
Signed-off-by: Tyler Hicks
---
libraries/libapparmor/src/kernel.c | 19 +--
1 fi
Test confinement context splitting, using aa_splitcon(3), with and
without a valid mode pointer.
Signed-off-by: Tyler Hicks
---
libraries/libapparmor/src/Makefile.am | 6 +-
libraries/libapparmor/src/tst_kernel.c | 133 +
2 files changed, 138 insertions(+), 1 d
When passing the size of the confinement context to
parse_confinement_mode(), don't include the NUL terminator byte in the
size.
It is confusing to count the NUL terminator as part of the string's
length. This change makes it so that, after a few additional changes,
parse_confinement_mode() can be
This patch modifies the socketpair.c test to verify the return value of
aa_getpeercon() based upon the expected label and expected mode lengths.
The test had to be changed slightly so that the returned mode, from
aa_getpeercon(), was preserved. It was being overwritten with the
special NO_MODE val
Hello,
Am Montag, 13. April 2015 schrieb Steve Beattie:
> On Sun, Apr 12, 2015 at 03:32:25AM +0200, Christian Boltz wrote:
> > CleanProf.remove_duplicate_rules() didn't call
> > $profile['capability'].delete_duplicates()
> > because aa-cleanprof sets same_file=True.
> >
> > Fix this by calling d
Hello,
Am Montag, 13. April 2015 schrieb Steve Beattie:
> On Sat, Apr 11, 2015 at 08:23:09PM +0200, Christian Boltz wrote:
> > this patch adds setUp() to AATest that sets "self.maxDiff = None"
> > (unlimited). This gives us unlimited array diffs everywhere where
> > AATest is used.
> >
> > === mo
On Tue, Apr 14, 2015 at 12:50:26AM +0200, Christian Boltz wrote:
> Hello,
>
> Am Montag, 13. April 2015 schrieb Steve Beattie:
> > On Sun, Apr 12, 2015 at 03:32:25AM +0200, Christian Boltz wrote:
> > > CleanProf.remove_duplicate_rules() didn't call
> > > $profile['capability'].delete_duplicates(
15 matches
Mail list logo