Merge [2.13..3.1] Ignore ´//null-` peers in signal and ptrace events

Ideally we'd update them to the chosen exec target - but until this is implemented, it doesn't make sense to ask about adding a //null-* peer to a profile. This commit is a manual backport of 41df2ca366 / https://gitlab.com/apparmor/apparmor/-/merge_requests/1090 (with indentation changed to match the 3.1 branch) I propose this patch for 2.13..3.1 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1107 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net> (cherry picked from commit 719251cac2) 7301aae2 Ignore ´//null-` peers in signal and ptrace events
2025-08-31 22:35:35 +00:00 · 2023-09-14 21:01:45 +00:00
parent c4f58178ec
commit f87fb39108
1 changed files with 6 additions and 0 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -1661,6 +1661,9 @@ def collapse_log(hashlog, ignore_null_profiles=True):

                ptrace = hashlog[aamode][full_profile]['ptrace']
                for peer in ptrace.keys():
+                    if '//null-' in peer:
+                        continue  # ignore null-* peers
+
                    for access in ptrace[peer].keys():
                        ptrace_event = PtraceRule(access, peer, log_event=True)
                        if not hat_exists or not is_known_rule(aa[profile][hat], 'ptrace', ptrace_event):
@@ -1668,6 +1671,9 @@ def collapse_log(hashlog, ignore_null_profiles=True):

                sig = hashlog[aamode][full_profile]['signal']
                for peer in sig.keys():
+                    if '//null-' in peer:
+                        continue  # ignore null-* peers
+
                    for access in sig[peer].keys():
                        for signal in sig[peer][access].keys():
                            signal_event = SignalRule(access, signal, peer, log_event=True)