[apparmor] [Bug 897957] [NEW] aa-genprof/logprof don't recognize encoded profile names

John Johansen john.johansen at canonical.com
Wed Nov 30 01:06:58 UTC 2011


Public bug reported:

When a profile name contains spaces or none printable characters, it
gets encoded when logged.

eg.
[289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

which can be decoded with aa-decode
  > aa-decode 74657374207370616365
  Decoded: test space

however aa-logprof and aa-genprof do no recognize encoded profile names
and skip log entries containing them.

** Affects: apparmor
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/897957

Title:
  aa-genprof/logprof don't recognize encoded profile names

Status in AppArmor Linux application security framework:
  New

Bug description:
  When a profile name contains spaces or none printable characters, it
  gets encoded when logged.

  eg.
  [289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  which can be decoded with aa-decode
    > aa-decode 74657374207370616365
    Decoded: test space

  however aa-logprof and aa-genprof do no recognize encoded profile
  names and skip log entries containing them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/897957/+subscriptions



More information about the AppArmor mailing list