<div dir="ltr">Hi,<br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 3:31 PM, Christian Boltz <span dir="ltr"><<a href="mailto:apparmor@cboltz.de" target="_blank">apparmor@cboltz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
$subject.<br>
<br>
That's not nice, but still better than a crash ;-)<br>
<br>
References: <a href="https://bugs.launchpad.net/apparmor/+bug/1466812/" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1466812/</a><br>
<br>
<br>
I propose this patch for trunk and 2.9<br>
<br>
<br>
BTW: when I test the log entry<br>
Oct 22 15:57:38 NR021AA kernel: [ 69.827705] audit: type=1400 audit(1445522258.769:1054): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2407 comm="nm-dhcp-client." lport=10580 family="inet6" sock_type="dgram" protocol=17<br>
with test_multi.multi, it tells me<br>
Event type: AA_RECORD_INVALID<br>
<br>
Is that really the expected result?<br></blockquote><div>I'll let someone else take a stab at answering this. <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
<br>
[ 04-logparser-file_inherit.diff ]<br>
<br>
=== modified file 'utils/apparmor/logparser.py'<br>
--- utils/apparmor/logparser.py 2015-10-03 18:18:54 +0000<br>
+++ utils/apparmor/logparser.py 2015-10-23 09:41:49 +0000<br>
@@ -282,8 +286,9 @@<br>
'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',<br>
'sysctl', 'getattr', 'setattr', 'xattr'] ):<br>
<br>
- # for some reason, we get file_perm log events without request_mask, see <a href="https://bugs.launchpad.net/apparmor/+bug/1466812/" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1466812/</a><br>
- if e['operation'] == 'file_perm' and e['request_mask'] is None:<br>
+ # for some reason, we get file_perm and file_inherit log events without request_mask, see<br>
+ # <a href="https://bugs.launchpad.net/apparmor/+bug/1466812/" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1466812/</a> and <a href="https://bugs.launchpad.net/apparmor/+bug/1509030" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1509030</a><br>
+ if e['operation'] in ['file_perm', 'file_inherit'] and e['request_mask'] is None:<br>
self.debug_logger.debug('UNHANDLED (missing request_mask): %s' % e)<br>
return None<br>
<br></blockquote><div>Ideally we should have: STRANGE_OPERATIONS_WITHOUT_MASKS = ['file_perm', 'file_inherit'] <br>(I thought of calling it <span class=""><em>Stanley Ipkiss</em>[1], but am open to other options too.)<br><br></span></div><div>followed by: if e['operation'] in STRANGE_OPERATIONS_WITHOUT_MASKS and e['request_mask'] is None.<br><br></div><div>With/without the change.<br><br><span class="im"></span><div>Thanks for the patch.<br><br>Acked-by: Kshitij Gupta <<a href="mailto:kgupta8592@gmail.com" target="_blank">kgupta8592@gmail.com</a>>. <br><br>[1]: <a href="http://the-mask.wikia.com/wiki/Stanley_Ipkiss">http://the-mask.wikia.com/wiki/Stanley_Ipkiss</a><br></div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
Regards,<br>
<br>
Christian Boltz<br>
<span class=""><font color="#888888">--<br>
In /etc steht, was Du denkst. In /proc steht, was das OS denkt.<br>
[Thomas Blum in doc]<br>
<br>
<br>
--<br>
AppArmor mailing list<br>
<a href="mailto:AppArmor@lists.ubuntu.com">AppArmor@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/apparmor" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/apparmor</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br><br></div>Kshitij Gupta<br></div></div>
</div></div>