[apparmor] [patch] fix "unknown capability: CAP_whatever" in aa-logprof
Steve Beattie
steve at nxnw.org
Thu Nov 13 23:15:41 UTC 2014
On Thu, Nov 13, 2014 at 09:00:35PM +0100, Christian Boltz wrote:
> Hello,
>
> when aa-logprof asks for a capability, you'll see something like
>
> WARN: unknown capability: CAP_block_suspend
>
> Profile: /bin/foo
> Capability: block_suspend
> Severity: unknown
>
> The reason for the warning and "Severity: unknown" is that severity.db
> contains the capability names in uppercase, but ask_the_question() calls
> sev_db.rank with the capability in lowercase.
>
> This patch converts the "CAP_$capability" string to uppercase before
> doing the lookup.
>
>
> === modified file 'utils/apparmor/severity.py'
> --- utils/apparmor/severity.py 2014-11-06 20:37:02 +0000
> +++ utils/apparmor/severity.py 2014-11-13 19:55:45 +0000
> @@ -77,8 +77,9 @@
>
> def handle_capability(self, resource):
> """Returns the severity of for the capability resource, default value if no match"""
> - if resource in self.severity['CAPABILITIES'].keys():
> - return self.severity['CAPABILITIES'][resource]
> + cap = resource.upper()
> + if cap in self.severity['CAPABILITIES'].keys():
> + return self.severity['CAPABILITIES'][cap]
> # raise ValueError("unexpected capability rank input: %s"%resource)
> warn("unknown capability: %s" % resource)
> return self.severity['DEFAULT_RANK']
Acked-by: Steve Beattie <steve at nxnw.org>, so long as the following patch is
committed at the same time:
---
utils/test/test-severity.py | 3 +++
1 file changed, 3 insertions(+)
Index: b/utils/test/test-severity.py
===================================================================
--- a/utils/test/test-severity.py
+++ b/utils/test/test-severity.py
@@ -68,6 +68,9 @@ class SeverityTest(SeverityBaseTest):
def test_cap_setpcap(self):
self._simple_severity_test('CAP_SETPCAP', 9)
+ def test_cap_setpcap_lowercase(self):
+ self._simple_severity_test('CAP_setpcap', 9)
+
def test_cap_unknown_1(self):
self._simple_severity_test('CAP_UNKNOWN', 10)
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141113/09e136e8/attachment.pgp>
More information about the AppArmor
mailing list