Hi, On Fri, Oct 23, 2015 at 3:31 PM, Christian Boltz <appar...@cboltz.de> wrote:
> Hello, > > $subject. > > That's not nice, but still better than a crash ;-) > > References: https://bugs.launchpad.net/apparmor/+bug/1466812/ > > > I propose this patch for trunk and 2.9 > > > BTW: when I test the log entry > Oct 22 15:57:38 NR021AA kernel: [ 69.827705] audit: type=1400 > audit(1445522258.769:1054): apparmor="DENIED" operation="file_inherit" > profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2407 > comm="nm-dhcp-client." lport=10580 family="inet6" sock_type="dgram" > protocol=17 > with test_multi.multi, it tells me > Event type: AA_RECORD_INVALID > > Is that really the expected result? > I'll let someone else take a stab at answering this. > > > > [ 04-logparser-file_inherit.diff ] > > === modified file 'utils/apparmor/logparser.py' > --- utils/apparmor/logparser.py 2015-10-03 18:18:54 +0000 > +++ utils/apparmor/logparser.py 2015-10-23 09:41:49 +0000 > @@ -282,8 +286,9 @@ > 'rename_dest', 'unlink', 'rmdir', > 'symlink_create', 'link', > 'sysctl', 'getattr', 'setattr', 'xattr'] > ): > > - # for some reason, we get file_perm log events without > request_mask, see https://bugs.launchpad.net/apparmor/+bug/1466812/ > - if e['operation'] == 'file_perm' and e['request_mask'] is > None: > + # for some reason, we get file_perm and file_inherit log > events without request_mask, see > + # https://bugs.launchpad.net/apparmor/+bug/1466812/ and > https://bugs.launchpad.net/apparmor/+bug/1509030 > + if e['operation'] in ['file_perm', 'file_inherit'] and > e['request_mask'] is None: > self.debug_logger.debug('UNHANDLED (missing > request_mask): %s' % e) > return None > > Ideally we should have: STRANGE_OPERATIONS_WITHOUT_MASKS = ['file_perm', 'file_inherit'] (I thought of calling it *Stanley Ipkiss*[1], but am open to other options too.) followed by: if e['operation'] in STRANGE_OPERATIONS_WITHOUT_MASKS and e['request_mask'] is None. With/without the change. Thanks for the patch. Acked-by: Kshitij Gupta <kgupta8...@gmail.com>. [1]: http://the-mask.wikia.com/wiki/Stanley_Ipkiss > > Regards, > > Christian Boltz > -- > In /etc steht, was Du denkst. In /proc steht, was das OS denkt. > [Thomas Blum in doc] > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor > -- Regards, Kshitij Gupta
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor