Hello community, here is the log from the commit of package apparmor-parser checked in at Thu Jun 5 17:18:17 CEST 2008. -------- --- apparmor-parser/apparmor-parser.changes 2008-06-03 08:22:18.000000000 +0200 +++ /mounts/work_src_done/STABLE/apparmor-parser/apparmor-parser.changes 2008-06-04 13:36:27.233551000 +0200 @@ -1,0 +2,12 @@ +Wed Jun 4 13:35:59 CEST 2008 - jjohansen@suse.de + +- fix policy reload and remove bug that would prevent rc.apparmor + stop and rc.apparmor restart from properly removing or reloading + policy in the cases of unattached profiles and profiles containing + hats (bnc#397014) +- also covers the shell syntax bug (bnc#395060) as that incorrect + test was removed by the fix for (bnc#397014), because it removes + the need to generate the fake profile, thus avoiding the name + mangling. + +------------------------------------------------------------------- Old: ---- apparmor-parser-2.3-1258.tar.gz apparmor-parser-2.3.diff New: ---- apparmor-parser-2.3-1275.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor-docs.spec ++++++ --- /var/tmp/diff_new_pack.n18658/_old 2008-06-05 17:17:37.000000000 +0200 +++ /var/tmp/diff_new_pack.n18658/_new 2008-06-05 17:17:37.000000000 +0200 @@ -25,9 +25,9 @@ %endif Summary: AppArmor Documentation package Version: 2.3 -Release: 21 +Release: 23 Group: Documentation/Other -Source0: apparmor-parser-%{version}-1258.tar.gz +Source0: apparmor-parser-%{version}-1275.tar.gz License: Other uncritical OpenSource License BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -43,7 +43,6 @@ %endif Provides: subdomain-docs Obsoletes: subdomain-docs -Patch0: apparmor-parser-2.3.diff %description This package contains documentation for AppArmor. @@ -60,7 +59,6 @@ %prep %setup -q -n apparmor-parser-%{version} -%patch0 -p1 %build make clean ++++++ apparmor-parser.spec ++++++ --- /var/tmp/diff_new_pack.n18658/_old 2008-06-05 17:17:37.000000000 +0200 +++ /var/tmp/diff_new_pack.n18658/_new 2008-06-05 17:17:37.000000000 +0200 @@ -25,9 +25,9 @@ %endif Summary: AppArmor userlevel parser utility Version: 2.3 -Release: 20 +Release: 22 Group: Productivity/Networking/Security -Source0: %{name}-%{version}-1258.tar.gz +Source0: %{name}-%{version}-1275.tar.gz License: GPL v2 or later BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://forge.novell.com/modules/xfmod/project/?apparmor @@ -49,7 +49,6 @@ %else BuildRequires: te_latex %endif -Patch0: apparmor-parser-2.3.diff %description The AppArmor Parser is a userlevel program that is used to load in @@ -68,7 +67,6 @@ %prep %setup -q -%patch0 -p1 %build make clean all CFLAGS="${RPM_OPT_FLAGS}" @@ -168,6 +166,15 @@ %endif %changelog +* Wed Jun 04 2008 jjohansen@suse.de +- fix policy reload and remove bug that would prevent rc.apparmor + stop and rc.apparmor restart from properly removing or reloading + policy in the cases of unattached profiles and profiles containing + hats (bnc#397014) +- also covers the shell syntax bug (bnc#395060) as that incorrect + test was removed by the fix for (bnc#397014), because it removes + the need to generate the fake profile, thus avoiding the name + mangling. * Tue Jun 03 2008 coolo@suse.de - fixing shell syntax (bnc#395060) * Mon May 26 2008 jjohansen@suse.de ++++++ apparmor-parser-2.3-1258.tar.gz -> apparmor-parser-2.3-1275.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/apparmor-parser.spec new/apparmor-parser-2.3/apparmor-parser.spec --- old/apparmor-parser-2.3/apparmor-parser.spec 2008-05-26 13:29:26.000000000 +0200 +++ new/apparmor-parser-2.3/apparmor-parser.spec 2008-06-04 10:30:06.000000000 +0200 @@ -34,9 +34,9 @@ Summary: AppArmor userlevel parser utility. Name: apparmor-parser Version: 2.3 -Release: 1258 +Release: 1275 Group: Applications/System -Source0: %{name}-%{version}-1258.tar.gz +Source0: %{name}-%{version}-1275.tar.gz License: GPL BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build Url: http://forge.novell.com/modules/xfmod/project/?apparmor diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser.h new/apparmor-parser-2.3/parser.h --- old/apparmor-parser-2.3/parser.h 2008-04-16 07:45:02.000000000 +0200 +++ new/apparmor-parser-2.3/parser.h 2008-06-04 10:24:38.000000000 +0200 @@ -1,4 +1,4 @@ -/* $Id: parser.h 1197 2008-04-16 05:45:02Z jrjohansen $ */ +/* $Id: parser.h 1275 2008-06-04 08:24:38Z jrjohansen $ */ /* * Copyright (c) 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007 @@ -271,6 +271,7 @@ extern void add_to_list(struct codomain *codomain); extern void add_hat_to_policy(struct codomain *policy, struct codomain *hat); extern void add_entry_to_policy(struct codomain *policy, struct cod_entry *entry); +extern void post_process_nt_entries(struct codomain *cod); extern int post_process_policy(void); extern int process_hat_regex(struct codomain *cod); extern int process_hat_variables(struct codomain *cod); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_lex.l new/apparmor-parser-2.3/parser_lex.l --- old/apparmor-parser-2.3/parser_lex.l 2008-05-22 23:11:03.000000000 +0200 +++ new/apparmor-parser-2.3/parser_lex.l 2008-05-29 21:58:18.000000000 +0200 @@ -1,4 +1,4 @@ -/* $Id: parser_lex.l 1256 2008-05-22 21:11:03Z jrjohansen $ */ +/* $Id: parser_lex.l 1267 2008-05-29 19:58:18Z jrjohansen $ */ /* * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 @@ -389,8 +389,7 @@ [^\n] { /* Something we didn't expect */ - yylval = (YYSTYPE) strdup(yytext); - yyerror(_("Found unexpected character: '%s'"), yylval); + yyerror(_("Found unexpected character: '%s'"), yytext); } %% diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_policy.c new/apparmor-parser-2.3/parser_policy.c --- old/apparmor-parser-2.3/parser_policy.c 2008-04-16 11:48:06.000000000 +0200 +++ new/apparmor-parser-2.3/parser_policy.c 2008-06-04 10:24:38.000000000 +0200 @@ -1,4 +1,4 @@ -/* $Id: parser_policy.c 1199 2008-04-16 09:48:06Z jrjohansen $ */ +/* $Id: parser_policy.c 1275 2008-06-04 08:24:38Z jrjohansen $ */ /* * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 @@ -102,8 +102,7 @@ if (!entry->namespace) { char *sub = strstr(entry->nt_name, "//"); /* does the subprofile name match the rule */ -#if 0 -/* disable cix checking as cod->name is not available. Need to rework */ + if (sub && strncmp(cod->name, sub, sub - entry->nt_name) && strcmp(sub + 2, entry->name) == 0) { free(entry->nt_name); @@ -129,7 +128,6 @@ free(entry->nt_name); entry->nt_name = name; } -#endif } if (entry->namespace) { name = malloc(strlen(entry->namespace) + strlen(entry->nt_name) + 3); @@ -162,26 +160,34 @@ void add_entry_to_policy(struct codomain *cod, struct cod_entry *entry) { - if (entry->nt_name) { - int mode = 0; - int n = add_named_transition(cod, entry); - if (!n) { - PERROR("Profile %s has to many specified profile transitions.\n", cod->name); - exit(1); - } - if (entry->mode & AA_USER_EXEC) - mode |= SHIFT_MODE(n << 10, AA_USER_SHIFT); - if (entry->mode & AA_OTHER_EXEC) - mode |= SHIFT_MODE(n << 10, AA_OTHER_SHIFT); - entry->mode = ((entry->mode & ~AA_ALL_EXEC_MODIFIERS) | - (mode & AA_ALL_EXEC_MODIFIERS)); - entry->namespace = NULL; - entry->nt_name = NULL; - } entry->next = cod->entries; cod->entries = entry; } +void post_process_nt_entries(struct codomain *cod) +{ + struct cod_entry *entry; + + list_for_each(cod->entries, entry) { + if (entry->nt_name) { + int mode = 0; + int n = add_named_transition(cod, entry); + if (!n) { + PERROR("Profile %s has to many specified profile transitions.\n", cod->name); + exit(1); + } + if (entry->mode & AA_USER_EXEC) + mode |= SHIFT_MODE(n << 10, AA_USER_SHIFT); + if (entry->mode & AA_OTHER_EXEC) + mode |= SHIFT_MODE(n << 10, AA_OTHER_SHIFT); + entry->mode = ((entry->mode & ~AA_ALL_EXEC_MODIFIERS) | + (mode & AA_ALL_EXEC_MODIFIERS)); + entry->namespace = NULL; + entry->nt_name = NULL; + } + } +} + static void __merge_rules(const void *nodep, const VISIT value, const int __unused depth) { @@ -542,7 +548,11 @@ if (value == preorder || value == endorder) return; - printf("%s^%s\n", __dump_policy_name->name, (*t)->sub_name); + if (regex_type == AARE_DFA) { + printf("%s//%s\n", __dump_policy_name->name, (*t)->name); + } else { + printf("%s^%s\n", __dump_policy_name->name, (*t)->name); + } } void dump_policy_hatnames(struct codomain *cod) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/parser_yacc.y new/apparmor-parser-2.3/parser_yacc.y --- old/apparmor-parser-2.3/parser_yacc.y 2008-04-18 03:40:40.000000000 +0200 +++ new/apparmor-parser-2.3/parser_yacc.y 2008-06-04 10:24:38.000000000 +0200 @@ -1,5 +1,5 @@ %{ -/* $Id: parser_yacc.y 1203 2008-04-18 01:40:40Z jrjohansen $ */ +/* $Id: parser_yacc.y 1275 2008-06-04 08:24:38Z jrjohansen $ */ /* * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 @@ -224,6 +224,7 @@ if (force_complain) cod->flags = force_complain_flags; + post_process_nt_entries(cod); PDEBUG("%s: flags='%s%s'\n", $2, cod->flags.complain ? "complain, " : "", @@ -245,7 +246,7 @@ cod->flags = $6; if (force_complain) cod->flags = force_complain_flags; - + post_process_nt_entries(cod); PDEBUG("%s: flags='%s%s'\n", $3, cod->flags.complain ? "complain, " : "", @@ -1122,6 +1123,9 @@ return entry; } +/* Note: NOT currently in use, used for + * /foo x -> { /bah, } style transitions + */ void add_local_entry(struct codomain *cod) { /* ugh this has to be called after the hat is attached to its parent */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-parser-2.3/rc.apparmor.functions new/apparmor-parser-2.3/rc.apparmor.functions --- old/apparmor-parser-2.3/rc.apparmor.functions 2008-04-24 21:34:21.000000000 +0200 +++ new/apparmor-parser-2.3/rc.apparmor.functions 2008-06-04 10:24:38.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/sh # -# $Id: rc.apparmor.functions 1243 2008-04-24 19:34:21Z jrjohansen $ +# $Id: rc.apparmor.functions 1275 2008-06-04 08:24:38Z jrjohansen $ # # ---------------------------------------------------------------------- # Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 @@ -374,10 +374,7 @@ retval=0 sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | while read profile ; do - if [ ${profile:0:1} eq "/" ] ; then - $profile = "profile_$profile"; - fi - echo "\"$profile\" { }" | $PARSER -R >/dev/null + echo -n "$profile" > "$SFS_MOUNTPOINT/.remove" rc=$? if [ ${rc} -ne 0 ] ; then retval=${rc} @@ -429,7 +426,7 @@ MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX) sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST" sort "$PNAMES_LIST" | comm -2 -3 "$MODULE_PLIST" - | while read profile ; do - echo "\"$profile\" {}" | $PARSER -R >/dev/null + echo -n "$profile" > "$SFS_MOUNTPOINT/.remove" done rm "$MODULE_PLIST" rm "$PNAMES_LIST" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de