Re: [apparmor] Trivial typo fixes

[Christian Boltz]

Hello,

Am Donnerstag, 12. April 2018, 12:34:26 CEST schrieb Zygmunt Krynicki:
> While reading apparmor source code I couldn't help myself to fix any
> typo I could notice. Patches attached below.

Thanks!

Whoever commits these patches to the kernel - feel free to add
Acked-by: Christian Boltz 
to all 8 patches ;-)


Regards,

Christian Boltz
-- 
> Was ist das, "Nacht"?
Das ist der Zeitraum, in dem Du effektiv administrieren kannst. Weil
anscheinend die User alle total faul sind, und sich ausgeloggt haben.
[Wilfried Kramer]


signature.asc
Description: This is a digitally signed message part.
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] Trivial typo fixes

[Zygmunt Krynicki]

Hey everyone.

While reading apparmor source code I couldn't help myself to fix any typo I
could notice. Patches attached below.


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 3/8] apparmor: fix typo "comparison"

[Zygmunt Krynicki]

Signed-off-by: Zygmunt Krynicki 
---
 security/apparmor/label.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 324fe5c60f87..66987cb93b98 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -128,7 +128,7 @@ static int ns_cmp(struct aa_ns *a, struct aa_ns *b)
 }
 
 /**
- * profile_cmp - profile comparision for set ordering
+ * profile_cmp - profile comparison for set ordering
  * @a: profile to compare (NOT NULL)
  * @b: profile to compare (NOT NULL)
  *
@@ -157,7 +157,7 @@ static int profile_cmp(struct aa_profile *a, struct 
aa_profile *b)
 }
 
 /**
- * vec_cmp - label comparision for set ordering
+ * vec_cmp - label comparison for set ordering
  * @a: label to compare (NOT NULL)
  * @vec: vector of profiles to compare (NOT NULL)
  * @n: length of @vec
@@ -463,7 +463,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy 
*proxy, gfp_t gfp)
 
 
 /**
- * label_cmp - label comparision for set ordering
+ * label_cmp - label comparison for set ordering
  * @a: label to compare (NOT NULL)
  * @b: label to compare (NOT NULL)
  *
-- 
2.14.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 7/8] apparmor: fix typo "independent"

[Zygmunt Krynicki]

Signed-off-by: Zygmunt Krynicki 
---
 security/apparmor/mount.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
index 8c558cbce930..2c9c99a416e6 100644
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -121,7 +121,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
  * @src_name: src_name of object being mediated (MAYBE_NULL)
  * @type: type of filesystem (MAYBE_NULL)
  * @trans: name of trans (MAYBE NULL)
- * @flags: filesystem idependent mount flags
+ * @flags: filesystem independent mount flags
  * @data: filesystem mount flags
  * @request: permissions requested
  * @perms: the permissions computed for the request (NOT NULL)
-- 
2.14.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 4/8] apparmor: fix typo "replace"

[Zygmunt Krynicki]

Signed-off-by: Zygmunt Krynicki 
---
 security/apparmor/label.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 66987cb93b98..285b246dc267 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -1997,7 +1997,7 @@ static struct aa_label *labelset_next_stale(struct 
aa_labelset *ls)
 
 /**
  * __label_update - insert updated version of @label into labelset
- * @label - the label to update/repace
+ * @label - the label to update/replace
  *
  * Returns: new label that is up to date
  * else NULL on failure
-- 
2.14.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 6/8] apparmor: fix typo "traverse"

[Zygmunt Krynicki]

Signed-off-by: Zygmunt Krynicki 
---
 security/apparmor/match.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 72c604350e80..b175a3472388 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -418,7 +418,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int 
start,
 
 /**
  * aa_dfa_next - step one character to the next state in the dfa
- * @dfa: the dfa to tranverse (NOT NULL)
+ * @dfa: the dfa to traverse (NOT NULL)
  * @state: the state to start in
  * @c: the input character to transition on
  *
-- 
2.14.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 1/8] apparmor: fix typo "strictly"

[Zygmunt Krynicki]

Signed-off-by: Zygmunt Krynicki 
---
 security/apparmor/domain.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 6a54d2ffa840..6919721a2aa9 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -595,7 +595,7 @@ static struct aa_label *profile_transition(struct 
aa_profile *profile,
/* Policy has specified a domain transitions. if no_new_privs and
 * confined and not transitioning to the current domain fail.
 *
-* NOTE: Domain transitions from unconfined and to stritly stacked
+* NOTE: Domain transitions from unconfined and to strictly stacked
 * subsets are allowed even when no_new_privs is set because this
 * aways results in a further reduction of permissions.
 */
@@ -687,7 +687,7 @@ static int profile_onexec(struct aa_profile *profile, 
struct aa_label *onexec,
/* Policy has specified a domain transitions. if no_new_privs and
 * confined and not transitioning to the current domain fail.
 *
-* NOTE: Domain transitions from unconfined and to stritly stacked
+* NOTE: Domain transitions from unconfined and to strictly stacked
 * subsets are allowed even when no_new_privs is set because this
 * aways results in a further reduction of permissions.
 */
-- 
2.14.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 5/8] apparmor: fix typo "type"

[Zygmunt Krynicki]

Signed-off-by: Zygmunt Krynicki 
---
 security/apparmor/lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 4d5e98e49d5e..a5ce6ae967ed 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -407,7 +407,7 @@ int aa_profile_label_perm(struct aa_profile *profile, 
struct aa_profile *target,
  * @request: requested perms
  * @deny: Returns: explicit deny set
  * @sa: initialized audit structure (MAY BE NULL if not auditing)
- * @cb: callback fn for tpye specific fields (MAY BE NULL)
+ * @cb: callback fn for type specific fields (MAY BE NULL)
  *
  * Returns: 0 if permission else error code
  *
-- 
2.14.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 2/8] apparmor: fix typo "loosen"

[Zygmunt Krynicki]

Signed-off-by: Zygmunt Krynicki 
---
 security/apparmor/domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 6919721a2aa9..8025b9a2afbc 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -744,7 +744,7 @@ static struct aa_label *handle_onexec(struct aa_label 
*label,
   cond, unsafe));
 
} else {
-   /* TODO: determine how much we want to losen this */
+   /* TODO: determine how much we want to loosen this */
error = fn_for_each_in_ns(label, profile,
profile_onexec(profile, onexec, stack, bprm,
   buffer, cond, unsafe));
-- 
2.14.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [profile] arpon 3: network rules.

[daniel curtis]

Hello.

A couple of days ago, I created an AppArmor profile for ArpON 3 (ng)
application. As we know, ArpON is a solution that make the ARP
protocol secure and help to avoid - for example - the Man In The
Middle (MITM) attack, the ARP spoofing, ARP cache poisoning or ARP
poison routing attack etc.

So, I used aa-genprof(8) utility to create a base profile and restart
ArpON to make some tests etc. Next, to scan the log files I used
aa-logprof(8) program. It gives a suggestions for modifying the
profile and asks which execution mode should be used etc. Profile is
pretty short, but there is something that is confusing me.

I would like ask a question about some of the network rules suggested
by aa-logprof(8). AppArmor supports simple coarse grained network
mediation and the network rule can restrict all socket(2) based
operations, right? So, here it is:

  network bluetooth raw,
  network inet dgram,
  network netlink raw,
  network packet dgram,
  network packet raw,

These are the rules suggested by aa-logprof(8) program. But, looking
on the ArpON profile and how its works, I wonder if 'network bluetooth
raw,' rule is needed. Does bluetooth have something to do with ArpON
in general? Anyway, maybe it's normall and everything is OK?

One more thing: log files contains something like this one. Is it
normall, should I add a rule to the profile?

● apparmor="ALLOWED" operation="open" profile="/usr/sbin/arpon"
name="/sys/bus/usb/devices/" pid=3131 comm="arpon" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0

If it's about log entries: in some cases 'requested_mask' and
'denied_mask' have "send", "create", "receive", "getopt", "setopt",
"getattr" values etc. 'family' are "netlink" (mostly), "inet",
"packet" (mostly) and 'sock_type': "raw", "dgram" and so on. If it's
about 'operation' option, there are many different values: "create",
"bind", "getsockname", "setsockopt", "sendmsg", "recvmsg", "file_mmap"
etc.

I apologize for such a bad description, but - for now - I would like
to know something about bluetooth and USB (see above). If it will be
necessary, I will paste some log entries with above values.

Thanks, best regards.

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor