[apparmor] [patch] logparser.py parse_event(): always store family, protocol and sock_type
Seth Arnold
seth.arnold at canonical.com
Fri Nov 18 23:44:01 UTC 2016
On Sat, Nov 19, 2016 at 12:34:29AM +0100, Christian Boltz wrote:
> > > 'net' or event.net_protocol): - ev['family'] =
> > > event.net_family
> > > - ev['protocol'] = event.net_protocol
> > > - ev['sock_type'] = event.net_sock_type
> > > + ev['family'] = event.net_family
> > > + ev['protocol'] = event.net_protocol
> > > + ev['sock_type'] = event.net_sock_type
> >
> > I haven't yet checked to see if we guarantee that these are
> > intiialized regardless of type. If you've already checked a reference
> > would help :)
>
> According to my tests (and test-libapparmor-test_multi.py ;-) which
> also tests the log to profile "translations") libapparmor seems to always
> set them to None (except for network events, where they obviously
> contain more useful values).
>
> Also, logparser.py only uses those values when they make sense for the
> event type. For most event types, they get stored and ignored.
>
> Note that I did not check the libapparmor code or the swig bindings ;-)
Okay, I did check the library sources (src/grammar.y calls
_init_log_record() which performs a memset() on the object) and I'm now
content with these changes.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
> Because they are not related to file or network events ;-) and I don't
> (yet?) see a need to always have them available.
>
>
> Actually this patch is part one. The second part will bring some changes
> that are still small enough to be nearly risk-free, and that will finally
> fix some bugs (currently, we simply ignore the affected log events -
> better than a crash, but it still results in an incomplete profile).
>
> I can foresee some more rewrites and cleanups in logparser.py - but
> let's first get 2.11 out, and do the big (and possibly risky) changes
> afterwards ;-)
Sounds like a good plan.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161118/58096db8/attachment.pgp>
More information about the AppArmor
mailing list