mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

collapse_log: ignore events from null-* profiles

Browse Source 
If final_name still includes null-*, that's most likely caused by nested
execs which aren't supported by the tools yet. Ignoring them is better
than creating a useless null-* hat.

Note: The tools always had this restriction, so this is not a regression ;-)

Also note that test-libapparmor-test_multi expects that null-* hats get
created (which makes sense because the one-line log sniplets don't have
any exec indication), therefore add an optional parameter to keep this
behaviour for the tests.
This commit is contained in:
Christian Boltz
2019-05-09 17:49:09 +02:00
parent 387d1646c8
commit 836caca462
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
utils/test/test-libapparmor-test_multi.py
View File

@@ -239,7 +239,7 @@ def logfile_to_profile(logfile):
apparmor.aa.ask_exec(hashlog)
apparmor.aa.ask_addhat(hashlog)
log_dict = apparmor.aa.collapse_log(hashlog)
log_dict = apparmor.aa.collapse_log(hashlog, ignore_null_profiles=False)
if profile != hat:
# log event for a child profile means log_dict only contains the child profile