From 77caea2cc799a680c94e27032adaae2e3de26027 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 21 Nov 2008 12:31:22 +0000
Subject: [PATCH] 'unconfined' can appear to mix up process names eg.
 (/usr/bin/rsync vs. /usr/bin/rsyncd) bnc#408869

The unconfined tool shows:

[...]
29799 /usr/bin/rsync not confined
29799 /usr/bin/rsync not confined

This is because unconfined is grabbing the post symlink resolved exe filename
which for /usr/sbin/rsyncd is /usr/bin/rsync.

To fix this provide both the cmdline and exec name in parenthesis when the
exe name and the cmdline name differ.

For the above example you would see
29799 /usr/bin/rsync (/usr/sbin/rsyncd) not confined
---
 utils/unconfined | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/utils/unconfined b/utils/unconfined
index d50d77ffb..82e4266c3 100755
--- a/utils/unconfined
+++ b/utils/unconfined
@@ -25,6 +25,7 @@
 #    audit local system for processes listening on network connections
 #    that are not currently running with a profile.
 
+use strict;
 use Getopt::Long;
 
 use Immunix::SubDomain;
@@ -82,29 +83,34 @@ for my $pid (sort { $a <=> $b } @pids) {
         }
         close(CURRENT);
     }
+    my $cmdline = `cat /proc/$pid/cmdline`;
+    my $pname = (split(/\0/, $cmdline))[0];
+    if ($pname =~ /\// && !($pname eq $prog)) {
+	$pname = "($pname) ";
+    } else {
+	$pname = "";
+    }
     if (not $attr) {
         if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
 
             #my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
-            my $cmdline = `cat /proc/$pid/cmdline`;
             $cmdline =~ s/\0/ /g;
             $cmdline =~ s/\s+$//;
             chomp $cmdline;
             print "$pid $prog ($cmdline) " . gettext("not confined\n");
         } else {
-            print "$pid $prog " . gettext("not confined\n");
+            print "$pid $prog $pname" . gettext("not confined\n");
         }
     } else {
         if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
 
             #my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
-            my $cmdline = `cat /proc/$pid/cmdline`;
             $cmdline =~ s/\0/ /g;
             $cmdline =~ s/\s+$//;
             chomp $cmdline;
             print "$pid $prog ($cmdline) " . gettext("confined by") . " '$attr'\n";
         } else {
-            print "$pid $prog " . gettext("confined by") . " '$attr'\n";
+            print "$pid $prog $pname" . gettext("confined by") . " '$attr'\n";
         }
     }
 }