[apparmor] [patch] logparser.py: do sanity check for all file events

Kshitij Gupta kgupta8592 at gmail.com
Tue Feb 9 19:46:02 UTC 2016 

On Tue, Feb 2, 2016 at 3:24 AM, Christian Boltz <apparmor at cboltz.de> wrote:

> Hello,
>
> most probably-file log events can also be network events. Therefore
> check for request_mask in all events, not only file_perm, file_inherit
> and (from the latest bugreport) file_receive.
>
> References: https://bugs.launchpad.net/apparmor/+bug/1540562
>
>
> I propose this patch for trunk, 2.10 and 2.9.
>
>
> [ 68-logparser-check-sanity-of-all-file-events.diff ]
>
> --- utils/apparmor/logparser.py 2016-02-01 21:31:56.439302830 +0100
> +++ utils/apparmor/logparser.py 2016-02-01 22:38:40.519637878 +0100
> @@ -300,10 +300,10 @@
>                                  'rename_dest', 'unlink', 'rmdir',
> 'symlink_create', 'link',
>                                  'sysctl', 'getattr', 'setattr', 'xattr']
> ):
>
> -            # for some reason, we get file_perm and file_inherit log
> events without request_mask, see
> -            # https://bugs.launchpad.net/apparmor/+bug/1466812/ and
> https://bugs.launchpad.net/apparmor/+bug/1509030
> +            # for some kernel-side reason, we get file-related log events
> without request_mask, see
>
ahh so we know whom to blame ;-)


> +            # https://bugs.launchpad.net/apparmor/+bug/1466812/,
> https://bugs.launchpad.net/apparmor/+bug/1509030 and
> https://bugs.launchpad.net/apparmor/+bug/1540562
>              # request_mask can also be '', see
> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1525119
>
this list seems to be growing rather long. Hopefully this patch will change
that. :-)

> -            if e['operation'] in ['file_perm', 'file_inherit'] and not
> e['request_mask']:
> +            if not e['request_mask']:
>                  self.debug_logger.debug('UNHANDLED (missing
> request_mask): %s' % e)
>                  return None
>
>
> Thanks for the patch.

Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>

>
>
> Regards,
>
> Christian Boltz
> --
> Linux - und dein PC macht nie wieder blau.
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>


-- 
Regards,

Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160210/2b9fe47d/attachment.html>

More information about the AppArmor mailing list