[apparmor] [Bug 837211] [NEW] logprof does not properly assign log events when profile is already defined

John Johansen john.johansen at canonical.com
Tue Aug 30 07:59:28 UTC 2011 

Public bug reported:

When a log contains events for the null-profile and when a profile
already exists that contains an exec rule that matches part of the null-
profile event stream.  The null profile stream of events that belong to
the profile specified by the exec rule will not get properly assigned,
resulting in logprof re-asking questions about even flow decisions that
have already been made.

Note that if the event flow decision was made in the current run of
logprof the events get properly assigned it is only when logprof is quit
and restarted that the null profile event stream is problematic

Test
1. obtain a log file with null-profile events that must track across an exec.
2. run logprof on the file
3. create transition and new profile that events should be assigned to.
4. save without completing profile so events in log are outstanding
5. restart logprof on log file

logprof won't ask the transition question (which it shouldn't) but
starts asking the the child profile events should included in the
current (parent) profile.

** Affects: apparmor
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/837211

Title:
  logprof does not properly assign log events when profile is already
  defined

Status in AppArmor Linux application security framework:
  New

Bug description:
  When a log contains events for the null-profile and when a profile
  already exists that contains an exec rule that matches part of the
  null-profile event stream.  The null profile stream of events that
  belong to the profile specified by the exec rule will not get properly
  assigned, resulting in logprof re-asking questions about even flow
  decisions that have already been made.

  Note that if the event flow decision was made in the current run of
  logprof the events get properly assigned it is only when logprof is
  quit and restarted that the null profile event stream is problematic

  Test
  1. obtain a log file with null-profile events that must track across an exec.
  2. run logprof on the file
  3. create transition and new profile that events should be assigned to.
  4. save without completing profile so events in log are outstanding
  5. restart logprof on log file

  logprof won't ask the transition question (which it shouldn't) but
  starts asking the the child profile events should included in the
  current (parent) profile.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/837211/+subscriptions

More information about the AppArmor mailing list