[apparmor] [patch] fix aa-decode stdin handling
Steve Beattie
steve at nxnw.org
Tue Oct 9 18:40:20 UTC 2012
Hi Christian,
On Wed, Oct 03, 2012 at 02:00:34AM +0200, Christian Boltz wrote:
> the attached patch fixes aa-decode stdin handling.
>
> Handling stdin was totally broken (= no output) with the current log
> format because aa-decode expected name= to be the last entry in the
> log line.
>
> This patch for stdin handling
> - fixes the pattern to match the current log format (name= is NOT the
> last part in the log entry)
> - uses bash replacement to avoid some sed calls (which also means the
> script now needs an explicit "#!/bin/bash")
> - prints decoded filenames in double instead of single quotes to be
> consistent with filenames that were not encoded
> - also prints lines that do not contain an encoded filename (instead of
> grepping them away)
>
> In other words: you can pipe your audit.log through aa-decode, and the
> only difference to the raw audit.log is that filenames are decoded.
Realistically, this ought to be converted to one of the P* languages,
given the difficulties around quoting and embedding sed statements.
That said, one thing aa-decode is lacking, even with your patch, is
support for encoded profile names (yes, they too can have embedded
spaces etc. in them). Attached is an updated version of your patch
to fix that; it uses sed in the echo line, but still needs bash
variable replacement to do the escaping of any embedded '^'s in the
encoded string to not conflict with the sed separators.
Also attached is a second patch that adds a testscript (written in
Python) that tests a few variant cases (including embedded '^'s).
It gets run autmatically under the check target, though can be run
directly. (A nice feature to add to it would be to premit overriding
the location of the aa-decode binary to be tested on the command line.)
Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aa-decode.patch
Type: text/x-diff
Size: 1908 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121009/a58f3019/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aa-decode-tests.patch
Type: text/x-diff
Size: 9615 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121009/a58f3019/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121009/a58f3019/attachment.pgp>
More information about the AppArmor
mailing list