[apparmor] logprof deny doesn't use the selected path?
John Johansen
john.johansen at canonical.com
Mon Mar 5 17:21:12 UTC 2012
On 03/04/2012 02:18 AM, Christian Boltz wrote:
> Hello,
>
> I just noticed some strange behaviour when running logprof
> (AppArmor 2.7.2 on openSUSE 12.1)
>
> ---------------------------------------------------------------------
> # aa-logprof
>
> [...]
>
> Profile: /usr/lib/mailman/bin/mailmanctl
> Path: /usr/lib64/python2.7/ssl.pyc
> Old Mode: mr
> New Mode: mrw
> Severity: unknown
>
>
> [1 - /usr/lib64/python2.7/ssl.pyc]
> 2 - /usr/lib{,32,64}/python2.[4567]/**.{pyc,so}
> 3 - /usr/lib{,32,64}/**
>
> [(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish
> / (O)pts
> Enter new path: /usr/lib*/python*/*.pyc
>
> Profile: /usr/lib/mailman/bin/mailmanctl
> Path: /usr/lib64/python2.7/ssl.pyc
> Old Mode: mr
> New Mode: mrw
> Severity: unknown
>
>
> 1 - /usr/lib64/python2.7/ssl.pyc
> 2 - /usr/lib{,32,64}/python2.[4567]/**.{pyc,so}
> 3 - /usr/lib{,32,64}/**
> [4 - /usr/lib*/python*/*.pyc]
>
> [(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish
> / (O)pts
> ---------------------------------------------------------------------
>
> I pressed "d" (deny) here.
>
> The profile ended up with
> deny /usr/lib64/python2.7/ssl.pyc w,
> instead of the path I entered.
>
> Bug?
>
yeah I would call that a bug
More information about the AppArmor
mailing list