1. 29 Aug, 2018 1 commit
  2. 27 Sep, 2017 1 commit
  3. 08 Jun, 2017 1 commit
  4. 02 Jun, 2017 1 commit
  5. 07 Apr, 2017 1 commit
  6. 13 Oct, 2016 1 commit
  7. 30 Sep, 2016 2 commits
  8. 12 Aug, 2016 1 commit
  9. 25 Jul, 2016 1 commit
  10. 30 Sep, 2015 1 commit
  11. 06 Aug, 2015 1 commit
    • Simon McVittie's avatar
      bus: move shared libaudit code to a new audit.[ch] · 327a52e4
      Simon McVittie authored
      This fixes various duplicated libaudit interactions in both
      SELinux and AppArmor code paths, including opening two audit sockets
      if both SELinux and AppArmor were enabled at compile time.
      In particular, audit.c is now the only user of libcap-ng.
      
      This commit is not intended to introduce any functional changes,
      except for the de-duplication.
      
      The actual audit_log_user_avc_message() call is still duplicated,
      because the SELinux and AppArmor code paths use different mechanisms
      to compose the audit message: the SELinux path uses a statically-sized
      buffer on the stack which might be subject to truncation, whereas
      the AppArmor path uses malloc() (via DBusString) and falls back to
      using syslog on a memory allocation failure.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225Reviewed-by: Colin Walters's avatarColin Walters <walters@verbum.org>
      [smcv: minor issues raised during review are subsequently fixed]
      Signed-off-by: 's avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      327a52e4
  12. 12 May, 2015 4 commits
  13. 24 Mar, 2015 1 commit
  14. 11 Mar, 2015 2 commits
  15. 04 Mar, 2015 1 commit
  16. 18 Feb, 2015 1 commit
    • John Johansen's avatar
      Initialize AppArmor mediation · 2a881a9e
      John Johansen authored
      When starting dbus-daemon, autodetect AppArmor kernel support and use
      the results from parsing the busconfig to determine if mediation should
      be enabled.
      
      In the busconfig, "enabled" means that kernel support is autodetected
      and, if available, AppArmor mediation occurs in dbus-daemon. In
      "enabled" mode, if kernel support is not detected, mediation is
      disabled. "disabled" means that mediation does not occur. "required"
      means that kernel support must be detected for dbus-daemon to start.
      
      Additionally, when libaudit support is built into dbus-daemon, the
      AppArmor initialization routines set up the audit connection.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113Signed-off-by: 's avatarJohn Johansen <john.johansen@canonical.com>
      [tyhicks: Honor enforcement modes and detect AppArmor dbus rule support]
      [tyhicks: fix unreachable return when AppArmor support is built]
      [tyhicks: make bus_apparmor_full_init() able to raise a DBusError]
      Signed-off-by: 's avatarTyler Hicks <tyhicks@canonical.com>
      [smcv: _bus_apparmor_aa_supports_dbus: document necessary kernel API guarantee]
      [smcv: bus_apparmor_pre_init: distinguish between OOM and AppArmor not enabled]
      [smcv: document why we open() and not just stat()]
      Reviewed-by: 's avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      Reviewed-by: 's avatarTyler Hicks <tyhicks@canonical.com>
      2a881a9e
  17. 01 Nov, 2013 1 commit
  18. 03 Sep, 2013 1 commit
  19. 28 Jun, 2013 1 commit
  20. 20 Jun, 2013 1 commit
  21. 05 Jun, 2013 2 commits
  22. 13 Feb, 2012 1 commit
  23. 10 Feb, 2012 1 commit
  24. 04 Jan, 2012 1 commit
    • Simon McVittie's avatar
      Revert all changes since a36d4918 · 5df8c3db
      Simon McVittie authored
      Someone seems to have merged part of master into 1.4. Again. Let's go
      back to the "last known good" point (the branch-point of some 1.4
      branches I had locally), then we can cherry-pick the changes that
      should have gone in.
      5df8c3db
  25. 26 Aug, 2011 1 commit
  26. 05 Aug, 2011 7 commits
  27. 13 Jun, 2011 2 commits