- مرات التنزيل: 322
- متطلبات التشغيل:
- الاصدار : AppArmor
- اضيف في: 0000-00-00 00:00:00
- اخر تحديث: 22/09/2010
- الموقع علي الانترنت:
AppArmor is a software that gives you network application security via mandatory access control for programs, protecting against the exploitation of software flaws and compromised systems.AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours. What's New in This Release: [ read full changelog ]
Bug Fixes and Enhancements:
· (LP: #611248) Fix gnome abstraction for gdk pixbuf loaders
· (LP: #538661) Adjust cgi path for php5 abstraction
· Add 'k' to /var/lib/samba/**.tdb in the samba abstraction
· abstractions/user-tmp: require 'owner' matching
· profiles/apparmor.d/abstractions/base: statvfs allowed by default
· Add dbus-session abstraction (and use Pix rather than Uix)
· (LP: #599450) Change the table resizing so that there is always sufficient high entries in the table, preventing bounds violations from occurring.
· (LP: #626984) Prevent the parser from crashing when run against 2.6.36 upstream version of AppArmor which doesn't present information parser expects.
· Move expression tree node labeling into expr node themselves to reduce memory usage and make node labeling per dfa rather than global.
· Clean up the sets firstpos, lastpos, and followpos early to reduce peak memory usage.
· Add the ability for the apparmor_parser to dump flattened profiles. Passing the -p flag to the apparmor_parser causes it to dump a flattened profile that includes all the text for all includes to stdout.
· Fix memory leak during dfa minimization.
· (LP: #588012) Fix leaking file descriptors on included files.
· (LP: #588014) Report correct filename/line number on errors in the parser.
· Detect when abstractions have been modified, and invalidate profile cache file when reloading.
· Fix compilation/build warnings.
AppArmor Library (libapparmor):
· Fix perl swig bindings so that libapparmor can be built when configured without perl.
· Add support for LSM_AUDIT format messages
· Update support for minor message changes that occurred as part of upstreaming effort
AppArmor Desktop Notifier (apparmor_notify):
· Fix memory leak
· (LP: #582075) apparmor_notify group like entries together when using -v with -s
· Setting in notify.conf now defaults to on (apparmor_notify is not usually installed by default)
· Add long options
· Cleanup output
· Better handle auditd
· Handle logfile rotation
· Use seteuid() to drop privileges so we can raise/drop after log file rotation. Add -u USER option for dropping privileges when not using sudo
· Update man page
AppArmor Utils (genprof/logprof):
· (LP: #623467) SubDomain.pm: add support for distinct reported truncate, rename_src, rename_dest, and mkdir operations
AppArmor PAM Library (pam_apparmor):
· (LP: #619521) Teach pam_apparmor about the current errno returned by the kernel when the hat that was passed does not exist in the profile (but other hats exist).