8.3/10 (56 أصوات )




  • مرات التنزيل: 322
  • متطلبات التشغيل:
  • الحجم:
  • الترخيص:
  • الاصدار : AppArmor
  • اضيف في: 0000-00-00 00:00:00
  • اخر تحديث: 22/09/2010
  • الموقع علي الانترنت:






Description




AppArmor is a software that gives you network application security via mandatory access control for programs, protecting against the exploitation of software flaws and compromised systems.AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours. What's New in This Release: [ read full changelog ]

Bug Fixes and Enhancements:
AppArmor Profiles:

· (LP: #611248) Fix gnome abstraction for gdk pixbuf loaders
· (LP: #538661) Adjust cgi path for php5 abstraction
· Add 'k' to /var/lib/samba/**.tdb in the samba abstraction
· abstractions/user-tmp: require 'owner' matching
· profiles/apparmor.d/abstractions/base: statvfs allowed by default
· Add dbus-session abstraction (and use Pix rather than Uix)

AppArmor Parser:

· (LP: #599450) Change the table resizing so that there is always sufficient high entries in the table, preventing bounds violations from occurring.
· (LP: #626984) Prevent the parser from crashing when run against 2.6.36 upstream version of AppArmor which doesn't present information parser expects.
· Move expression tree node labeling into expr node themselves to reduce memory usage and make node labeling per dfa rather than global.
· Clean up the sets firstpos, lastpos, and followpos early to reduce peak memory usage.
· Add the ability for the apparmor_parser to dump flattened profiles. Passing the -p flag to the apparmor_parser causes it to dump a flattened profile that includes all the text for all includes to stdout.
· Fix memory leak during dfa minimization.
· (LP: #588012) Fix leaking file descriptors on included files.
· (LP: #588014) Report correct filename/line number on errors in the parser.
· Detect when abstractions have been modified, and invalidate profile cache file when reloading.
· Fix compilation/build warnings.

AppArmor Library (libapparmor):

· Fix perl swig bindings so that libapparmor can be built when configured without perl.
· Add support for LSM_AUDIT format messages
· Update support for minor message changes that occurred as part of upstreaming effort

AppArmor Desktop Notifier (apparmor_notify):

· Fix memory leak
· (LP: #582075) apparmor_notify group like entries together when using -v with -s
· Setting in notify.conf now defaults to on (apparmor_notify is not usually installed by default)
· Add long options
· Cleanup output
· Better handle auditd
· Handle logfile rotation
· Use seteuid() to drop privileges so we can raise/drop after log file rotation. Add -u USER option for dropping privileges when not using sudo
· Update man page

AppArmor Utils (genprof/logprof):

· (LP: #623467) SubDomain.pm: add support for distinct reported truncate, rename_src, rename_dest, and mkdir operations

AppArmor PAM Library (pam_apparmor):

· (LP: #619521) Teach pam_apparmor about the current errno returned by the kernel when the hat that was passed does not exist in the profile (but other hats exist).









التعليقات علي AppArmor 2.5.1
اضافة تعليق

تعليقات الفيسبوك

تعليقات الموقع