[apparmor] [patch] honor 'chown' file events in logparser.py

Kshitij Gupta kgupta8592 at gmail.com
Sun Jun 5 17:29:59 UTC 2016 

On Sun, Jun 5, 2016 at 7:17 PM, Christian Boltz <apparmor at cboltz.de> wrote:
> Hello,
>
> $subject.
>
> Also add a testcase to libapparmor's log collection
>
>
> I propose this patch for trunk, 2.10 and 2.9
>
>
> [ 01-logparser-chown.diff ]
>
> --- utils/apparmor/logparser.py 2016-06-01 22:36:33.948597566 +0200
> +++ utils/apparmor/logparser.py 2016-06-05 15:39:16.365476108 +0200
> @@ -296,7 +296,7 @@
>                  self.debug_logger.debug('parse_event_for_tree: dropped exec event in %s' % e['profile'])
>
>          elif ( e['operation'].startswith('file_') or e['operation'].startswith('inode_') or
> -            e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'chmod', 'rename_src',
> +            e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', 'chmod', 'chown', 'rename_src',
>                                  'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
>                                  'sysctl', 'getattr', 'setattr', 'xattr'] ):
>
> === added file 'libraries/libapparmor/testsuite/test_multi/file_chown.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/file_chown.in'
> --- libraries/libapparmor/testsuite/test_multi/file_chown.in    1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/file_chown.in    2016-06-05 13:41:02 +0000
> @@ -0,0 +1,1 @@
> +type=AVC msg=audit(1465133533.431:728): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/run/cups/certs/" pid=8515 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=4
>
> === added file 'libraries/libapparmor/testsuite/test_multi/file_chown.out'
> --- libraries/libapparmor/testsuite/test_multi/file_chown.out   1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/file_chown.out   2016-06-05 13:41:11 +0000
> @@ -0,0 +1,15 @@
> +START
> +File: file_chown.in
> +Event type: AA_RECORD_DENIED
> +Audit ID: 1465133533.431:728
> +Operation: chown
> +Mask: w
> +Denied Mask: w
> +fsuid: 0
> +ouid: 4
> +Profile: /usr/sbin/cupsd
> +Name: /run/cups/certs/
> +Command: cupsd
> +PID: 8515
> +Epoch: 1465133533
> +Audit subid: 728
>
>
lgtm.

Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>

>
> Regards,
>
> Christian Boltz
> --
>> The wiki is as much yours as it is ours, and if you think that
>> someone deserves recognition by naming them, you don't need
>> anybody's permission.
> Then I must put my thanks to Bill Gates somewhere. he made me use
> Linux.  :-)          [> Peter Flodin and houghi in opensuse-wiki]
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>



-- 
Regards,

Kshitij Gupta

More information about the AppArmor mailing list