[apparmor] GSoC review r68 and r69

John Johansen john.johansen at canonical.com
Mon Sep 23 20:58:51 UTC 2013


On 09/21/2013 03:43 PM, Christian Boltz wrote:
> Hello,
> 
> the review for r68 is attached - it contains some small issues and a 
> set of fresh bugs I found while doing some tests.
> 
> r69 passed my review without complaints ;-)
> 
> 
> @John (and whoever else wants to answer)
> 
> I also have an interesting question about behaviour of 
>     aa-audit /bin/ping
> 
> The profile starts with
>     /{usr/,}bin/ping {
> so it's, strictly speaking, two profiles in one.
> 
> The interesting question is what the correct behaviour is because 
> besides setting the profile for /bin/ping to audit mode (expected)
> it would also set the profile for /usr/bin/ping to audit mode (not expected)
> 
> OTOH, the current behaviour of aa-audit (error message saying that 
> /bin/ping does not exist) also is not expected and will terribly confuse 
> users.
> 
> What should "aa-audit /bin/ping" do in this case?
> 
> (aa-audit is just an example - the same question applies to all aa-* tools
> that change profile flags.)
> 
> 
So I would say there are only 2 things that make sense
1. error out, with a better more informative error message.
   Basically say the profile is shared, and needs to be split

2. automatically separate the profile into different entities.
   I am reluctant to do this unless an extra flag is specified.

Note that we have this problem when an attachment specification is used
in addition to a profile name.

  profile ping /{usr/,}bin/ping { ... }

in this case, if the name was used
  aa-audit ping

I would succeed the operation but if the path is specified, I would error out.





More information about the AppArmor mailing list