ac03ae4...
by
John Johansen
on 2020-12-07
Release: Bump revision for 2.10.6 release
Signed-off-by: John Johansen <email address hidden>
085d4cd...
by
Christian Boltz
on 2020-11-16
abstractions/X: Allow (only) reading X compose cache
... (/var/cache/ libx11/ compose/ *), and deny any write attempts
Reported by darix,
https:/ /git.nordisch. org/darix/ apparmor- profiles- nordisch/ -/blob/ master/ apparmor. d/teams
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 685
(cherry picked from commit 78bd811e2a23f55 974991cd208f6a1 7749655c21)
Signed-off-by: John Johansen <email address hidden>
f305bb1...
by
Christian Boltz
on 2020-10-14
Add CAP_CHECKPOINT_ RESTORE to severity.db
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 656
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 2c2dbdc3a3012ce 06371edc1e9be6f 58711d8565)
9f0415e...
by
Christian Boltz
on 2020-08-07
Add CAP_BPF and CAP_PERFMON to severity.db
These capabilities were introduced in Linux 5.8
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 589
References: https:/ /bugs.launchpad .net/bugs/ 1890547
(cherry picked from commit ae012502095596d f4675555da635c8 68e3b3c04a)
Signed-off-by: John Johansen <email address hidden>
0acc2cd...
by
John Johansen
on 2020-09-01
parser: call filter slashes for mount conditionals
The mnt_point and devices conditionals in mount rules are generally
paths and should have slashes filtered after variable expansion.
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 607
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit a1978fb1b2f9c97 ae6ea7efb752e3d 25ac261830)
Signed-off-by: John Johansen <email address hidden>
41091fd...
by
John Johansen
on 2020-09-01
parser: call filter slashes for the dbus path conditional
Similar to unix addr rules, the dbus path conditional is more a path
than a profile name and should get its slashes filtered after variable
expansion.
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 607
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 35f6d49ec679f41 ac30a2dd2278088 1c03ca01c9)
Signed-off-by: John Johansen <email address hidden>
b5ffee5...
by
John Johansen
on 2020-09-01
parser: enable variable expansion for mount type= and options=
Currently mount options type= and options= do not expand variables
but they should. Fix it.
Note: this does not treat either as paths because their use is
too device dependent for it to be safe to filter slashes.
Fixes: https:/ /gitlab. com/apparmor/ apparmor/ -/issues/ 99
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 638
Signed-off-by: John Johansen <email address hidden>
Acked-by: Steve Beattie <email address hidden>
(cherry picked from commit 882380ad3d8e90a 9ac9fe489485ce9 f652a1a80a)
Signed-off-by: John Johansen <email address hidden>
ab49c3d...
by
Patrick Steinhardt
on 2020-10-03
libapparmor: add missing include for `socklen_t`
While `include/ sys/apparmor. h` makes use of `socklen_t`, it doesn't
include the `<sys/socket.h>` header to make its declaration available.
While this works on systems using glibc via transitive includes, it
breaks compilation on musl libc.
Fix the issue by including the header.
Signed-off-by: Patrick Steinhardt <email address hidden>
(cherry picked from commit 47263a3a74d7973 e7a54b17db6aa90 3701468ffd)
Signed-off-by: John Johansen <email address hidden>
92a6360...
by
Patrick Steinhardt
on 2020-10-03
libapparmor: add _aa_asprintf to private symbols
While `_aa_asprintf` is supposed to be of private visibility, it's used
by apparmor_parser and thus required to be visible when linking. This
commit thus adds it to the list of private symbols to make it available
for linking in apparmor_parser.
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 643
Signed-off-by: Patrick Steinhardt <email address hidden>
(cherry picked from commit 9a8fee6bf1c79c2 61374d928b838b5 eb9244ee9b)
f4346f6...
by
John Johansen
on 2020-09-01
parser: Fix expansion of variables in unix rules addr= conditional
The parser is not treating unix addr as a path and filtering slashes
after variable expansion. This can lead to errors where
@{foo}=/a/
unix bind addr=@{foo}/bar,
will always fail because addr is being matched as /a//bar instead of
/a/bar.
MR: https:/ /gitlab. com/apparmor/ apparmor/ -/merge_ requests/ 607
Fixes: https:/ /bugs.launchpad .net/apparmor/ +bug/1856738
Signed-off-by: John Johansen <email address hidden>
(cherry picked from commit 6af05006d9dd1bf aa36e555841496a 4cbf3992ee)