[apparmor] [PATCH] Adjust notify group name
Seth Arnold
seth.arnold at gmail.com
Wed Apr 25 22:51:46 UTC 2012
On Wed, Apr 25, 2012 at 12:11 PM, Kees Cook <kees at ubuntu.com> wrote:
> But aa-notify runs as the user and read the log files directly... what
> am I misunderstanding?
aa-notify gains and drops privileges repeatedly when running:
for (my $i=0; $time_to_die == 0; $i++) {
if ($logfile_inode != get_logfile_inode($logfile)) {
_warn("$logfile changed inodes, reopening");
reopen_logfile();
} elsif (get_logfile_size($logfile) < $logfile_size) {
_warn("$logfile is smaller, reopening");
reopen_logfile();
}
# ...
sub reopen_logfile {
# reopen the logfile, temporarily switching back to starting euid for
# file permissions.
close(LOGFILE);
my $old_euid = raise_privileges();
$logfile_inode = get_logfile_inode($logfile);
$logfile_size = get_logfile_size($logfile);
open (LOGFILE, "<$logfile") or die "Could not open '$logfile'\n";
drop_privileges($old_euid);
}
Of course, the audit daemon and tools more or less enforcing mode 700 on
/var/log/audit and /var/log/audit/audit.log is a serious complicating
factor for this tool -- I personally would rather see an audispd-derived
daemon to send messages to dbus. (Not that I'm a huge fan of dbus, but it
exists for very nearly this purpose.)
More information about the AppArmor
mailing list