mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 05:17:59 +00:00
Code Issues Releases Wiki Activity

'unconfined' can appear to mix up process names eg. (/usr/bin/rsync vs.

Browse Source 
/usr/bin/rsyncd) bnc#408869

The unconfined tool shows:

[...]
29799 /usr/bin/rsync not confined
29799 /usr/bin/rsync not confined

This is because unconfined is grabbing the post symlink resolved exe filename
which for /usr/sbin/rsyncd is /usr/bin/rsync.

To fix this provide both the cmdline and exec name in parenthesis when the
exe name and the cmdline name differ.

For the above example you would see
29799 /usr/bin/rsync (/usr/sbin/rsyncd) not confined
This commit is contained in:
John Johansen 2008-11-21 12:31:22 +00:00
parent 07ded00bd3
commit 77caea2cc7
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
utils/unconfined
View File

@ -25,6 +25,7 @@
# audit local system for processes listening on network connections # audit local system for processes listening on network connections
# that are not currently running with a profile. # that are not currently running with a profile.
use strict;
use Getopt::Long; use Getopt::Long;
use Immunix::SubDomain; use Immunix::SubDomain;
@ -82,29 +83,34 @@ for my $pid (sort { $a <=> $b } @pids) {
} }
close(CURRENT); close(CURRENT);
} }
my $cmdline = `cat /proc/$pid/cmdline`;
my $pname = (split(/\0/, $cmdline))[0];
if ($pname =~ /\// && !($pname eq $prog)) {
$pname = "($pname) ";
} else {
$pname = "";
}
if (not $attr) { if (not $attr) {
if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) { if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
#my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1]; #my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
my $cmdline = `cat /proc/$pid/cmdline`;
$cmdline =~ s/\0/ /g; $cmdline =~ s/\0/ /g;
$cmdline =~ s/\s+$//; $cmdline =~ s/\s+$//;
chomp $cmdline; chomp $cmdline;
print "$pid $prog ($cmdline) " . gettext("not confined\n"); print "$pid $prog ($cmdline) " . gettext("not confined\n");
} else { } else {
print "$pid $prog " . gettext("not confined\n"); print "$pid $prog $pname" . gettext("not confined\n");
} }
} else { } else {
if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) { if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
#my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1]; #my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
my $cmdline = `cat /proc/$pid/cmdline`;
$cmdline =~ s/\0/ /g; $cmdline =~ s/\0/ /g;
$cmdline =~ s/\s+$//; $cmdline =~ s/\s+$//;
chomp $cmdline; chomp $cmdline;
print "$pid $prog ($cmdline) " . gettext("confined by") . " '$attr'\n"; print "$pid $prog ($cmdline) " . gettext("confined by") . " '$attr'\n";
} else { } else {
print "$pid $prog " . gettext("confined by") . " '$attr'\n"; print "$pid $prog $pname" . gettext("confined by") . " '$attr'\n";
} }
} }
} }