aa-logprof doesn't handle "open" log entries
Bug #427966 reported by
Marc Deslauriers
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: apparmor
Using apparmor 2.3.1+1403-
Log entries have changed between jaunty and karmic, and aa-logprof doesn't handle them:
jaunty:
Sep 11 11:54:41 sec-jaunty-amd64 kernel: [ 2140.786608] type=1502 audit(12526844
81.750:311): operation=
fsuid=0 name="/etc/hosts" pid=3247 profile=
karmic:
Sep 11 11:55:22 sec-karmic-amd64 kernel: [ 2176.108570] type=1502 audit(12526845
22.031:221): operation="open" pid=3154 parent=2757 profile=
quested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/etc/hosts"
Changed in apparmor (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
To post a comment you must log in.
Proposed patch:
diff -u apparmor- 2.3.1+1403/ utils/SubDomain .pm apparmor- 2.3.1+1403/ utils/SubDomain .pm 2.3.1+1403/ utils/SubDomain .pm 2.3.1+1403/ utils/SubDomain .pm
$e->{name} ,
) ;
add_to_ tree( $e->{pid},
$e->{parent} ,
--- apparmor-
+++ apparmor-
@@ -2770,6 +2770,18 @@
"",
+ } elsif ($e->{operation} eq "open") {
+ add_to_tree( $e->{pid},
+ $e->{parent},
+ "path",
+ $profile,
+ $hat,
+ $prog,
+ $sdmode,
+ $e->{denied_mask},
+ $e->{name},
+ "",
+ );
} elsif ($e->{operation} eq "capable") {