[apparmor] program with a space in the name results in hashes where names should be
Mark Wadham
ubuntu at rkw.io
Thu Jul 28 13:19:41 UTC 2016
I tried to write an apparmor profile for plex media server, which has a
binary with spaces in the name.
I put it in quotes in the apparmor profile, but then all the complain
messages have hashes where the name should be, eg:
> [ 9551.412776] audit: type=1400 audit(1469711661.099:16933):
> apparmor="ALLOWED" operation="recvmsg"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25858 comm=506C657820444C4E41205365727665 lport=1900 family="inet"
> sock_type="dgram" protocol=17 requested_mask="receive"
> denied_mask="receive"
> [ 9551.418972] audit: type=1400 audit(1469711661.107:16934):
> apparmor="ALLOWED" operation="create"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> sock_type="dgram" protocol=0 requested_mask="create"
> denied_mask="create"
> [ 9551.419247] audit: type=1400 audit(1469711661.107:16935):
> apparmor="ALLOWED" operation="create"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> sock_type="dgram" protocol=0 requested_mask="create"
> denied_mask="create"
> [ 9551.419610] audit: type=1400 audit(1469711661.107:16936):
> apparmor="ALLOWED" operation="create"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="unix"
> sock_type="dgram" protocol=0 requested_mask="create"
> denied_mask="create" addr=none
> [ 9551.419712] audit: type=1400 audit(1469711661.107:16937):
> apparmor="ALLOWED" operation="create"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="unix"
> sock_type="dgram" protocol=0 requested_mask="create"
> denied_mask="create" addr=none
> [ 9551.419846] audit: type=1400 audit(1469711661.107:16938):
> apparmor="ALLOWED" operation="getsockname"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> sock_type="dgram" protocol=17 requested_mask="getattr"
> denied_mask="getattr"
> [ 9551.419940] audit: type=1400 audit(1469711661.107:16939):
> apparmor="ALLOWED" operation="getpeername"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> sock_type="dgram" protocol=17 requested_mask="getattr"
> denied_mask="getattr"
> [ 9551.420017] audit: type=1400 audit(1469711661.107:16940):
> apparmor="ALLOWED" operation="setsockopt"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> sock_type="dgram" protocol=17 requested_mask="setopt"
> denied_mask="setopt"
> [ 9551.420106] audit: type=1400 audit(1469711661.107:16941):
> apparmor="ALLOWED" operation="connect"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> sock_type="dgram" protocol=17 requested_mask="connect"
> denied_mask="connect"
> [ 9551.420196] audit: type=1400 audit(1469711661.107:16942):
> apparmor="ALLOWED" operation="getsockname"
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572
> pid=25983 comm=506C657820444C4E41205365727665 laddr=45.32.182.252
> lport=38561 faddr=45.32.182.252 fport=42674 family="inet"
> sock_type="dgram" protocol=17 requested_mask="getattr"
> denied_mask="getattr"
Am I doing something wrong or is this just not very well supported yet?
Thanks,
Mark
More information about the AppArmor
mailing list