apparmor:master

Last commit made on 2021-05-02
Get this branch:
git clone -b master https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
master
Repository:
lp:apparmor

Recent commits

33a53c2... by John Johansen <email address hidden> on 2021-05-02

Merge Fix comment wording in file_cache.h

Fixes: https://gitlab.com/apparmor/apparmor/-/merge_requests/743
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/752
Acked-by: John Johansen <email address hidden>

e31015a... by Christian Boltz on 2021-05-02

Fix comment wording in file_cache.h

This fixes https://gitlab.com/apparmor/apparmor/-/merge_requests/743#note_562522101

92c76e0... by Steve Beattie <email address hidden> on 2021-04-28

tests: add a test with recursive include in preamble

... just to be sure that the recursion check works everywhere ;-)

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/750
Acked-By: Steve Beattie <email address hidden>
See merge request apparmor/apparmor!750

f0221f4... by Christian Boltz on 2021-04-28

Add a test with recursive include in preamble

74bc427... by John Johansen on 2021-03-16

parser: Fix invalid reference to name in attachment warning

The name var is being improperly used in a warning. Not only is
it being used after it is freed, it also never had the correct value
as the "name" variable contained the value being used as the base
attachment.

Signed-off-by: John Johansen <email address hidden>
Acked-by: time out

be0d2fa... by John Johansen on 2021-03-16

parser: fix filter slashes for profile attachments

The parser is failing to properly filter the slashes in the profile
attachment after variable expansion. Causing matche failures when
multiple slashes occur.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/154
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/727
Reported-by: Mikhail Morfikov <email address hidden>
Signed-off-by: John Johansen <email address hidden>
Acked-by: time out

71bf9e1... by John Johansen <email address hidden> on 2021-04-28

Merge parser: add include dedup cache to handle include loops

Profile includes can be setup to loop and expand in a pathalogical manner that causes build failures. Fix this by caching which includes have already been seen in a given profile context.

In addition this can speed up some profile compiles, that end up re-including common abstractions. By not only deduping the files being included but skipping the need to reprocess and dedup the rules within the include.

Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1184779
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/743
Acked-by: Steve Beattie <email address hidden>

c00b0d3... by Steve Beattie on 2021-04-28

parser: add a simple one-level recursive include test

This adds a recursive include that otherwise parses correctly, to check
that the parser handles one-level recursion loop acceptably. When the
utils can support it, we should have tests that exercise deeper levels
of looping, e.g. include a -> include b -> include c -> include a or
deeper.

Without the fix in
https://gitlab.com/apparmor/apparmor/-/merge_requests/743, the parser
does fail due to hitting its file descriptor limit.

(The test at

  https://gitlab.com/apparmor/apparmor/-/blob/master/parser/tst/simple_tests/include_tests/recursive.sd

includes itself, which will result in a recursive profile definition
which isn't accepted by the parser.)

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/743
Signed-off-by: Steve Beattie <email address hidden>
Signed-off-by: John Johansen <email address hidden>

7dcf013... by John Johansen on 2021-04-20

parser: add include dedup cache to handle include loops

Profile includes can be setup to loop and expand in a pathalogical
manner that causes build failures. Fix this by caching which includes
have already been seen in a given profile context.

In addition this can speed up some profile compiles, that end up
re-including common abstractions. By not only deduping the files
being included but skipping the need to reprocess and dedup the
rules within the include.

Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1184779
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/743
Signed-off-by: John Johansen <email address hidden>
Acked-by: Steve Beattie <email address hidden>

a7816e1... by John Johansen <email address hidden> on 2021-04-27

Merge Rework internal profile storage and handling in the aa-* tools to use merged profile names instead of [profile][hat]

Change the tools to use merged profile names (`var['foo//bar']`) instead of the profile/hat layout (`var[profile][hat]`) in many places. Also storage gets moved to ProfileList instead of using a hasher.

Already changed places (in this MR) are parsing profiles, writing profiles, handling and storing of extra profiles, log handling and asking the user about profile additions.

Remaining usage of the `var[profile][hat]` layout are the `aa` and `original_aa` hashers, they'll be replaced in a separate MR.

See the individual commits for details. I'd also recommend to do the review on the individual commits, because the big diff is probably unreadable ;-)

While this is a big chain of changes, each commit contains working code, converting between the two storage layouts with `split_to_merged()` and `merged_to_split()` as needed, with merged layout "bubbling up" in more and more functions.

The long-term goal of these changes is to enable support for nested child profiles in the tools, but - one step after the other ;-)

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/736
Acked-by: John Johansen <email address hidden>