mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity

Add handling for clone operation from audit logs - which caused the

Browse Source 
tracking of process forking to not work correctly in the tools.
This commit is contained in:
Dominic Reynolds 2007-07-29 02:05:06 +00:00
parent f5dcd65275
commit 62eb92567d
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
utils/SubDomain.pm
View File

@ -1755,9 +1755,10 @@ sub add_audit_event_to_tree ( $$ ) {
($profile, $hat) = split /\/\//, $e->{name}; ($profile, $hat) = split /\/\//, $e->{name};
} }
$hat = $profile if ( !$hat ); $hat = $profile if ( !$hat );
my @path = split(/\//, $profile); # TODO - refactor add_to_tree as prog is no longer supplied
my $prog = pop @path; # HINT is from previous format where prog was not
# consistently passed
my $prog = "HINT";
if ($e->{operation} eq "exec") { if ($e->{operation} eq "exec") {
add_to_tree( $e->{pid}, add_to_tree( $e->{pid},
@ -1861,6 +1862,18 @@ sub add_audit_event_to_tree ( $$ ) {
$e->{denied_mask}, $e->{denied_mask},
$e->{name} $e->{name}
); );
} elsif ($e->{operation} eq "clone") {
my ($parent, $child) = ($e->{pid}, $e->{task});
$profile ||= "null-complain-profile";
$hat ||= "null-complain-profile";
my $arrayref = [];
if (exists $pid{$e->{pid}}) {
push @{ $pid{$parent} }, $arrayref;
} else {
push @log, $arrayref;
}
$pid{$child} = $arrayref;
push @{$arrayref}, [ "fork", $child, $profile, $hat ];
} elsif ($e->{operation} eq "change_hat") { } elsif ($e->{operation} eq "change_hat") {
add_to_tree($e->{pid}, "unknown_hat", $profile, $hat, $sdmode, $hat); add_to_tree($e->{pid}, "unknown_hat", $profile, $hat, $sdmode, $hat);
} else { } else {