[Apparmor-dev] Re: repost of network toggle patches for the tools
and bug fixes for repo
Dominic Reynolds
dreynolds at suse.de
Tue Jul 24 14:12:49 MDT 2007
Refreshsed patches to include jesses latest locking/append fixes and fix
other problems:
directory matching when existing rules have tailglobs
rudimentary fix for mandatory profile error messages
patches:
fix_missing_fork_handling.diff
network_toggles.diff
strip-trailing-comments.diff
bad_CMD_params.diff
readprofiles_prototype_bug.diff
existing_profiles_bug.diff
yast_logprof_hang.diff
logprof-lock-append.diff
directory_permission_bug.diff
mandatory_profile.diff
-dom
+++ Dominic Reynolds [20/07/07 10:52 -0600]:
> Patches refreshed and new ones added to fix bugs and incorporate
> feedback (thanks seth, jj, david, jesse for the testing and review)
>
> Bug fixes:
> - SubDomain.pm::readprofile() had an additional argument added during the
> audit rework, active profile, that needs to be
> passed consistently from ag_subdomain_profiles and
> SubDomain.pm::check_profile_syntax
>
> - apparmor_ycp_utils.ycp - incorrect CMDS: CMD_ASK_YES -> CMD_YES, CMD_ASK_NO
> -> CMD_NO - caused missing button text
>
> - ignore trailing comments in profile entries
> - space in writenetdomain that caused network rules to be incorrectly
> formatted in the profiles
> - sort the fam/sock_type keys so that profiles are consistently written
>
> - logs that just had network events would not prompt (code was incorrectly
> indented withing the path log parsing code in collapselog)
>
> - yast logprof hang: some of the returns from YCP -> perl were being passed
> to the incorrect backend agent resulting in a hanging packend at the end
> of a profile run
>
> Outstanding defects:
> - yast local save dialog reports only the initial profile created by
> genprof (not picking up other profiles created during the run). All are
> saved locally but the user is not prompted to select.
> - change_hat code still needs to be modified - some of the previous code
> will be needed (logparsing) so I'm working on a patch to backout just the
> profile reading/writing
>
>
> Patches:
>
> - fix_missing_fork_handling.diff
> Fixes bugs introduced with the recent audit message format changes. The
> "clone" operation (fork track hinting) was not processed and resulted in
> missed execution tracking in the tools.
>
> - network_toggles.diff
> Adds basic support for network access toggles (support for these features
> currently reside in the experimental kernel and parser svn trees). These
> features allow basic toggles for network access and allow the user to add
> the network rule (mediation of the family and socket type).
> Source/Destination points and interfaces are not supported at this time.
> Basic support is included for inet, inet6 families and raw, datagram, and
> stream types.
>
> - strip-trailing-comments.diff
> Strip trailing comments on the rules during profile load
>
> - bad_CMD_params.diff
> Inconistency in naming the fields used to populate UI elements caused
> some YaST buttons to have incorrect text.
>
> - readprofiles_prototype_bug.diff
> SubDomain::readprofile() was being called with the incorrect number of
> arguments. Caused YaST backend agents to fail to read the profile set
> correctly
>
> - existing_profiles_bug.diff
> Validate that profile exists so user is not prompted for events for
> non-existent (deleted) profiles.
>
> - yast_logprof_hang.diff
> YaST logprof wizard would hang at the end of the profile run - YCP <->
> perl communication problem
>
>
> _______________________________________________
> Apparmor-dev mailing list
> Apparmor-dev at forge.novell.com
> http://forge.novell.com/mailman/listinfo/apparmor-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_missing_fork_handling.diff
Type: text/x-patch
Size: 1501 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/fix_missing_fork_handling.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: network_toggles.diff
Type: text/x-patch
Size: 11283 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/network_toggles.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bad_CMD_params.diff
Type: text/x-patch
Size: 842 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/bad_CMD_params.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: readprofiles_prototype_bug.diff
Type: text/x-patch
Size: 1592 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/readprofiles_prototype_bug.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: existing_profiles_bug.diff
Type: text/x-patch
Size: 516 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/existing_profiles_bug.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yast_logprof_hang.diff
Type: text/x-patch
Size: 2432 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/yast_logprof_hang.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: directory_permission_bug.diff
Type: text/x-patch
Size: 3596 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/directory_permission_bug.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mandatory_profile.diff
Type: text/x-patch
Size: 2559 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/aa6338a9/mandatory_profile.bin
More information about the Apparmor-dev
mailing list