[apparmor] program with a space in the name results in hashes where names should be

Mark Wadham ubuntu at rkw.io
Thu Jul 28 13:19:41 UTC 2016 

I tried to write an apparmor profile for plex media server, which has a 
binary with spaces in the name.

I put it in quotes in the apparmor profile, but then all the complain 
messages have hashes where the name should be, eg:

> [ 9551.412776] audit: type=1400 audit(1469711661.099:16933): 
> apparmor="ALLOWED" operation="recvmsg" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25858 comm=506C657820444C4E41205365727665 lport=1900 family="inet" 
> sock_type="dgram" protocol=17 requested_mask="receive" 
> denied_mask="receive"
> [ 9551.418972] audit: type=1400 audit(1469711661.107:16934): 
> apparmor="ALLOWED" operation="create" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="inet" 
> sock_type="dgram" protocol=0 requested_mask="create" 
> denied_mask="create"
> [ 9551.419247] audit: type=1400 audit(1469711661.107:16935): 
> apparmor="ALLOWED" operation="create" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="inet" 
> sock_type="dgram" protocol=0 requested_mask="create" 
> denied_mask="create"
> [ 9551.419610] audit: type=1400 audit(1469711661.107:16936): 
> apparmor="ALLOWED" operation="create" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="unix" 
> sock_type="dgram" protocol=0 requested_mask="create" 
> denied_mask="create" addr=none
> [ 9551.419712] audit: type=1400 audit(1469711661.107:16937): 
> apparmor="ALLOWED" operation="create" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="unix" 
> sock_type="dgram" protocol=0 requested_mask="create" 
> denied_mask="create" addr=none
> [ 9551.419846] audit: type=1400 audit(1469711661.107:16938): 
> apparmor="ALLOWED" operation="getsockname" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="inet" 
> sock_type="dgram" protocol=17 requested_mask="getattr" 
> denied_mask="getattr"
> [ 9551.419940] audit: type=1400 audit(1469711661.107:16939): 
> apparmor="ALLOWED" operation="getpeername" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="inet" 
> sock_type="dgram" protocol=17 requested_mask="getattr" 
> denied_mask="getattr"
> [ 9551.420017] audit: type=1400 audit(1469711661.107:16940): 
> apparmor="ALLOWED" operation="setsockopt" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="inet" 
> sock_type="dgram" protocol=17 requested_mask="setopt" 
> denied_mask="setopt"
> [ 9551.420106] audit: type=1400 audit(1469711661.107:16941): 
> apparmor="ALLOWED" operation="connect" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 family="inet" 
> sock_type="dgram" protocol=17 requested_mask="connect" 
> denied_mask="connect"
> [ 9551.420196] audit: type=1400 audit(1469711661.107:16942): 
> apparmor="ALLOWED" operation="getsockname" 
> profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D65646961205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C657820444C4E4120536572766572 
> pid=25983 comm=506C657820444C4E41205365727665 laddr=45.32.182.252 
> lport=38561 faddr=45.32.182.252 fport=42674 family="inet" 
> sock_type="dgram" protocol=17 requested_mask="getattr" 
> denied_mask="getattr"

Am I doing something wrong or is this just not very well supported yet?

Thanks,
Mark

More information about the AppArmor mailing list