Public bug reported:
When a profile name contains spaces or none printable characters, it
gets encoded when logged.
eg.
[289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED"
operation="getattr" parent=16001 profile=74657374207370616365
name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
which can be decoded with aa-decode
> aa-decode 74657374207370616365
Decoded: test space
however aa-logprof and aa-genprof do no recognize encoded profile names
and skip log entries containing them.
** Affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/897957
Title:
aa-genprof/logprof don't recognize encoded profile names
Status in AppArmor Linux application security framework:
New
Bug description:
When a profile name contains spaces or none printable characters, it
gets encoded when logged.
eg.
[289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED"
operation="getattr" parent=16001 profile=74657374207370616365
name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
which can be decoded with aa-decode
> aa-decode 74657374207370616365
Decoded: test space
however aa-logprof and aa-genprof do no recognize encoded profile
names and skip log entries containing them.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/897957/+subscriptions
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
