felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feat/aa'

Browse source 
Improve go apparmor lib.

* aa: (62 commits)
  feat(aa): handle appending value to defined variables.
  chore(aa): cosmetic.
  fix: userspace prebuild test.
  chore: cleanup unit test.
  feat(aa): improve log conversion.
  feat(aa): move conversion function to its own file & add unit tests.
  fix: go linter issue & not defined variables.
  tests(aa): improve aa unit tests.
  tests(aa): improve rules unit tests.
  feat(aa): ensure the prebuild jobs are working.
  feat(aa): add more unit tests.
  chore(aa): cleanup.
  feat(aa): Move sort, merge and format methods to the rules interface.
  feat(aa): add the hat template.
  feat(aa): add the Kind struct to manage aa rules.
  feat(aa): cleanup rules methods.
  feat(aa): add function to resolve include preamble.
  feat(aa): updaqte mount flags order.
  feat(aa): update default tunable selection.
  feat(aa): parse apparmor preamble files.
  ...
This commit is contained in:
Alexandre Pujol 2024-05-30 19:29:34 +01:00
commit 89abbae6bd
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
90 changed files with 4995 additions and 2012 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tests/string.aa
View file

@ -1,4 +1,5 @@
# Simple test profile for the AppArmorProfile.String() method
# Simple test profile for the AppArmorProfileFile.String() method
abi <abi/4.0>,
alias /mnt/usr -> /usr,
@ -18,13 +19,13 @@ profile foo @{exec_path} xattrs=(security.tagged=allowed) flags=(complain attach
network inet stream,
network inet6 stream,
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /,
mount fstype=fuse.portal options=(rw rbind) @{run}/user/@{uid}/ -> /, # failed perms check
umount @{run}/user/@{uid}/,
signal (receive) set=(term) peer=at-spi-bus-launcher,
signal receive set=term peer=at-spi-bus-launcher,
ptrace (read) peer=nautilus,
ptrace read peer=nautilus,
unix (send receive) type=stream addr=@/tmp/.ICE-unix/1995 peer=(label=gnome-shell, addr=none),

2
tests/testdata/tunables/dir.d/aliases vendored Normal file
View file

@ -0,0 +1,2 @@
alias /usr/ -> /User/,
alias /lib/ -> /Libraries/,

2
tests/testdata/tunables/dir.d/vars vendored Normal file
View file

@ -0,0 +1,2 @@
# variable declarations for inclusion
@{FOO} = /foo /bar /baz /biff /lib /tmp

3
tests/testdata/tunables/global vendored Normal file
View file

@ -0,0 +1,3 @@
include <tunables/dir.d>