[apparmor] debugging aa_change_profile
Steve Beattie
steve at nxnw.org
Fri Apr 27 07:03:20 UTC 2012
Hi Jeroen,
On Thu, Apr 26, 2012 at 04:20:54PM -0700, Jeroen Ooms wrote:
> Thank you. I was planning on switching to 12.04 as soon as it is
> released, so hopefully that will fix my problem.
> One final issue: I managed to switch into a profile using
> aa_change_profile, and into a hat (subprofile) using aa_change_hat.
> However, whenever I try to return out of the subprofile, my process is
> killed.
>
> I suspect the following: does the magic token just need to be the same
> value, or does it actually have to point to exactly the same object?
> The latter is very hard to do in R, because it makes copies of objects
> before passing them to C.
>
> I put a copy of the updated package and some testing code here:
> https://github.com/jeroenooms/rApparmor/tree/master/test
As John said, aa_change_hat() merely requires the same value to
be passed in, not a pointer to the same memory location. Looking
at the git tree, you're once again hitting a type mis-match:
aa_change_hat_wrapper() and aa_revert_hat_wrapper() take a pointer
to an unsigned long (unsigned long*) as argument but then pass that
_pointer_ when calling aa_change_hat(). This type error is covered up by
casting the magic_token pointer to a long in the aa_change_hat() call;
without the cast, gcc tells you about the mismatch:
gcc -std=gnu99 -I/usr/share/R/include -fpic -O3 -pipe -g -c aa_change_hat_wrapper.c -o aa_change_hat_wrapper.o
aa_change_hat_wrapper.c: In function ‘aa_change_hat_wrapper’:
aa_change_hat_wrapper.c:10:3: warning: passing argument 2 of ‘aa_change_hat’ makes integer from pointer without a cast [enabled by default]
/usr/include/sys/apparmor.h:36:12: note: expected ‘long unsigned int’ but argument is of type ‘long unsigned int *’
Here's a patch that fixes this up:
diff --git a/src/aa_change_hat_wrapper.c b/src/aa_change_hat_wrapper.c
index ef5c701..0040d3b 100644
--- a/src/aa_change_hat_wrapper.c
+++ b/src/aa_change_hat_wrapper.c
@@ -7,7 +7,7 @@
void aa_change_hat_wrapper (int *ret, char **subprofile, unsigned long* magic_token) {
printf("Setting Apparmor Hat...\n");
- *ret = aa_change_hat (*subprofile, (long) magic_token);
+ *ret = aa_change_hat (*subprofile, *magic_token);
if(ret != 0){
*ret = errno;
}
diff --git a/src/aa_revert_hat_wrapper.c b/src/aa_revert_hat_wrapper.c
index 5cf0e59..367982b 100644
--- a/src/aa_revert_hat_wrapper.c
+++ b/src/aa_revert_hat_wrapper.c
@@ -7,8 +7,8 @@
void aa_revert_hat_wrapper (int *ret, unsigned long* magic_token) {
printf("Trying to revert AppArmor Hat...\n");
- char *nothing;
- *ret = aa_change_hat (nothing, (long) magic_token);
+ char *nothing;
+ *ret = aa_change_hat (nothing, *magic_token);
if(ret != 0){
*ret = errno;
}
With that patch applied I was able to change into and out of hats
successfully from R.
For your test profile, I added the following audit qualifiers so that I
knew when things were getting rejected:
diff --git a/test/myprofile b/test/myprofile
index 80a7d02..5aaff89 100644
--- a/test/myprofile
+++ b/test/myprofile
@@ -14,7 +14,7 @@ profile myprofile {
/ rw,
/** mrwlkix,
- deny /etc/passwd rwx,
+ audit deny /etc/passwd rwx,
^myhat {
@@ -30,7 +30,7 @@ profile myprofile {
/ rw,
/** mrwlkix,
- deny /etc/passwd rwx,
- deny /etc/group rwx,
+ audit deny /etc/passwd rwx,
+ audit deny /etc/group rwx,
}
-}
\ No newline at end of file
+}
(Not having any clue what I'm doing with R, I never could figure out
how to make test.R run without stopping on the first permission denial;
but it worked to manually copy+waste the commands from it. Cluesticks
welcome.)
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120427/79ab9a44/attachment.pgp>
More information about the AppArmor
mailing list