[apparmor] [patch] apparmor-utils: Add support for creds and path operations (apparmor-utils-add-log-types)

[John Johansen]

On 08/08/2011 03:04 PM, Christian Boltz wrote:
> Hello,
> 
> another short patch from openSUSE:
> 
> From: Jeff Mahoney <jeffm at suse.com>
> Subject: apparmor-utils: Add support for creds and path operations
> References: bnc#564316
> 
>  2.6.29 introduced the path security_operations and credentials
> 
>  This patch adds support for those operations to the log parser.
> 
> Signed-off-by: Jeff Mahoney <jeffm at suse.com>
> 
> 
> 
> Regards,
> 
> Christian Boltz
> -- P.S.: Christian, ich bereite schonmal deine Antwort vor: [...] |Glaubst du mir jetzt, daß CVS Kommentare hilfreich sind *g* |[Liste der von Ratti vergessenen Änderungen, direkt mit sed awk grep |find echo erstellt aus irgendeiner ~/.cvs/.hidden/.cvs_obscure-Datei..] [Ratti in fontlinge-devel]
> 
> 
> apparmor-utils-add-log-types
> 
> Subject:
> apparmor-utils: Add support for creds and path operations
> From:
> Jeff Mahoney <jeffm at suse.com>
> 
> 
>  2.6.29 introduced the path security_operations and credentials
> 
>  This patch adds support for those operations to the log parser.
> 
> Signed-off-by: Jeff Mahoney <jeffm at suse.com>
> ---
>  utils/Immunix/AppArmor.pm |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> --- a/utils/Immunix/AppArmor.pm
> +++ b/utils/Immunix/AppArmor.pm
> @@ -2848,7 +2848,9 @@ sub add_event_to_tree ($) {
>  			  ""
>                          );
>          }
> -    } elsif ($e->{operation} =~ m/file_/) {
> +    } elsif ($e->{operation} =~ m/file_/ or
> +	    # These are the path operations introduced in 2.6.29
> +             $e->{operation} =~ m/^(open|unlink|mkdir|rmdir|mknod|truncate|symlink_create|link|rename_src|rename_dest)$/) {
>          add_to_tree( $e->{pid},
>  		     $e->{parent},
>                       "path",
> 

---

--- utils/Immunix/AppArmor.pm	2011-08-17 23:26:41 +0000
+++ utils/Immunix/AppArmor.pm	2011-08-18 22:49:58 +0000
@@ -2861,7 +2861,8 @@
              $e->{operation} eq "truncate" ||
              $e->{operation} eq "mkdir" ||
              $e->{operation} eq "rename_src" ||
-             $e->{operation} eq "rename_dest") {
+             $e->{operation} eq "rename_dest" ||
+             $e->{operation} =~ m/^(unlink|rmdir|symlink_create|link)$/) {
         add_to_tree( $e->{pid},
 		     $e->{parent},
                      "path",

NAK, and an ACK for the slightly revised patch (attached).  Basically several of the operation where already in AppArmor.pm upstream so I removed those ones from the list