mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

Merge branch 'cboltz-logprof-owner' into 'master'

Browse Source 
let aa-logprof detect 'owner' events (again)

See merge request apparmor/apparmor!34
This commit is contained in:
John Johansen 2017-12-22 20:16:16 +00:00
commit c3b0a3e512
9 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/libapparmor/testsuite/test_multi/avc_syslog_01.profile
View File

@ -1,4 +1,4 @@
/usr/sbin/cupsd {
/boot/ r,
owner /boot/ r,
}

2
libraries/libapparmor/testsuite/test_multi/syslog_audit_01.profile
View File

@ -1,4 +1,4 @@
/home/ubuntu/bzr/apparmor/tests/regression/apparmor/mkdir {
/tmp/sdtest.7283-14445-r31VAP/tmpdir/ w,
owner /tmp/sdtest.7283-14445-r31VAP/tmpdir/ w,
}

2
libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.profile
View File

@ -1,4 +1,4 @@
/home/ubuntu/bzr/apparmor/tests/regression/apparmor/link {
/tmp/sdtest.19088-12382-HWH57d/linkfile l,
owner /tmp/sdtest.19088-12382-HWH57d/linkfile l,
}

2
libraries/libapparmor/testsuite/test_multi/testcase_encoded_comm.profile
View File

@ -1,4 +1,4 @@
"/home/steve/tmp/my prog.sh" {
"/home/steve/tmp/my prog.sh" r,
owner "/home/steve/tmp/my prog.sh" r,
}

2
libraries/libapparmor/testsuite/test_multi/testcase_encoded_profile.profile
View File

@ -1,4 +1,4 @@
profile "test space" {
/lib/x86_64-linux-gnu/libdl-2.13.so r,
owner /lib/x86_64-linux-gnu/libdl-2.13.so r,
}

2
libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.profile
View File

@ -1,4 +1,4 @@
/home/ubuntu/bzr/apparmor/tests/regression/apparmor/link {
/tmp/sdtest.19088-12382-HWH57d/linkfile l,
owner /tmp/sdtest.19088-12382-HWH57d/linkfile l,
}

2
libraries/libapparmor/testsuite/test_multi/testcase_syslog_read.profile
View File

@ -1,4 +1,4 @@
/usr/sbin/vsftpd {
/home/bane/foo r,
owner /home/bane/foo r,
}

11
utils/apparmor/logparser.py
View File

@ -118,6 +118,10 @@ class ReadLog:
ev['protocol'] = event.net_protocol
ev['sock_type'] = event.net_sock_type
if event.ouid != 18446744073709551615: # 2^64 - 1
ev['fsuid'] = event.fsuid
ev['ouid'] = event.ouid
if ev['operation'] and ev['operation'] == 'signal':
ev['signal'] = event.signal
ev['peer'] = event.peer
@ -268,6 +272,13 @@ class ReadLog:
if not validate_log_mode(hide_log_mode(dmask)):
raise AppArmorException(_('Log contains unknown mode %s') % dmask)
if e.get('ouid') is not None and e['fsuid'] == e['ouid']:
# mark as "owner" event
if '::' not in rmask:
rmask = '%s::' % rmask
if '::' not in dmask:
dmask = '%s::' % dmask
# convert rmask and dmask to mode arrays
e['denied_mask'], e['name2'] = log_str_to_mode(e['profile'], dmask, e['name2'])
e['request_mask'], e['name2'] = log_str_to_mode(e['profile'], rmask, e['name2'])

2
utils/test/test-logparser.py
View File

@ -73,11 +73,13 @@ class TestParseEvent(unittest.TestCase):
'attr': None,
'denied_mask': 'r',
'error_code': 13,
'fsuid': 1002,
'info': 'Failed name lookup - disconnected path',
'magic_token': 0,
'name': 'var/run/nscd/passwd',
'name2': None,
'operation': 'file_mmap',
'ouid': 0,
'parent': 0,
'pid': 25333,
'profile': '/sbin/klogd',