ar/log is likely wrong.
So I think we should use:
/run/lock/apache2/stapling-cache* rw,
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ore.kernel.org/lkml/20220910211215.140270-1-jorge.merl...@canonical.com/
Kees Cook (2):
fs/exec: Explicitly unshare fs_struct on exec
exec: Remove LSM_UNSAFE_SHARE
fs/exec.c | 26
fs/fs_struct.c | 1 -
include/linux/fdtable.h| 1 +
include/linux/fs
man
Cc: Alexander Viro
Cc: "Christian Brauner (Microsoft)"
Cc: Thomas Gleixner
Cc: Andy Lutomirski
Cc: Sebastian Andrzej Siewior
Cc: Andrew Morton
Cc: linux...@kvack.org
Cc: linux-fsde...@vger.kernel.org
Signed-off-by: Kees Cook
---
fs/exec.c | 9 +++---
fs/fs_st
Cc: Eric Paris
Cc: Richard Haines
Cc: Casey Schaufler
Cc: Xin Long
Cc: "David S. Miller"
Cc: Todd Kjos
Cc: Ondrej Mosnacek
Cc: linux-fsde...@vger.kernel.org
Cc: linux...@kvack.org
Cc: apparmor@lists.ubuntu.com
Cc: linux-security-mod...@vger.kernel.org
Cc: seli...@vger.kernel.org
On Thu, Sep 13, 2022 at 15:03:38 -0700, Kees Cook wrote:
> It seems quite unusual to have a high-load heavily threaded
> process decide to exec.
In looking at this a bunch more, I actually think everything is working
as intended. If a process is actively launching threads while also try
On October 6, 2022 7:13:37 AM PDT, Jann Horn wrote:
>On Thu, Oct 6, 2022 at 11:05 AM Christian Brauner wrote:
>> On Thu, Oct 06, 2022 at 01:27:34AM -0700, Kees Cook wrote:
>> > The check_unsafe_exec() counting of n_fs would not add up under a heavily
>> > threaded
ed:
https://lore.kernel.org/lkml/202210061301.207A20C8E5@keescook/
--
Kees Cook
he shared fs_struct if the "NO_NEW_PRIVS permits chroot()" thing had
> ever landed that you
> (https://lore.kernel.org/lkml/0e2f0f54e19bff53a3739ecfddb4ffa9a6dbde4d.1327858005.git.l...@amacapital.net/)
> and Mickaël Salaün proposed in the past... or alternatively, if there
> was a way to properly filter all the syscalls that Chrome has to
> permit for renderers.)
>
> (But also, to be clear, I don't speak for Chrome, this is just my
> understanding of how their stuff works.)
Chrome seems to just want a totally empty filesystem view, yes?
Let's land the nnp+chroot change. :P Only 10 years late! Then we can
have Chrome use this and we can unshare fs on exec...
--
Kees Cook
On Thu, Mar 02, 2023 at 12:28:20PM -0800, Luis Chamberlain wrote:
> register_sysctl_paths() is not required, we can just use
> register_sysctl() with the required path specified.
>
> Signed-off-by: Luis Chamberlain
Acked-by: Kees Cook
--
Kees Cook
On Thu, Mar 02, 2023 at 12:28:22PM -0800, Luis Chamberlain wrote:
> register_sysctl_paths() is only needed if you have childs (directories)
> with entries. Just use register_sysctl_init() as it also does the
> kmemleak check for you.
>
> Signed-off-by: Luis Chamberlain
Acke
On Thu, Mar 02, 2023 at 12:28:21PM -0800, Luis Chamberlain wrote:
> register_sysctl_paths() is only need if you have directories with
> entries, simplify this by using register_sysctl().
>
> Signed-off-by: Luis Chamberlain
Acked-by: Kees Cook
--
Kees Cook
ists.ubuntu.com
Cc: linux-security-mod...@vger.kernel.org
Signed-off-by: Kees Cook
---
One thing I notice here is that it may be rare for "buffer" to ever change
for a given kernel. Could this just be made PATH_MAX * 2 directly and
remove the module parameter, etc, etc?
---
security/
On Thu, May 11, 2023 at 02:48:29PM -0700, John Johansen wrote:
> On 5/11/23 14:34, Kees Cook wrote:
> > In the ongoing effort to convert all fake flexible arrays to proper
> > flexible arrays, replace aa_buffer's 1-element "buffer" member with a
> > flexib
On Thu, May 11, 2023 at 02:48:29PM -0700, John Johansen wrote:
> On 5/11/23 14:34, Kees Cook wrote:
> > In the ongoing effort to convert all fake flexible arrays to proper
> > flexible arrays, replace aa_buffer's 1-element "buffer" member with a
> > flexib
On Wed, May 31, 2023 at 05:21:40AM -0700, John Johansen wrote:
> On 5/30/23 15:55, Kees Cook wrote:
> > On Thu, May 11, 2023 at 02:48:29PM -0700, John Johansen wrote:
> > > On 5/11/23 14:34, Kees Cook wrote:
> > > > In the ongoing effort to convert all
rauner
Cc: Jan Kara
Cc: Eric Biederman
Cc: Andrew Morton
Cc: Sebastian Andrzej Siewior
Cc: linux-fsde...@vger.kernel.org
Cc: linux...@kvack.org
Cc: apparmor@lists.ubuntu.com
Cc: linux-security-mod...@vger.kernel.org
Signed-off-by: Kees Cook
---
security/apparmor/lsm.c | 4 +++-
security/tomoyo/
On Wed, Jan 24, 2024 at 12:39:38PM -0700, Kevin Locke wrote:
> On Wed, 2024-01-24 at 11:22 -0800, Kees Cook wrote:
> > After commit 978ffcbf00d8 ("execve: open the executable file before
> > doing anything else"), current->in_execve was no longer in sync with the
>
On Wed, Jan 24, 2024 at 08:58:55PM +0100, Jann Horn wrote:
> On Wed, Jan 24, 2024 at 8:22 PM Kees Cook wrote:
> > After commit 978ffcbf00d8 ("execve: open the executable file before
> > doing anything else"), current->in_execve was no longer in sync with the
> &g
On Wed, Jan 24, 2024 at 12:47:34PM -0800, Linus Torvalds wrote:
> On Wed, 24 Jan 2024 at 12:15, Kees Cook wrote:
> >
> > Hmpf, and frustratingly Ubuntu (and Debian) still builds with
> > CONFIG_USELIB, even though it was reported[2] to them almost 4 years ago.
For completene
On Wed, Jan 24, 2024 at 01:32:02PM -0800, Kees Cook wrote:
> On Wed, Jan 24, 2024 at 12:47:34PM -0800, Linus Torvalds wrote:
> > On Wed, 24 Jan 2024 at 12:15, Kees Cook wrote:
> > >
> > > Hmpf, and frustratingly Ubuntu (and Debian) still builds with
> > &g
On Wed, Jan 24, 2024 at 10:40:49PM +0100, Jann Horn wrote:
> On Wed, Jan 24, 2024 at 10:32 PM Kees Cook wrote:
> >
> > On Wed, Jan 24, 2024 at 12:47:34PM -0800, Linus Torvalds wrote:
> > > On Wed, 24 Jan 2024 at 12:15, Kees Cook wrote:
> > > >
> > >
On Fri, Mar 15, 2024 at 01:54:09PM +0100, Christian Göttsche wrote:
> Fix the typo in the function documentation to please kernel doc
> warnings.
>
> Signed-off-by: Christian Göttsche
Reviewed-by: Kees Cook
--
Kees Cook
e of the kernel and run time memory
> bloat by ~64 bytes per sentinel (further information Link :
> https://lore.kernel.org/all/zo5yx5jfoggi%2f...@bombadil.infradead.org/)
>
> Remove the sentinel from all files under security/ that register a
> sysctl table.
>
> Signed-off-by:
patches 1-10 go via their respective subsystems, and once all
of those are in Linus's tree, send patch 11 as a stand-alone PR.
(From patch 11, it looks like the seccomp read/write function changes
could be split out? I'll do that now...)
-Kees
--
Kees Cook
On Sun, May 12, 2024 at 09:32:40PM +0200, Joel Granados wrote:
> On Sat, May 11, 2024 at 11:51:18AM +0200, Thomas Weißschuh wrote:
> > Hi Kees,
> >
> > On 2024-05-08 10:11:35+, Kees Cook wrote:
> > > On Wed, Apr 24, 2024 at 08:12:34PM -0700, Jakub Kicinski wrot
e == 4096 (0x1000)
> (u16)16 == 16 (0x10)
> # policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1
>
> Add the missing endianness conversions when generating test data.
>
> Fixes: 4d944bcd4e73 ("apparmor: add AppArmor KUnit tests for policy unpack")
> Cc: Brendan Hi
been hex-encoded; these occur when the binary path name
> includes a space or other character that needs encoding.
>
> The attached patch fixes the issue as well as adding a testcase that
> demonstrates the issue.
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
App
On Thu, Dec 08, 2011 at 07:17:12AM -0800, John Johansen wrote:
> I would like to propose we remove the parent= field from log messages.
+1
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
kernel/printk_ratelimit)
>
> aa-genprof firefox
FWIW aa-genprof already temporarily turns this off now.
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
base,
> given that.
sudo apparmor_parser -r /etc/apparmor.d/name.of.profile.file
> Also, is there an apparmor rule allowing the prctl syscall?
prctl() is not mediated by apparmor.
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
h
d allow such unsafe environments. They should be _found_ because of
the lack of "m" on these files.
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
mmaps, which would imply
that the READ_IMPLIES_EXEC personality bit was set, implying the binaries
have executable stacks. But now I can't reproduce this behavior. Can you
run "execstack -q" on the ELFs?
Thanks!
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubu
The "mr" stuff means _executable_ mmap. I looks like unbound have an executable
stack. This should likely be fixed instead of adding "mr" to the abstraction,
since it is a larger problem:
# execstack -q /usr/sbin/unbound
X /usr/sbin/unbound
--
https://code.launchpad.net/~sdeziel/apparmor-profi
Based on some of the initial design[1] discussions, here is a stab at the
simple static portion of the new apparmorfs interface.
[1] https://lists.ubuntu.com/archives/apparmor/2010-November/000491.html
Signed-off-by: Kees Cook
---
security/apparmor/apparmorfs.c | 114
AppArmor: implement static feature reporting interface
This adds the ability to query the internal versions of the various
policy features of AppArmor.
Signed-off-by: Kees Cook
---
v2:
- start using enum/union for display values.
v1:
- initial patch.
---
diff --git a/security/apparmor
) {
> if (!conf_quiet)
> PERROR("Skipping profile in %s/disable: %s\n",
> basedir, basename);
> goto out;
> --
> 1.7.7.3
>
>
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu
On Tue, Dec 27, 2011 at 06:49:33PM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Dec 27, 2011 at 06:49:34PM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Dec 27, 2011 at 06:49:35PM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Dec 27, 2011 at 07:01:44PM -0800, John Johansen wrote:
> The rlimit start condition was separating different rules of the base
> set making the lexer grammer harder to read than necessary.
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor
On Tue, Dec 27, 2011 at 07:01:45PM -0800, John Johansen wrote:
> The affected comment rule is already in the INITIAL start condition
> so BEGIN(INITIAL) is extraneous and will cause problems when switching
> to a stack of start conditions.
>
> Signed-off-by: John Johansen
Acke
On Tue, Dec 27, 2011 at 07:01:46PM -0800, John Johansen wrote:
> This is the first step in reducing the number of shared rules between the
> different start conditions.
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@list
On Tue, Dec 27, 2011 at 07:01:47PM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Dec 27, 2011 at 07:01:48PM -0800, John Johansen wrote:
> There is a lot of duplication of code calling processqunquoted and
> processquoted. Move all this code to use the new processid fn.
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor
e keyword
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Dec 27, 2011 at 07:01:50PM -0800, John Johansen wrote:
> Reworking this code is a step to getting rid of the SUB_NAME2 start
> condition.
(s-o-b missing here?)
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscr
Hi Seth,
On Fri, Dec 30, 2011 at 06:44:16PM -0800, Seth Arnold wrote:
> On Thu, Dec 29, 2011 at 4:46 PM, Kees Cook wrote:
> > +#include
>
> Why is this header now required? I didn't spot it in the code.
Heh, yeah, I have no idea. I was wondering that myself while revi
Use a file tree structure to represent the AppArmor securityfs.
Signed-off-by: Kees Cook
---
security/apparmor/apparmorfs.c | 156 +---
1 files changed, 114 insertions(+), 42 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor
This adds the "features" subdirectory to the AppArmor securityfs
to display boolean features flags and the known capability mask.
Signed-off-by: Kees Cook
---
security/apparmor/apparmorfs.c | 60
1 files changed, 60 insertions(+), 0 deletion
Since the parser needs to know which rlimits are known to the kernel,
export the name/value mappings via the "rlimit" subdirectory in the
securityfs "features" directory.
Signed-off-by: Kees Cook
---
security/apparmor/Makefile |4 ++--
security/apparmor/appar
sible would it be
> to construct the entire table via the cmd_make-rlim script?
This was bothering me too. Let me see what I can do.
> All three patches _look_ good but not tested.
Thanks!
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or un
On Sat, Dec 31, 2011 at 12:22:09PM -0800, John Johansen wrote:
> On 12/31/2011 01:07 AM, Kees Cook wrote:
> >Since the parser needs to know which rlimits are known to the kernel,
> >export the name/value mappings via the "rlimit" subdirectory in the
> >securityfs &
Use a file tree structure to represent the AppArmor securityfs.
Signed-off-by: Kees Cook
---
security/apparmor/apparmorfs.c | 132 ++--
security/apparmor/include/apparmorfs.h | 24 ++
2 files changed, 114 insertions(+), 42 deletions(-)
diff --git a
This adds the "features" subdirectory to the AppArmor securityfs
to display boolean features flags and the known capability mask.
Change-Id: Icac1e00ad2788925dfbafb32bbf5ebdd355c2c43
Signed-off-by: Kees Cook
---
security/apparmor/apparmorfs.c
Create the "file" directory in the securityfs for tracking features
related to files.
Change-Id: Ia12babbd48e7d9b4eb3ce6cb5e51f4b46ba3a1b0
Signed-off-by: Kees Cook
---
security/apparmor/apparmorfs.c | 10 ++
security/apparmor/include/apparmorfs.h |6 ++
2 fil
Since the parser needs to know which rlimits are known to the kernel,
export the list via a mask file in the "rlimit" subdirectory in the
securityfs "features" directory.
Signed-off-by: Kees Cook
---
security/apparmor/Makefile | 24 ++-
On Wed, Jan 04, 2012 at 07:50:38AM -0600, Jamie Strandboge wrote:
> The attached patch updates for usr.bin.sshd example profile to work with
> zsh4, dash and systems where /var/run moved to /run. Also allows read
> of /etc/default/locale.
Acked-by: Kees Cook
--
Kees Cook
--
AppArmo
On Wed, Jan 04, 2012 at 07:51:44AM -0600, Jamie Strandboge wrote:
> Author: Jamie Strandboge
> Description: update dovecot deliver profile to access various .conf files for
> dovecot
> Bug-Ubuntu: https://launchpad.net/bugs/458922
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor
On Wed, Jan 04, 2012 at 07:52:19AM -0600, Jamie Strandboge wrote:
> Author: James Troup
> Description: fix typo when adding multiarch lines for gconv
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
On Wed, Jan 04, 2012 at 07:48:33AM -0600, Jamie Strandboge wrote:
> The attached adds the following to the python abstraction:
> +
> + # python setup script used by apport
> + /etc/python{2,3}.[0-7]*/sitecustomize.py r,
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing l
,.[0-9]*} wl,
>
> Attached is a patch to achieve this (and fixes 2 spelling errors).
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
proc/filesystems r,
> +/proc/meminfo r,
These are already in "base".
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
t; namespace instead of loading the profile to the new namespace.
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Sun, Jan 08, 2012 at 06:48:47PM -0800, John Johansen wrote:
> How about this?
Yay! Man, this is so overdue; thanks for doing this. :)
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mail
On Tue, Feb 14, 2012 at 09:32:23AM -0800, John Johansen wrote:
> ID and POST_VAR_ID define a set of characters that is reused, pull this
> out to avoid making mistakes when updating the character set.
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppA
sensible? "Flag"
seems to make sense sense after this refactor.
Otherwise, it looks good to me.
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
> The mount patch extends, and improves on this patch, the changes probably
> should have been separated out but ...
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://
/* nothing */
> };
>
> opt_flags: { /* nothing */ $$ = 0; }
> - | TOK_FLAGS { $$ = 1; }
> + | TOK_CONDID TOK_EQUALS
> + {
> + if (strcmp($1, "flags") != 0)
> + yyerror("expected flags= got %s=", $1);
> +
return TOK_ID;
> }
>
> -{MODES} {
> +({MODES})/([[:space:],]) {
> DUMP_PREPROCESS;
> yylval.mode = strdup(yytext);
> PDEBUG("Found modes: %s\n", yylval.mode);
Otherwi
pace, char *id, int mode,
> char *link_id, char *nt);
> @@ -77,6 +79,7 @@ void add_local_entry(struct codomain *cod);
>
> %}
>
> +
> %token TOK_ID
> %token TOK_CONDID
> %token TOK_CARET
Needless whitespace addition in this chunk. Otherwise, looks fine to me.
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
if ($2 == 0) {
> + /* bare capability keyword - set all caps */
> + $$ = 0x;
Should this be something more dynamic, using _LINUX_CAPABILITY_U32S_3 or
something similar to detect size, or is it sufficient to assume unsigned
long now?
If it's s
On Tue, Feb 14, 2012 at 09:32:30AM -0800, John Johansen wrote:
> The ability to set capabilities from a profile has been removed from the
> kernel for several releases. Remove it from the parser as well.
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppA
t;
> Signed-off-by: John Johansen
Oh, very cool. I like this. :)
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Feb 14, 2012 at 09:32:32AM -0800, John Johansen wrote:
> value_list can be reused by conditionals and list values, so pull it out
> and abstract it some more.
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubunt
On Tue, Feb 14, 2012 at 09:32:34AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Feb 14, 2012 at 09:32:35AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
audit and
The description seems cut off?
> Signed-off-by: John Johansen
Otherwise, it seems okay.
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
> in some DFAs. It also could result in x conflicts not being correctly
> detected, and deny rules not being fully applied in some situations.
Does this mean the big "x" collision test is useless now?
> Signed-off-by: John Johansen
Acked-by: Kees Cook
> @@ -462,6
> not get applied.
>
> For now default filtering out of deny information to off, as it takes
> extra time and seldom results in further state reduction.
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
et only a few selected pieces of software for Wheezy.
Frankly, I don't think AppArmor is in shape for "production" use in Wheezy
due to the kernel limitations. I don't think this is a big problem -- it is
available for people to start working with, and we should continue to kno
On Tue, Feb 14, 2012 at 12:51:55PM -0800, John Johansen wrote:
> On 02/14/2012 11:10 AM, Kees Cook wrote:
> > On Tue, Feb 14, 2012 at 09:32:26AM -0800, John Johansen wrote:
> >> Signed-off-by: John Johansen
> >> ---
> >> parser/parser_lex.l | 31
y,
>
> I hope not too many people use this ;-) but nevertheless here's the
> patch to update apparmor.vim to support it. Using just "capability" will
> be marked in the "dangerous capability" color.
>
> Additionally, the patch removes the (already commen
have sufficient permissions to determine if AppArmor is enabled.
+=back
B
+=over 4
+
=item B
Insufficient memory was available.
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Wed, Feb 15, 2012 at 04:17:56PM -0800, Steve Beattie wrote:
> On Wed, Feb 15, 2012 at 02:17:16PM -0800, Kees Cook wrote:
> > This is a trivial manpage fix that makes pod2man stop yelling at me.
>
> Acked-By: Steve Beattie for both trunk and 2.7.
>
> I was wondering
to be comfortable to ACK it, but
if you say it's needed, that's good enough for me. ;) That said, is there
a simple test-case that can be used to show the before/after of this
change?
-Kees
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
now it will be possible to get the old default namespace relative
> behavior by passing the namespace_relative flag to the profile
>
> eg.
> profile /example (namespace_relative) { .. }
>
> Signed-off-by: John Johansen
Acked-by: Kees Cook
--
Kees Cook
--
AppArmor maili
; see a benefit in trying to protect the surrounding system from a
> compromised GPG process.
That's traditionally been my view as well -- GPG is usually considered the
high-value target itself. I'm not opposed to having a gpg profile; I just
hadn't considered one before. :P
Hi,
On Thu, Feb 16, 2012 at 12:19:49AM +0100, intrigeri wrote:
> Kees Cook wrote (14 Feb 2012 19:59:45 GMT) :
> > Ubuntu's evince and isc-dhcp-client profiles are very well tested at
> > this point. I think it should be easy to move those into Debian if
> > they'r
: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
>
> Signed-off-by: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ex |= AA_X_NAME | AA_X_CHILD;
> - } else {
> + } else if (old_index) {
> index |= AA_X_TABLE;
> index |= old_index - 4;
> }
What about the cases where old_index < 4, but != 0?
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
vious audit bug which would drop some
> messages that where supposed to be audited.
>
> Signed-off-by: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ed-off-by: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Wed, Feb 22, 2012 at 09:10:32AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ce
> counted object with a corresponding put fn.
>
> Signed-off-by: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ot affect mediation as it only changes the path reported by
> the unconfined (none mediating), an null learning profiles.
>
> Also ensure that if a profile is ever loaded with out path flags set, that
> it defaults to being chroot relative.
>
> Signed-off-by: John Johansen
Signed
On Wed, Feb 22, 2012 at 09:10:36AM -0800, John Johansen wrote:
> Add the base support for the new policy extensions. This does not bring
> any additional functionality, or change current semantics.
>
> Signed-off-by: John Johansen
Signed-off-by: Kees Cook
--
Kees Cook
--
AppA
;
> const char *name = NULL;
> - int error = -EPROTO;
> + size_t size = 0;
> + int i, error = -EPROTO;
> kernel_cap_t tmpcap;
> u32 tmp;
>
> @@ -562,6 +576,38 @@ static struct aa_profile *unpack_profile(struct aa_ext
> *e)
> if (!unpack_rlimits(e, profile))
> goto fail;
>
> + size = unpack_array(e, "net_allowed_af");
> + if (size) {
> +
> + for (i = 0; i < size; i++) {
> + /* discard extraneous rules that this kernel will
> + * never request
> + */
> + if (i >= AF_MAX) {
> + u16 tmp;
> + if (!unpack_u16(e, &tmp, NULL) ||
> + !unpack_u16(e, &tmp, NULL) ||
> + !unpack_u16(e, &tmp, NULL))
> + goto fail;
> + continue;
> + }
> + if (!unpack_u16(e, &profile->net.allow[i], NULL))
> + goto fail;
> + if (!unpack_u16(e, &profile->net.audit[i], NULL))
> + goto fail;
> + if (!unpack_u16(e, &profile->net.quiet[i], NULL))
> + goto fail;
> + }
> + if (!unpack_nameX(e, AA_ARRAYEND, NULL))
> + goto fail;
> + /*
> + * allow unix domain and netlink sockets they are handled
> + * by IPC
> + */
Should this comment move below the current indent level?
> + }
> + profile->net.allow[AF_UNIX] = 0x;
> + profile->net.allow[AF_NETLINK] = 0x;
> +
> if (unpack_nameX(e, AA_STRUCT, "policydb")) {
> /* generic policy dfa - optional and may be NULL */
> profile->policy.dfa = unpack_dfa(e);
> --
> 1.7.9
>
>
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Kees Cook
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
1 - 100 of 180 matches
Mail list logo
