<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 2, 2016 at 3:24 AM, Christian Boltz <span dir="ltr"><<a href="mailto:apparmor@cboltz.de" target="_blank">apparmor@cboltz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
most probably-file log events can also be network events. Therefore<br>
check for request_mask in all events, not only file_perm, file_inherit<br>
and (from the latest bugreport) file_receive.<br>
<br>
References: <a href="https://bugs.launchpad.net/apparmor/+bug/1540562" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1540562</a><br>
<br>
<br>
I propose this patch for trunk, 2.10 and 2.9.<br>
<br>
<br>
[ 68-logparser-check-sanity-of-all-file-events.diff ]<br>
<br>
--- utils/apparmor/logparser.py 2016-02-01 21:31:56.439302830 +0100<br>
+++ utils/apparmor/logparser.py 2016-02-01 22:38:40.519637878 +0100<br>
@@ -300,10 +300,10 @@<br>
                                 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',<br>
                                 'sysctl', 'getattr', 'setattr', 'xattr'] ):<br>
<br>
-            # for some reason, we get file_perm and file_inherit log events without request_mask, see<br>
-            # <a href="https://bugs.launchpad.net/apparmor/+bug/1466812/" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1466812/</a> and <a href="https://bugs.launchpad.net/apparmor/+bug/1509030" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1509030</a><br>
+            # for some kernel-side reason, we get file-related log events without request_mask, see<br></blockquote><div>ahh so we know whom to blame ;-)<br> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+            # <a href="https://bugs.launchpad.net/apparmor/+bug/1466812/" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1466812/</a>, <a href="https://bugs.launchpad.net/apparmor/+bug/1509030" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1509030</a> and <a href="https://bugs.launchpad.net/apparmor/+bug/1540562" rel="noreferrer" target="_blank">https://bugs.launchpad.net/apparmor/+bug/1540562</a><br>
             # request_mask can also be '', see <a href="https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1525119" rel="noreferrer" target="_blank">https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1525119</a><br></blockquote><div>this list seems to be growing rather long. Hopefully this patch will change that. :-)<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
-            if e['operation'] in ['file_perm', 'file_inherit'] and not e['request_mask']:<br>
+            if not e['request_mask']:<br>
                 self.debug_logger.debug('UNHANDLED (missing request_mask): %s' % e)<br>
                 return None<br>
<br>
<br></blockquote><div>Thanks for the patch.<br><br>Acked-by: Kshitij Gupta <<a href="mailto:kgupta8592@gmail.com" target="_blank">kgupta8592@gmail.com</a>> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
Regards,<br>
<br>
Christian Boltz<br>
<span class=""><font color="#888888">--<br>
Linux - und dein PC macht nie wieder blau.<br>
</font></span><br>--<br>
AppArmor mailing list<br>
<a href="mailto:AppArmor@lists.ubuntu.com">AppArmor@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/apparmor" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/apparmor</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br><br></div>Kshitij Gupta<br></div></div>
</div></div>