Re: [apparmor] Trivial typo fixes
Hello, Am Donnerstag, 12. April 2018, 12:34:26 CEST schrieb Zygmunt Krynicki: > While reading apparmor source code I couldn't help myself to fix any > typo I could notice. Patches attached below. Thanks! Whoever commits these patches to the kernel - feel free to add Acked-by: Christian Boltzto all 8 patches ;-) Regards, Christian Boltz -- > Was ist das, "Nacht"? Das ist der Zeitraum, in dem Du effektiv administrieren kannst. Weil anscheinend die User alle total faul sind, und sich ausgeloggt haben. [Wilfried Kramer] signature.asc Description: This is a digitally signed message part. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] Trivial typo fixes
Hey everyone. While reading apparmor source code I couldn't help myself to fix any typo I could notice. Patches attached below. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH 3/8] apparmor: fix typo "comparison"
Signed-off-by: Zygmunt Krynicki--- security/apparmor/label.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/apparmor/label.c b/security/apparmor/label.c index 324fe5c60f87..66987cb93b98 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -128,7 +128,7 @@ static int ns_cmp(struct aa_ns *a, struct aa_ns *b) } /** - * profile_cmp - profile comparision for set ordering + * profile_cmp - profile comparison for set ordering * @a: profile to compare (NOT NULL) * @b: profile to compare (NOT NULL) * @@ -157,7 +157,7 @@ static int profile_cmp(struct aa_profile *a, struct aa_profile *b) } /** - * vec_cmp - label comparision for set ordering + * vec_cmp - label comparison for set ordering * @a: label to compare (NOT NULL) * @vec: vector of profiles to compare (NOT NULL) * @n: length of @vec @@ -463,7 +463,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp) /** - * label_cmp - label comparision for set ordering + * label_cmp - label comparison for set ordering * @a: label to compare (NOT NULL) * @b: label to compare (NOT NULL) * -- 2.14.1 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH 7/8] apparmor: fix typo "independent"
Signed-off-by: Zygmunt Krynicki--- security/apparmor/mount.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index 8c558cbce930..2c9c99a416e6 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -121,7 +121,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) * @src_name: src_name of object being mediated (MAYBE_NULL) * @type: type of filesystem (MAYBE_NULL) * @trans: name of trans (MAYBE NULL) - * @flags: filesystem idependent mount flags + * @flags: filesystem independent mount flags * @data: filesystem mount flags * @request: permissions requested * @perms: the permissions computed for the request (NOT NULL) -- 2.14.1 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH 4/8] apparmor: fix typo "replace"
Signed-off-by: Zygmunt Krynicki--- security/apparmor/label.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/label.c b/security/apparmor/label.c index 66987cb93b98..285b246dc267 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -1997,7 +1997,7 @@ static struct aa_label *labelset_next_stale(struct aa_labelset *ls) /** * __label_update - insert updated version of @label into labelset - * @label - the label to update/repace + * @label - the label to update/replace * * Returns: new label that is up to date * else NULL on failure -- 2.14.1 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH 6/8] apparmor: fix typo "traverse"
Signed-off-by: Zygmunt Krynicki--- security/apparmor/match.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 72c604350e80..b175a3472388 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -418,7 +418,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, /** * aa_dfa_next - step one character to the next state in the dfa - * @dfa: the dfa to tranverse (NOT NULL) + * @dfa: the dfa to traverse (NOT NULL) * @state: the state to start in * @c: the input character to transition on * -- 2.14.1 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH 1/8] apparmor: fix typo "strictly"
Signed-off-by: Zygmunt Krynicki--- security/apparmor/domain.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 6a54d2ffa840..6919721a2aa9 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -595,7 +595,7 @@ static struct aa_label *profile_transition(struct aa_profile *profile, /* Policy has specified a domain transitions. if no_new_privs and * confined and not transitioning to the current domain fail. * -* NOTE: Domain transitions from unconfined and to stritly stacked +* NOTE: Domain transitions from unconfined and to strictly stacked * subsets are allowed even when no_new_privs is set because this * aways results in a further reduction of permissions. */ @@ -687,7 +687,7 @@ static int profile_onexec(struct aa_profile *profile, struct aa_label *onexec, /* Policy has specified a domain transitions. if no_new_privs and * confined and not transitioning to the current domain fail. * -* NOTE: Domain transitions from unconfined and to stritly stacked +* NOTE: Domain transitions from unconfined and to strictly stacked * subsets are allowed even when no_new_privs is set because this * aways results in a further reduction of permissions. */ -- 2.14.1 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH 5/8] apparmor: fix typo "type"
Signed-off-by: Zygmunt Krynicki--- security/apparmor/lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 4d5e98e49d5e..a5ce6ae967ed 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -407,7 +407,7 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, * @request: requested perms * @deny: Returns: explicit deny set * @sa: initialized audit structure (MAY BE NULL if not auditing) - * @cb: callback fn for tpye specific fields (MAY BE NULL) + * @cb: callback fn for type specific fields (MAY BE NULL) * * Returns: 0 if permission else error code * -- 2.14.1 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH 2/8] apparmor: fix typo "loosen"
Signed-off-by: Zygmunt Krynicki--- security/apparmor/domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 6919721a2aa9..8025b9a2afbc 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -744,7 +744,7 @@ static struct aa_label *handle_onexec(struct aa_label *label, cond, unsafe)); } else { - /* TODO: determine how much we want to losen this */ + /* TODO: determine how much we want to loosen this */ error = fn_for_each_in_ns(label, profile, profile_onexec(profile, onexec, stack, bprm, buffer, cond, unsafe)); -- 2.14.1 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [profile] arpon 3: network rules.
Hello. A couple of days ago, I created an AppArmor profile for ArpON 3 (ng) application. As we know, ArpON is a solution that make the ARP protocol secure and help to avoid - for example - the Man In The Middle (MITM) attack, the ARP spoofing, ARP cache poisoning or ARP poison routing attack etc. So, I used aa-genprof(8) utility to create a base profile and restart ArpON to make some tests etc. Next, to scan the log files I used aa-logprof(8) program. It gives a suggestions for modifying the profile and asks which execution mode should be used etc. Profile is pretty short, but there is something that is confusing me. I would like ask a question about some of the network rules suggested by aa-logprof(8). AppArmor supports simple coarse grained network mediation and the network rule can restrict all socket(2) based operations, right? So, here it is: network bluetooth raw, network inet dgram, network netlink raw, network packet dgram, network packet raw, These are the rules suggested by aa-logprof(8) program. But, looking on the ArpON profile and how its works, I wonder if 'network bluetooth raw,' rule is needed. Does bluetooth have something to do with ArpON in general? Anyway, maybe it's normall and everything is OK? One more thing: log files contains something like this one. Is it normall, should I add a rule to the profile? ● apparmor="ALLOWED" operation="open" profile="/usr/sbin/arpon" name="/sys/bus/usb/devices/" pid=3131 comm="arpon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 If it's about log entries: in some cases 'requested_mask' and 'denied_mask' have "send", "create", "receive", "getopt", "setopt", "getattr" values etc. 'family' are "netlink" (mostly), "inet", "packet" (mostly) and 'sock_type': "raw", "dgram" and so on. If it's about 'operation' option, there are many different values: "create", "bind", "getsockname", "setsockopt", "sendmsg", "recvmsg", "file_mmap" etc. I apologize for such a bad description, but - for now - I would like to know something about bluetooth and USB (see above). If it will be necessary, I will paste some log entries with above values. Thanks, best regards. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor