[Apparmor-dev] Re: repost of network toggle patches for the tools and bug fixes for repo

Dominic Reynolds dreynolds at suse.de
Tue Jul 24 15:24:12 MDT 2007 

Missing patch attached.

-dom

+++ Dominic Reynolds [24/07/07 14:12 -0600]:
> Refreshsed patches to include jesses latest locking/append fixes and fix
> other problems:
>    directory matching when existing rules have tailglobs 
>    rudimentary fix for mandatory profile error messages
> 
> patches:
> 
>   fix_missing_fork_handling.diff
>   network_toggles.diff
>   strip-trailing-comments.diff
>   bad_CMD_params.diff
>   readprofiles_prototype_bug.diff
>   existing_profiles_bug.diff
>   yast_logprof_hang.diff
>   logprof-lock-append.diff
>   directory_permission_bug.diff
>   mandatory_profile.diff
> 
> 
> -dom
> +++ Dominic Reynolds [20/07/07 10:52 -0600]:
> > Patches refreshed and new ones added to fix bugs and incorporate
> > feedback (thanks seth, jj, david, jesse for the testing and review)
> > 
> > Bug fixes:
> >   - SubDomain.pm::readprofile() had an additional argument added during the
> >     audit rework, active profile, that needs to be
> >     passed consistently from ag_subdomain_profiles and
> >     SubDomain.pm::check_profile_syntax
> >  
> >   - apparmor_ycp_utils.ycp - incorrect CMDS: CMD_ASK_YES -> CMD_YES, CMD_ASK_NO
> >     -> CMD_NO - caused missing button text
> > 
> >   - ignore trailing comments in profile entries
> >   - space in writenetdomain that caused network rules to be incorrectly
> >     formatted in the profiles
> >   - sort the fam/sock_type keys so that profiles are consistently written
> >   
> >   - logs that just had network events would not prompt (code was incorrectly
> >     indented withing the path log parsing code in collapselog)
> > 
> >   - yast logprof hang: some of the returns from YCP -> perl were being passed
> >     to the incorrect backend agent resulting in a hanging packend at the end
> >     of a profile run
> > 
> > Outstanding defects:
> >   - yast local save dialog reports only the initial profile created by
> >     genprof (not picking up other profiles created during the run). All are
> >     saved locally but the user is not prompted to select.
> >   - change_hat code still needs to be modified - some of the previous code
> >     will be needed (logparsing) so I'm working on a patch to backout just the
> >     profile reading/writing
> > 
> > 
> > Patches:
> > 
> >   - fix_missing_fork_handling.diff
> >     Fixes bugs introduced with the recent audit message format changes. The
> >     "clone" operation (fork track hinting) was not processed and resulted in
> >     missed execution tracking in the tools.
> >   
> >   - network_toggles.diff
> >     Adds basic support for network access toggles (support for these features
> >     currently reside in the experimental kernel and parser svn trees). These
> >     features allow basic toggles for network access and allow the user to add
> >     the network rule (mediation of the family and socket type).
> >     Source/Destination points and interfaces are not supported at this time.
> >     Basic support is included for inet, inet6 families and raw, datagram, and
> >     stream types.
> > 
> >   - strip-trailing-comments.diff
> >     Strip trailing comments on the rules during profile load
> > 
> >   - bad_CMD_params.diff
> >     Inconistency in naming the fields used to populate UI elements caused
> >     some YaST buttons to have incorrect text.
> > 
> >   - readprofiles_prototype_bug.diff
> >     SubDomain::readprofile() was being called with the incorrect number of
> >     arguments. Caused YaST backend agents to fail to read the profile set
> >     correctly
> > 
> >   - existing_profiles_bug.diff
> >     Validate that profile exists so user is not prompted for events for
> >     non-existent (deleted) profiles.
> > 
> >   - yast_logprof_hang.diff
> >     YaST logprof wizard would hang at the end of the profile run - YCP <->
> >     perl communication problem
> > 
> > 
> 
> 
> 
> 
> 
> 
> 
> 
> > _______________________________________________
> > Apparmor-dev mailing list
> > Apparmor-dev at forge.novell.com
> > http://forge.novell.com/mailman/listinfo/apparmor-dev
> 









> _______________________________________________
> Apparmor-dev mailing list
> Apparmor-dev at forge.novell.com
> http://forge.novell.com/mailman/listinfo/apparmor-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: logprof-lock-append.diff
Type: text/x-patch
Size: 3018 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070724/c2291f04/logprof-lock-append.bin

More information about the Apparmor-dev mailing list