lp:~talkless/apparmor/fix_traceroute_tcp
- Get this branch:
- bzr branch lp:~talkless/apparmor/fix_traceroute_tcp
Branch merges
- Steve Beattie: Approve
- intrigeri: Approve
-
Diff: 19 lines (+2/-0)1 file modifiedprofiles/apparmor.d/usr.sbin.traceroute (+2/-0)
Branch information
Recent revisions
- 3662. By Christian Boltz
-
More strict profile_storage()
This patch makes the profile_storage() data structure more strict. It
- initializes everything inside a profile with proper values
- makes the profile storage a dict() instead of a hasher(), which means
it will complain loudly when trying to access non-existing elements
(hasher() was more forgiving, but this also meant hiding bugs)The patch also fixes a minor issue related to the more strict 'repo'
profile property in serialize_profile( ). Acked-by: Seth Arnold <email address hidden>
- 3661. By Christian Boltz
-
Ignore ptrace log events without denied_mask
This fixes a crash in the tools.
Reported by peetaur on IRC.
Acked-by: John Johansen <email address hidden> for trunk and 2.11.
- 3660. By Christian Boltz
-
Add two parser files to .bzrignore
- parser/
libapparmor_ re/parse. cc is autogenerated during build
- parser/tst_lib gets compiled during "make check"Both files get deleted by make clean.
Acked-by: John Johansen <email address hidden> for trunk and 2.11.
- 3659. By Christian Boltz
-
Fix aa-logprof crash on ptrace garbage log events
(garbage) ptrace events like
... apparmor="DENIED" operation="ptrace" profile="/bin/netstat" pid=1962 comm="netstat" target=""
cause an empty name2 field, which leads to a crash in the tools.This patch lets logparser.py ignore such garbage log events, which also
avoids the crash.As usual, add some testcases.
test-libapparmo
r-test_ multi.py needs some special handling to ignore the
empty name2 field in one of the testcases.References: https:/
/bugs.launchpad .net/apparmor/ +bug/1689667 Acked-by: Seth Arnold <email address hidden> for trunk and 2.11.
Older releases can't handle ptrace log events and therefore can't crash ;-)
- 3658. By Jamie Strandboge
-
Update base abstraction for additional journald sockets
The base abstraction already allows write access to
/run/systemd/journal/ dev-log but journald offers both:
- a native journal API at /run/systemd/journal/ socket (see sd_journal_ print(4) )
- /run/systemd/journal/ stdout for connecting a program's output to the journal
(see systemd-cat(1)).In addition to systemd-cat, the stdout access is required for nested container
(eg, LXD) logs to show up in the host. Interestingly, systemd-cat and LXD
containers require 'r' in addtion to 'w' to work. journald does not allow
reading log entries from this socket so the access is deemed safe.Signed-off-by: Jamie Strandboge <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3657. By Tyler Hicks
-
libapparmor: Don't print shell commands that check for test failures
Error messages should only show up in build logs when the error has been
encountered. This patch silences these shell commands from being printed
before they're interpreted.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden>
Acked-by: Christian Boltz <email address hidden> - 3656. By Tyler Hicks
-
libapparmor: Fix parallel make dependency issue in testsuite
A multi job `make check` command could fail due to check-local running
before the check-DEJAGNU target, which is automatically generated by
automake, would complete. This would result in a build failure due to
libaalogparse.log not yet existing.Fix the issue by depending on the check-DEJAGNU target.
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: John Johansen <email address hidden> - 3655. By Christian Boltz
-
Ignore test failures about duplicated conditionals in dbus rules
Since r3634, the tools allow any order of dbus conditionals.
Quoting the r3634 patch description:
This patch eases the restriction on the ordering at the expense of the
utils no longer being able to detect and reject a single attribute that
is repeated multiple times. In that situation, only the last occurrence
of the attribute will be honored by the utils.It seems nobody tested with all test profiles generated ;-) so we have to
add some exceptions to the "does not raise an exception" list now.Acked-by <timeout> for trunk and 2.11
- 3654. By Steve Beattie
-
profiles: abstractions/base - Allow sysconf(
_SC_NPROCESSORS _CONF) Merge Simon McVittie's patch to allow querying the number of configured
processors in the base abstraction.Acked-by: Steve Beattie <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12