AppArmor

lp://qastaging/~cameronnemo/apparmor/ubuntu-email-geary

Created by Cameron Norman and last modified
Get this branch:
bzr branch lp://qastaging/~cameronnemo/apparmor/ubuntu-email-geary
Only Cameron Norman can upload to this branch. If you are Cameron Norman please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Cameron Norman
Project:
AppArmor
Status:
Merged

Recent revisions

2870. By Cameron Norman

abstractions/ubuntu-email: add geary

2869. By Christian Boltz

require logfile only for aa-logprof and aa-genprof

Make sure most tools (for example aa-complain) don't error out if
no logfile can be found. (For obvious reasons, aa-logprof and
aa-genprof will still require a logfile ;-)

This is done by moving code from the global area in aa.py to the new
function set_logfile(), which is called by aa-logprof and aa-genprof.

While on it,
- rename apparmor.filename to apparmor.logfile
- move the error handling for user-specified logfile from aa-genprof
  and aa-logprof to aa.py set_logfile()

Note: I'd have prefered to hand over the logfile as parameter to
do_logprof_pass(), but that would break last_audit_entry_time() in
aa-genprof which requires the log filename before do_logprof_pass()
is called.

References: https://bugs.launchpad.net/apparmor/+bug/1423702

Acked-by: Seth Arnold <email address hidden>

2868. By Seth Arnold

This should fix a gcc 5 build failure (untested) with os << .. << os

This build failure was discovered by doko's archive rebuild:
http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150202-gcc5-vivid.html

2867. By John Johansen

And the related patch to fix globbing for af_unix abstract names

Abstract af_unix socket names can contain a null character, however the
aare to pcre conversion explicitly disallows null characters because they
are not valid characters for pathnames. Fix this so that they type of
globbing is selectable.

this is a partial fix for

Bug: http://bugs.launchpad.net/bugs/1413410

Signed-off-by: John Johansen <email address hidden>
Acked-by: Steve Beattie <email address hidden>

2866. By John Johansen

Currently the parser does escape processing in multiple places, this can result in failures if not handled properly

The lexer front end currently incorrectly processes the \000 \x00 \d00 escape sequence resulting in a null character being embedded in the processed string, this results in the string not being full processed later.

The aare to pcre regex conversion fn also incorrectly strips out the \00, and any other escape sequence it doesn't know about, resulting in incorrect strings being passed to the backend. Fix this by passing through any valid escape sequence that is not handled by the fn.

this is a partial fix for
Bug: http://bugs.launchpad.net/bugs/1413410

Signed-off-by: John Johansen <email address hidden>
Acked-by: Steve Beattie <email address hidden>

2865. By Tyler Hicks

tests: Update code to correctly use the terms context and label

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

2864. By Tyler Hicks

mod_apparmor: Update code to correctly use the terms context and label

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

2863. By Tyler Hicks

libapparmor: Update code to correctly use the terms context and label

Adjust the libapparmor function prototypes, variable names, and comments
that incorrectly used the name "con" when referring to the label.

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

2862. By Tyler Hicks

libapparmor: Document the terms context and label in aa_getcon(2)

The correct usage of the terms context and label is not clear in the
aa_getcon(2) man page. The aa_getcon(2) family of functions are also
prototyped incorrectly since the *con parameter represents a label and
not a context.

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>

2861. By Christian Boltz

Update is_skippable_file() to match all extensions that are listed in
libapparmor _aa_is_blacklisted() - some extensions were missing in the
python code.

Also make the code more readable and add some testcases.

Notes:
- the original code additionally ignored *.swp. I didn't include that -
  *.swp looks like vim swap files which are also dot files
- the python code ignores README files, but the C code doesn't
  (do we need to add README in the C code?)

Acked-by: Kshitij Gupta <email address hidden> for 2.9 and trunk
Acked-by: Steve Beattie <email address hidden>

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://qastaging/apparmor/2.12
This branch contains Public information 
Everyone can see this information.

Subscribers