[apparmor] [patch] logparser.py: do sanity check for all file events

Christian Boltz apparmor at cboltz.de
Mon Feb 1 21:54:42 UTC 2016


Hello,

most probably-file log events can also be network events. Therefore
check for request_mask in all events, not only file_perm, file_inherit
and (from the latest bugreport) file_receive.

References: https://bugs.launchpad.net/apparmor/+bug/1540562


I propose this patch for trunk, 2.10 and 2.9.


[ 68-logparser-check-sanity-of-all-file-events.diff ]

--- utils/apparmor/logparser.py 2016-02-01 21:31:56.439302830 +0100
+++ utils/apparmor/logparser.py 2016-02-01 22:38:40.519637878 +0100
@@ -300,10 +300,10 @@
                                 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
                                 'sysctl', 'getattr', 'setattr', 'xattr'] ):
 
-            # for some reason, we get file_perm and file_inherit log events without request_mask, see
-            # https://bugs.launchpad.net/apparmor/+bug/1466812/ and https://bugs.launchpad.net/apparmor/+bug/1509030
+            # for some kernel-side reason, we get file-related log events without request_mask, see
+            # https://bugs.launchpad.net/apparmor/+bug/1466812/, https://bugs.launchpad.net/apparmor/+bug/1509030 and https://bugs.launchpad.net/apparmor/+bug/1540562
             # request_mask can also be '', see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1525119
-            if e['operation'] in ['file_perm', 'file_inherit'] and not e['request_mask']:
+            if not e['request_mask']:
                 self.debug_logger.debug('UNHANDLED (missing request_mask): %s' % e)
                 return None
 



Regards,

Christian Boltz
-- 
Linux - und dein PC macht nie wieder blau.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160201/1330b368/attachment.pgp>


More information about the AppArmor mailing list