[apparmor] [patch] Ignore ptrace log events without denied_mask

John Johansen john.johansen at canonical.com
Fri May 19 22:09:49 UTC 2017 

On 05/19/2017 02:24 PM, Christian Boltz wrote:
> Hello,
> 
> $subject.
> This fixes a crash in the tools.
> 
> Reported by peetaur on IRC.
> 
> 
> I propose this patch for trunk and 2.11.
> 
ACked-by: John Johansen <john.johansen at canonical.com>

for both

now I just need to fix the source of it

> 
> [ 01-logparser-ignore-ptrace-without-denied_mask.diff ]
> 
> --- utils/apparmor/logparser.py 2017-05-19 23:14:20.278362000 +0200
> +++ utils/apparmor/logparser.py 2017-05-19 23:16:23.854422934 +0200
> @@ -348,6 +348,9 @@
>              if not e['peer']:
>                  self.debug_logger.debug('ignored garbage ptrace event with empty peer')
>                  return None
> +            if not e['denied_mask']:
> +                self.debug_logger.debug('ignored garbage ptrace event with empty denied_mask')
> +                return None
>  
>              return(e['pid'], e['parent'], 'ptrace',
>                               [profile, hat, prog, aamode, e['denied_mask'], e['peer']])
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in'
> --- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in 2017-05-19 19:45:51 +0000
> @@ -0,0 +1,1 @@
> +type=AVC msg=audit(1495217772.047:4471): apparmor="DENIED" operation="ptrace" profile="/usr/bin/pidgin" pid=21704 comm="pidgin" peer="unconfined"
> 
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out'
> --- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out        1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out        2017-05-19 19:46:03 +0000
> @@ -0,0 +1,11 @@
> +START
> +File: ptrace_1.in
> +Event type: AA_RECORD_DENIED
> +Audit ID: 1495217772.047:4471
> +Operation: ptrace
> +Profile: /usr/bin/pidgin
> +Peer: unconfined
> +Command: pidgin
> +PID: 21704
> +Epoch: 1495217772
> +Audit subid: 4471
> 
> === added file 'libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile'
> --- libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile    1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile    2017-05-19 21:09:24 +0000
> @@ -0,0 +1,2 @@
> +/usr/bin/pidgin {
> +}
> 
> 
> 
> Regards,
> 
> Christian Boltz
> 
> 
>

More information about the AppArmor mailing list