[Apparmor-dev] [RFR] repost of network toggle patches for the tools and bug fixes for repo

Dominic Reynolds dreynolds at suse.de
Fri Jul 20 10:52:08 MDT 2007 

Patches refreshed and new ones added to fix bugs and incorporate
feedback (thanks seth, jj, david, jesse for the testing and review)

Bug fixes:
  - SubDomain.pm::readprofile() had an additional argument added during the
    audit rework, active profile, that needs to be
    passed consistently from ag_subdomain_profiles and
    SubDomain.pm::check_profile_syntax
 
  - apparmor_ycp_utils.ycp - incorrect CMDS: CMD_ASK_YES -> CMD_YES, CMD_ASK_NO
    -> CMD_NO - caused missing button text

  - ignore trailing comments in profile entries
  - space in writenetdomain that caused network rules to be incorrectly
    formatted in the profiles
  - sort the fam/sock_type keys so that profiles are consistently written
  
  - logs that just had network events would not prompt (code was incorrectly
    indented withing the path log parsing code in collapselog)

  - yast logprof hang: some of the returns from YCP -> perl were being passed
    to the incorrect backend agent resulting in a hanging packend at the end
    of a profile run

Outstanding defects:
  - yast local save dialog reports only the initial profile created by
    genprof (not picking up other profiles created during the run). All are
    saved locally but the user is not prompted to select.
  - change_hat code still needs to be modified - some of the previous code
    will be needed (logparsing) so I'm working on a patch to backout just the
    profile reading/writing


Patches:

  - fix_missing_fork_handling.diff
    Fixes bugs introduced with the recent audit message format changes. The
    "clone" operation (fork track hinting) was not processed and resulted in
    missed execution tracking in the tools.
  
  - network_toggles.diff
    Adds basic support for network access toggles (support for these features
    currently reside in the experimental kernel and parser svn trees). These
    features allow basic toggles for network access and allow the user to add
    the network rule (mediation of the family and socket type).
    Source/Destination points and interfaces are not supported at this time.
    Basic support is included for inet, inet6 families and raw, datagram, and
    stream types.

  - strip-trailing-comments.diff
    Strip trailing comments on the rules during profile load

  - bad_CMD_params.diff
    Inconistency in naming the fields used to populate UI elements caused
    some YaST buttons to have incorrect text.

  - readprofiles_prototype_bug.diff
    SubDomain::readprofile() was being called with the incorrect number of
    arguments. Caused YaST backend agents to fail to read the profile set
    correctly

  - existing_profiles_bug.diff
    Validate that profile exists so user is not prompted for events for
    non-existent (deleted) profiles.

  - yast_logprof_hang.diff
    YaST logprof wizard would hang at the end of the profile run - YCP <->
    perl communication problem


-------------- next part --------------
A non-text attachment was scrubbed...
Name: bad_CMD_params.diff
Type: text/x-patch
Size: 842 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070720/85e5c274/bad_CMD_params.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: existing_profiles_bug.diff
Type: text/x-patch
Size: 516 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070720/85e5c274/existing_profiles_bug.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_missing_fork_handling.diff
Type: text/x-patch
Size: 1501 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070720/85e5c274/fix_missing_fork_handling.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: network_toggles.diff
Type: text/x-patch
Size: 11283 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070720/85e5c274/network_toggles.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: readprofiles_prototype_bug.diff
Type: text/x-patch
Size: 1592 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070720/85e5c274/readprofiles_prototype_bug.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strip-trailing-comments.diff
Type: text/x-patch
Size: 3612 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070720/85e5c274/strip-trailing-comments.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yast_logprof_hang.diff
Type: text/x-patch
Size: 2432 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070720/85e5c274/yast_logprof_hang.bin

More information about the Apparmor-dev mailing list