~ubuntu-branches/ubuntu/precise/apparmor/precise-security

« back to all changes in this revision

Viewing changes to .pc/0014-apparmor-lp979095.patch/utils/aa-exec.pod

Committer: Package Import Robot
Author(s): Steve Beattie, Jamie Strandboge, Serge Hallyn, Steve Beattie
Date: 2012-04-12 06:17:42 UTC
Revision ID: package-import@ubuntu.com-20120412061742-9v75hjko2mjtbewv

Tags: 2.7.102-0ubuntu3

https://launchpad.net/bugs/974089

https://launchpad.net/bugs/978297

https://launchpad.net/bugs/963756

https://launchpad.net/bugs/959560

https://launchpad.net/bugs/872446

https://launchpad.net/bugs/978584

https://launchpad.net/bugs/800826

https://launchpad.net/bugs/979095

https://launchpad.net/bugs/963756

https://launchpad.net/bugs/978038

https://launchpad.net/bugs/968956

https://launchpad.net/bugs/979135

[ Jamie Strandboge ]
* debian/patches/0007-ubuntu-manpage-updates.patch: update apparmor(5)
  to describe Ubuntu's two-stage policy load and how to add utilize it
  when developing policy (LP: #974089)

[ Serge Hallyn ]
* debian/apparmor.init: do nothing in a container.  This can be
  removed once stacked profiles are supported and used by lxc.
  (LP: #978297)

[ Steve Beattie ]
* debian/patches/0008-apparmor-lp963756.patch: Fix permission mapping
  for change_profile onexec (LP: #963756)
* debian/patches/0009-apparmor-lp959560-part1.patch,
  debian/patches/0010-apparmor-lp959560-part2.patch: Update the parser
  to support the 'in' keyword for value lists, and make mount
  operations aware of 'in' keyword so they can affect the flags build
  list (LP: #959560)
* debian/patches/0011-apparmor-lp872446.patch: fix logprof missing
  exec events in complain mode (LP: #872446)
* debian/patches/0012-apparmor-lp978584.patch: allow inet6 access in
  dovecot imap-login profile (LP: #978584)
* debian/patches/0013-apparmor-lp800826.patch: fix libapparmor
  log parsing library from dropping apparmor network events that
  contain ip addresses or ports in them (LP: #800826)
* debian/patches/0014-apparmor-lp979095.patch: document new mount rule
  syntax and usage in apparmor.d(5) manpage (LP: #979095)
* debian/patches/0015-apparmor-lp963756.patch: Fix change_onexec
  for profiles without attachment specification (LP: #963756,
  LP: #978038)
* debian/patches/0016-apparmor-lp968956.patch: Fix protocol error when
  loading policy to kernels without compat patches (LP: #968956)
* debian/patches/0017-apparmor-lp979135.patch: Fix change_profile to
  grant access to /proc/attr api (LP: #979135)

files added:
.pc/0007-ubuntu-manpage-updates.patch

.pc/0007-ubuntu-manpage-updates.patch/parser

.pc/0007-ubuntu-manpage-updates.patch/parser/apparmor.pod

.pc/0008-apparmor-lp963756.patch

.pc/0008-apparmor-lp963756.patch/parser

.pc/0008-apparmor-lp963756.patch/parser/immunix.h

.pc/0008-apparmor-lp963756.patch/parser/parser_regex.c

.pc/0008-apparmor-lp963756.patch/tests

.pc/0008-apparmor-lp963756.patch/tests/regression

.pc/0008-apparmor-lp963756.patch/tests/regression/apparmor

.pc/0008-apparmor-lp963756.patch/tests/regression/apparmor/Makefile

.pc/0008-apparmor-lp963756.patch/tests/regression/apparmor/onexec.c

.pc/0008-apparmor-lp963756.patch/tests/regression/apparmor/onexec.sh

.pc/0009-apparmor-lp959560-part1.patch

.pc/0009-apparmor-lp959560-part1.patch/parser

.pc/0009-apparmor-lp959560-part1.patch/parser/parser.h

.pc/0009-apparmor-lp959560-part1.patch/parser/parser_lex.l

.pc/0009-apparmor-lp959560-part1.patch/parser/parser_misc.c

.pc/0009-apparmor-lp959560-part1.patch/parser/parser_yacc.y

.pc/0009-apparmor-lp959560-part1.patch/parser/tst

.pc/0009-apparmor-lp959560-part1.patch/parser/tst/simple_tests

.pc/0009-apparmor-lp959560-part1.patch/parser/tst/simple_tests/mount

.pc/0009-apparmor-lp959560-part1.patch/parser/tst/simple_tests/mount/in_1.sd

.pc/0009-apparmor-lp959560-part1.patch/parser/tst/simple_tests/mount/in_2.sd

.pc/0009-apparmor-lp959560-part1.patch/parser/tst/simple_tests/mount/in_3.sd

.pc/0009-apparmor-lp959560-part1.patch/parser/tst/simple_tests/mount/in_4.sd

.pc/0010-apparmor-lp959560-part2.patch

.pc/0010-apparmor-lp959560-part2.patch/parser

.pc/0010-apparmor-lp959560-part2.patch/parser/mount.c

.pc/0011-apparmor-lp872446.patch

.pc/0011-apparmor-lp872446.patch/utils

.pc/0011-apparmor-lp872446.patch/utils/Immunix

.pc/0011-apparmor-lp872446.patch/utils/Immunix/AppArmor.pm

.pc/0012-apparmor-lp978584.patch

.pc/0012-apparmor-lp978584.patch/profiles

.pc/0012-apparmor-lp978584.patch/profiles/apparmor.d

.pc/0012-apparmor-lp978584.patch/profiles/apparmor.d/usr.lib.dovecot.imap-login

.pc/0013-apparmor-lp800826.patch

.pc/0013-apparmor-lp800826.patch/libraries

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/src

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/src/aalogparse.h

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/src/grammar.y

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/src/scanner.l

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi.c

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_01.in

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_01.out

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_02.in

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_02.out

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_03.in

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_03.out

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_04.in

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_04.out

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_05.in

.pc/0013-apparmor-lp800826.patch/libraries/libapparmor/testsuite/test_multi/testcase_network_05.out

.pc/0014-apparmor-lp979095.patch

.pc/0014-apparmor-lp979095.patch/common

.pc/0014-apparmor-lp979095.patch/common/Make.rules

.pc/0014-apparmor-lp979095.patch/parser

.pc/0014-apparmor-lp979095.patch/parser/apparmor.d.pod

.pc/0014-apparmor-lp979095.patch/utils

.pc/0014-apparmor-lp979095.patch/utils/aa-exec.pod

.pc/0015-apparmor-lp963756.patch

.pc/0015-apparmor-lp963756.patch/parser

.pc/0015-apparmor-lp963756.patch/parser/parser_regex.c

.pc/0016-apparmor-lp968956.patch

.pc/0016-apparmor-lp968956.patch/parser

.pc/0016-apparmor-lp968956.patch/parser/parser_main.c

.pc/0017-apparmor-lp979135.patch

.pc/0017-apparmor-lp979135.patch/parser

.pc/0017-apparmor-lp979135.patch/parser/parser.h

.pc/0017-apparmor-lp979135.patch/parser/parser_policy.c

.pc/0017-apparmor-lp979135.patch/parser/parser_yacc.y

.pc/0017-apparmor-lp979135.patch/tests

.pc/0017-apparmor-lp979135.patch/tests/regression

.pc/0017-apparmor-lp979135.patch/tests/regression/apparmor

.pc/0017-apparmor-lp979135.patch/tests/regression/apparmor/onexec.sh

debian/patches/0007-ubuntu-manpage-updates.patch

debian/patches/0008-apparmor-lp963756.patch

debian/patches/0009-apparmor-lp959560-part1.patch

debian/patches/0010-apparmor-lp959560-part2.patch

debian/patches/0011-apparmor-lp872446.patch

debian/patches/0012-apparmor-lp978584.patch

debian/patches/0013-apparmor-lp800826.patch

debian/patches/0014-apparmor-lp979095.patch

debian/patches/0015-apparmor-lp963756.patch

debian/patches/0016-apparmor-lp968956.patch

debian/patches/0017-apparmor-lp979135.patch

libraries/libapparmor/testsuite/test_multi/testcase_network_01.in

libraries/libapparmor/testsuite/test_multi/testcase_network_01.out

libraries/libapparmor/testsuite/test_multi/testcase_network_02.in

libraries/libapparmor/testsuite/test_multi/testcase_network_02.out

libraries/libapparmor/testsuite/test_multi/testcase_network_03.in

libraries/libapparmor/testsuite/test_multi/testcase_network_03.out

libraries/libapparmor/testsuite/test_multi/testcase_network_04.in

libraries/libapparmor/testsuite/test_multi/testcase_network_04.out

libraries/libapparmor/testsuite/test_multi/testcase_network_05.in

libraries/libapparmor/testsuite/test_multi/testcase_network_05.out

parser/tst/simple_tests/mount/in_1.sd

parser/tst/simple_tests/mount/in_2.sd

parser/tst/simple_tests/mount/in_3.sd

parser/tst/simple_tests/mount/in_4.sd

tests/regression/apparmor/onexec.c

tests/regression/apparmor/onexec.sh

files modified:
.pc/applied-patches

common/Make.rules

debian/apparmor.init

debian/changelog

debian/patches/series

libraries/libapparmor/src/aalogparse.h

libraries/libapparmor/src/grammar.y

libraries/libapparmor/src/scanner.l

libraries/libapparmor/testsuite/test_multi.c

parser/apparmor.d.pod

parser/apparmor.pod

parser/immunix.h

parser/mount.c

parser/parser.h

parser/parser_lex.l

parser/parser_main.c

parser/parser_misc.c

parser/parser_policy.c

parser/parser_regex.c

parser/parser_yacc.y

profiles/apparmor.d/usr.lib.dovecot.imap-login

tests/regression/apparmor/Makefile

utils/Immunix/AppArmor.pm

utils/aa-exec.pod

Show diffs side-by-side

added added

removed removed

.pc/0014-apparmor-lp979095.patch/utils/aa-exec.pod

# This publication is intellectual property of Canonical Ltd. Its contents

# can be duplicated, either in part or in whole, provided that a copyright

# label is visibly located on each copy.

# All information found in this book has been compiled with utmost

# attention to detail. However, this does not guarantee complete accuracy.

# Neither Canonical Ltd, the authors, nor the translators shall be held

# liable for possible errors or the consequences thereof.

# Many of the software and hardware descriptions cited in this book

# are registered trademarks. All trade names are subject to copyright

# restrictions and may be registered trade marks. Canonical Ltd

# essentially adheres to the manufacturer's spelling.

# Names of products and trademarks appearing in this book (with or without

# specific notation) are likewise subject to trademark and trade protection

# laws and may thus fall under copyright restrictions.

=pod

=head1 NAME

aa-exec - confine a program with the specified AppArmor profile

=head1 SYNOPSIS

B<aa-exec> [options] [--] [I<E<lt>commandE<gt>> ...]

=head1 DESCRIPTION

B<aa-exec> is used to launch a program confined by the specified profile

and or namespace. If both a profile and namespace are specified command

will be confined by profile in the new policy namespace. If only a namespace

is specified, the profile name of the current confinement will be used. If

neither a profile or namespace is specified command will be run using

standard profile attachment (ie. as if run without the aa-exec command).

If the arguments are to be pasted to the I<E<lt>commandE<gt>> being invoked

by aa-exec then -- should be used to separate aa-exec arguments from the

command.

aa-exec -p profile1 -- ls -l

=head1 OPTIONS

B<aa-exec> accepts the following arguments:

=over 4

=item -p PROFILE, --profile=PROFILE

confine I<E<lt>commandE<gt>> with PROFILE. If the PROFILE is not specified

use the current profile name (likely unconfined).

=item -n NAMESPACE, --namespace=NAMESPACE

use profiles in NAMESPACE. This will result in confinement transitioning

to using the new profile namespace.

=item -f FILE, --file=FILE

a file or directory containing profiles to load before confining the program.

=item -i, --immediate

transition to PROFILE before doing executing I<E<lt>commandE<gt>>. This

subjects the running of I<E<lt>commandE<gt>> to the exec transition rules

of the current profile.

=item -v, --verbose

show commands being performed

=item -d, --debug

show commands and error codes

=item --

Signal the end of options and disables further option processing. Any

arguments after the -- are treated as arguments of the command. This is

useful when passing arguments to the I<E<lt>commandE<gt>> being invoked by

aa-exec.

=head1 BUGS

If you find any bugs, please report them at

L<http://https://bugs.launchpad.net/apparmor/+filebug>.

=head1 SEE ALSO

aa-stack(8), aa-namespace(8), apparmor(7), apparmor.d(5), aa_change_profile(3),

aa_change_onexec(3) and L<http://wiki.apparmor.net>.

=cut

Older »