Ubuntu
apparmor package

aa-logprof doesn't handle "open" log entries

Bug #427966 reported by Marc Deslauriers on 2009-09-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Binary package hint: apparmor

Using apparmor 2.3.1+1403-0ubuntu19 on karmic:

Log entries have changed between jaunty and karmic, and aa-logprof doesn't handle them:

jaunty:
Sep 11 11:54:41 sec-jaunty-amd64 kernel: [ 2140.786608] type=1502 audit(12526844
81.750:311): operation="inode_permission" requested_mask="r::" denied_mask="r::"
fsuid=0 name="/etc/hosts" pid=3247 profile="/usr/bin/hexdump"

karmic:
Sep 11 11:55:22 sec-karmic-amd64 kernel: [ 2176.108570] type=1502 audit(12526845
22.031:221): operation="open" pid=3154 parent=2757 profile="/usr/bin/hexdump" re
quested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/etc/hosts"

Related branches

lp:~ubuntu-core-dev/apparmor/ubuntu

lp:ubuntu/karmic/apparmor

Kees Cook (kees) on 2009-09-13

Changed in apparmor (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2009-09-17:

Proposed patch:

diff -u apparmor-2.3.1+1403/utils/SubDomain.pm apparmor-2.3.1+1403/utils/SubDomain.pm
--- apparmor-2.3.1+1403/utils/SubDomain.pm
+++ apparmor-2.3.1+1403/utils/SubDomain.pm
@@ -2770,6 +2770,18 @@
                      $e->{name},
        "",
                    );
+ } elsif ($e->{operation} eq "open") {
+ add_to_tree( $e->{pid},
+ $e->{parent},
+ "path",
+ $profile,
+ $hat,
+ $prog,
+ $sdmode,
+ $e->{denied_mask},
+ $e->{name},
+ "",
+ );
     } elsif ($e->{operation} eq "capable") {
         add_to_tree( $e->{pid},
        $e->{parent},

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-09-19:

This bug was fixed in the package apparmor - 2.3.1+1403-0ubuntu20

---------------
apparmor (2.3.1+1403-0ubuntu20) karmic; urgency=low

  * added disabled apache2 profile (FFE LP: #430812):
    - add profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2: new
      apache2 profile
    - add profiles/apparmor.d/apache2.d/phpsysinfo: example profile for the
      phpsysinfo application
    - profiles/Makefile: handle the apache2.d directory
    - add debian/libapache2-mod-apparmor.postinst: reload apparmor after
      installation since we now ship a profile in this package
    - add debian/libapache2-mod-apparmor.preinst: disable apache2 profile
      if the user does not already have a profile defined
    - add debian/libapache2-mod-apparmor.postrm: remove disabled symlink
      on purge
    - debian/rules: move apache2 profile to the libapache2-mod-apparmor
      package and create apache2.d directory
  * utils/SubDomain.pm: handle "open" log entries (LP: #427966)
  * added ouid parsing support (LP: #431929):
    - libraries/libapparmor/testsuite/test_multi.c
    - libraries/libapparmor/src/{scanner.l,grammar.y,aalogparse.h,
      libaalogparse.c}

-- Marc Deslauriers <email address hidden> Sat, 19 Sep 2009 09:32:02 -0400

Changed in apparmor (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor package