[apparmor] GSoC review r68 and r69
John Johansen
john.johansen at canonical.com
Mon Sep 23 20:58:51 UTC 2013
On 09/21/2013 03:43 PM, Christian Boltz wrote:
> Hello,
>
> the review for r68 is attached - it contains some small issues and a
> set of fresh bugs I found while doing some tests.
>
> r69 passed my review without complaints ;-)
>
>
> @John (and whoever else wants to answer)
>
> I also have an interesting question about behaviour of
> aa-audit /bin/ping
>
> The profile starts with
> /{usr/,}bin/ping {
> so it's, strictly speaking, two profiles in one.
>
> The interesting question is what the correct behaviour is because
> besides setting the profile for /bin/ping to audit mode (expected)
> it would also set the profile for /usr/bin/ping to audit mode (not expected)
>
> OTOH, the current behaviour of aa-audit (error message saying that
> /bin/ping does not exist) also is not expected and will terribly confuse
> users.
>
> What should "aa-audit /bin/ping" do in this case?
>
> (aa-audit is just an example - the same question applies to all aa-* tools
> that change profile flags.)
>
>
So I would say there are only 2 things that make sense
1. error out, with a better more informative error message.
Basically say the profile is shared, and needs to be split
2. automatically separate the profile into different entities.
I am reluctant to do this unless an extra flag is specified.
Note that we have this problem when an attachment specification is used
in addition to a profile name.
profile ping /{usr/,}bin/ping { ... }
in this case, if the name was used
aa-audit ping
I would succeed the operation but if the path is specified, I would error out.
More information about the AppArmor
mailing list