[apparmor] [patch] Ignore ptrace log events without denied_mask
John Johansen
john.johansen at canonical.com
Fri May 19 22:09:49 UTC 2017
On 05/19/2017 02:24 PM, Christian Boltz wrote:
> Hello,
>
> $subject.
> This fixes a crash in the tools.
>
> Reported by peetaur on IRC.
>
>
> I propose this patch for trunk and 2.11.
>
ACked-by: John Johansen <john.johansen at canonical.com>
for both
now I just need to fix the source of it
>
> [ 01-logparser-ignore-ptrace-without-denied_mask.diff ]
>
> --- utils/apparmor/logparser.py 2017-05-19 23:14:20.278362000 +0200
> +++ utils/apparmor/logparser.py 2017-05-19 23:16:23.854422934 +0200
> @@ -348,6 +348,9 @@
> if not e['peer']:
> self.debug_logger.debug('ignored garbage ptrace event with empty peer')
> return None
> + if not e['denied_mask']:
> + self.debug_logger.debug('ignored garbage ptrace event with empty denied_mask')
> + return None
>
> return(e['pid'], e['parent'], 'ptrace',
> [profile, hat, prog, aamode, e['denied_mask'], e['peer']])
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in'
> --- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 2017-05-19 19:45:51 +0000
> @@ -0,0 +1,1 @@
> +type=AVC msg=audit(1495217772.047:4471): apparmor="DENIED" operation="ptrace" profile="/usr/bin/pidgin" pid=21704 comm="pidgin" peer="unconfined"
>
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out'
> --- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out 2017-05-19 19:46:03 +0000
> @@ -0,0 +1,11 @@
> +START
> +File: ptrace_1.in
> +Event type: AA_RECORD_DENIED
> +Audit ID: 1495217772.047:4471
> +Operation: ptrace
> +Profile: /usr/bin/pidgin
> +Peer: unconfined
> +Command: pidgin
> +PID: 21704
> +Epoch: 1495217772
> +Audit subid: 4471
>
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile'
> --- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile 2017-05-19 21:09:24 +0000
> @@ -0,0 +1,2 @@
> +/usr/bin/pidgin {
> +}
>
>
>
> Regards,
>
> Christian Boltz
>
>
>
More information about the AppArmor
mailing list