Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/872446
Due to logging changes for 'exec' events, 'exec' events in aa-logprof
were being skipped when a profile is in enforcing mode. This patch
addresses the issue.
---
utils/Immunix/AppArmor.pm | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
Index: b/utils/Immunix/AppArmor.pm
===================================================================
--- a/utils/Immunix/AppArmor.pm
+++ b/utils/Immunix/AppArmor.pm
@@ -2850,7 +2850,21 @@ sub add_event_to_tree ($) {
$e->{name},
""
);
- }
+ } elsif (defined $e->{name}) {
+ add_to_tree( $e->{pid},
+ $e->{parent},
+ "exec",
+ $profile,
+ $hat,
+ $prog,
+ $sdmode,
+ $e->{denied_mask},
+ $e->{name},
+ ""
+ );
+ } else {
+ $DEBUGGING && debug "add_event_to_tree: dropped exec event in
$e->{profile}";
+ }
} elsif ($e->{operation} =~ m/file_/) {
add_to_tree( $e->{pid},
$e->{parent},
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
