AppArmor

apparmor:master

  1. Git
  2. lp:apparmor
  3. master
Last commit made on 2024-05-21
Get this branch:
git clone -b master https://git.launchpad.net/apparmor

Branch merges

Branch information

Name:
master
Repository:
lp:apparmor

Recent commits

82f5bd6... by Georgia Garcia

Merge MountRule: Aligning behavior with apparmor_parser

Mount Rules with options in { remount, [make-] { [r]unbindable, [r]shared, [r]private, and [r]slave }} do not support specifying a source. This commit aligns utils implementation to apparmor_parser's, which prohibits having a both source and a destination simultaneously, instad of just prohibiting source.

Therefore, both `mount options=(unbindable) /a,` and `mount options=(unbindable) -> /a,` are now supported (and equivalent for apparmor_parser). However, `mount options=(unbindable) /a -> /b,` is invalid.

For the same reason, specifying a fstype in these cases is also prohibited.

Similarly, we prohibit to specify a fstype for bind mount rules.

Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685

Signed-off-by: Maxime Bélair <email address hidden>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1236
Approved-by: Georgia Garcia <email address hidden>
Merged-by: Georgia Garcia <email address hidden>

60acc4a... by Maxime Bélair

MountRule: Aligning behavior with apparmor_parser

Mount Rules with options in { remount, [make-] { [r]unbindable, [r]shared, [r]private, and [r]slave }} do not support specifying a source. This commit aligns utils implementation to apparmor_parser's, which prohibits having a both source and a destination simultaneously, instad of just prohibiting source.

Therefore, both `mount options=(unbindable) /a,` and `mount options=(unbindable) -> /a,` are now supported (and equivalent for apparmor_parser). However, `mount options=(unbindable) /a -> /b,` is invalid.

For the same reason, specifying a fstype in these cases is also prohibited.

Similarly, we prohibit to specify a fstype for bind mount rules.

Fixes: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685

Signed-off-by: Maxime Bélair <email address hidden>

c8b53b0... by Christian Boltz

Merge utils: replace pyflakes3 with flake8 to improve python checks

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1235
Approved-by: Christian Boltz <email address hidden>
Merged-by: Christian Boltz <email address hidden>

e511b05... by Georgia Garcia

utils: switch pyflakes3 to flake8 to improve python checks

The following exceptions were added to flake8 since they have several
expected uses in the tools and their tests:

E501: Line lengths are recommended to be no greater than 79 characters.
E241: Multiple spaces after ','
W503: Line break occurred before a binary operator

Signed-off-by: Georgia Garcia <email address hidden>

cec9ae6... by Georgia Garcia

utils: fix coding style to match PEP8

Annotate exceptions with ' # noqa: ERROR'

Signed-off-by: Georgia Garcia <email address hidden>

e1bda6d... by Christian Boltz

Merge ProfileStorage: incldue profile header in __repr__()

ProfileStorage knows a whole profile, therefore it should also include the profile header in `__repr__()`.

Also add a test for this.

While on it, add a test for an invalid type change for a type that doesn't have special handling in `__setitem__()` to increase test coverage.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1233
Approved-by: Georgia Garcia <email address hidden>
Merged-by: Christian Boltz <email address hidden>

5936c77... by Christian Boltz

Merge Drop unused Raw_Mount_Rule and Raw_Unix_Rule

These are no longer needed because we have MountRule and UnixRule
classes now.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1230
Approved-by: Georgia Garcia <email address hidden>
Merged-by: Christian Boltz <email address hidden>

e1de0bb... by Georgia Garcia

Merge Add fcitx5 dbus interface to fcitx abstraction

Similar reference in snapd https://github.com/snapcore/snapd/pull/12924

Reference upstream implementation:

https://github.com/fcitx/fcitx/blob/master/src/frontend/ipcportal/ipcportal.h
https://github.com/fcitx/fcitx5/blob/master/src/frontend/dbusfrontend/dbusfrontend.cpp

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1222
Approved-by: Georgia Garcia <email address hidden>
Merged-by: Georgia Garcia <email address hidden>

452f7fa... by Georgia Garcia

Merge libapparamor: Define a portable version of gnu basename

Since musl 1.2.5, basename(3) prototype is only provided in libgen.h
(as mandated by POSIX) and not in strings.h. Also there is a major
difference between the gnu basename and the one defined in libgen.h,
the latter modify the argument string making them incompatible.

Fix this by defining a portable version of basename using strchr.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1234
Approved-by: Georgia Garcia <email address hidden>
Merged-by: Georgia Garcia <email address hidden>

7fb040b... by Jules Maselbas <email address hidden>

libapparamor: Define a portable version of gnu basename

Since musl 1.2.5, basename(3) prototype is only provided in libgen.h
(as mandated by POSIX) and not in strings.h. Also there is a major
difference between the gnu basename and the one defined in libgen.h,
the latter modify the argument string making them incompatible.

Fix this by defining a portable version of basename using strchr.