[apparmor] [patch] let logparser.py ignore file_inherit events without request_mask
Christian Boltz
apparmor at cboltz.de
Fri Oct 23 10:01:20 UTC 2015
Hello,
$subject.
That's not nice, but still better than a crash ;-)
References: https://bugs.launchpad.net/apparmor/+bug/1466812/
I propose this patch for trunk and 2.9
BTW: when I test the log entry
Oct 22 15:57:38 NR021AA kernel: [ 69.827705] audit: type=1400 audit(1445522258.769:1054): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2407 comm="nm-dhcp-client." lport=10580 family="inet6" sock_type="dgram" protocol=17
with test_multi.multi, it tells me
Event type: AA_RECORD_INVALID
Is that really the expected result?
[ 04-logparser-file_inherit.diff ]
=== modified file 'utils/apparmor/logparser.py'
--- utils/apparmor/logparser.py 2015-10-03 18:18:54 +0000
+++ utils/apparmor/logparser.py 2015-10-23 09:41:49 +0000
@@ -282,8 +286,9 @@
'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
'sysctl', 'getattr', 'setattr', 'xattr'] ):
- # for some reason, we get file_perm log events without request_mask, see https://bugs.launchpad.net/apparmor/+bug/1466812/
- if e['operation'] == 'file_perm' and e['request_mask'] is None:
+ # for some reason, we get file_perm and file_inherit log events without request_mask, see
+ # https://bugs.launchpad.net/apparmor/+bug/1466812/ and https://bugs.launchpad.net/apparmor/+bug/1509030
+ if e['operation'] in ['file_perm', 'file_inherit'] and e['request_mask'] is None:
self.debug_logger.debug('UNHANDLED (missing request_mask): %s' % e)
return None
Regards,
Christian Boltz
--
In /etc steht, was Du denkst. In /proc steht, was das OS denkt.
[Thomas Blum in doc]
More information about the AppArmor
mailing list