[apparmor] program with a space in the name results in hashes where names should be
Jamie Strandboge
jamie at canonical.com
Thu Jul 28 16:38:38 UTC 2016
On Thu, 2016-07-28 at 14:19 +0100, Mark Wadham wrote:
> I tried to write an apparmor profile for plex media server, which has a
> binary with spaces in the name.
>
> I put it in quotes in the apparmor profile, but then all the complain
> messages have hashes where the name should be, eg:
>
> >
> > [ 9551.412776] audit: type=1400 audit(1469711661.099:16933):
> > apparmor="ALLOWED" operation="recvmsg"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25858 comm=506C657820444C4E41205365727665 lport=1900 family="inet"
> > sock_type="dgram" protocol=17 requested_mask="receive"
> > denied_mask="receive"
> > [ 9551.418972] audit: type=1400 audit(1469711661.107:16934):
> > apparmor="ALLOWED" operation="create"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> > sock_type="dgram" protocol=0 requested_mask="create"
> > denied_mask="create"
> > [ 9551.419247] audit: type=1400 audit(1469711661.107:16935):
> > apparmor="ALLOWED" operation="create"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> > sock_type="dgram" protocol=0 requested_mask="create"
> > denied_mask="create"
> > [ 9551.419610] audit: type=1400 audit(1469711661.107:16936):
> > apparmor="ALLOWED" operation="create"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="unix"
> > sock_type="dgram" protocol=0 requested_mask="create"
> > denied_mask="create" addr=none
> > [ 9551.419712] audit: type=1400 audit(1469711661.107:16937):
> > apparmor="ALLOWED" operation="create"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="unix"
> > sock_type="dgram" protocol=0 requested_mask="create"
> > denied_mask="create" addr=none
> > [ 9551.419846] audit: type=1400 audit(1469711661.107:16938):
> > apparmor="ALLOWED" operation="getsockname"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> > sock_type="dgram" protocol=17 requested_mask="getattr"
> > denied_mask="getattr"
> > [ 9551.419940] audit: type=1400 audit(1469711661.107:16939):
> > apparmor="ALLOWED" operation="getpeername"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> > sock_type="dgram" protocol=17 requested_mask="getattr"
> > denied_mask="getattr"
> > [ 9551.420017] audit: type=1400 audit(1469711661.107:16940):
> > apparmor="ALLOWED" operation="setsockopt"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> > sock_type="dgram" protocol=17 requested_mask="setopt"
> > denied_mask="setopt"
> > [ 9551.420106] audit: type=1400 audit(1469711661.107:16941):
> > apparmor="ALLOWED" operation="connect"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 family="inet"
> > sock_type="dgram" protocol=17 requested_mask="connect"
> > denied_mask="connect"
> > [ 9551.420196] audit: type=1400 audit(1469711661.107:16942):
> > apparmor="ALLOWED" operation="getsockname"
> > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469
> > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665
> > 722F506C657820444C4E4120536572766572
> > pid=25983 comm=506C657820444C4E41205365727665 laddr=45.32.182.252
> > lport=38561 faddr=45.32.182.252 fport=42674 family="inet"
> > sock_type="dgram" protocol=17 requested_mask="getattr"
> > denied_mask="getattr"
> Am I doing something wrong or is this just not very well supported yet?
>
You can use the aa-decode command for this. Ie:
$ aa-decode \
2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469612053657276
65722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C65782044
4C4E4120536572766572
Decoded: /usr/lib/plexmediaserver/Plex Media Server//null-
/usr/lib/plexmediaserver/Plex DLNA Server
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160728/1cb03782/attachment.pgp>
More information about the AppArmor
mailing list