Both aarch64 and s390x have a bigger wtmp record size (16 bytes more
than x86_64, 400 bytes total).
The byte position of the timestamp is also different on each
architecture. To make things even more interesting, s390x is big
endian.
Note that this MR includes more things, like
* moving `get_last_login_timestamp()` to the new `apparmor/notify.py` file
* add unit tests for it
* add wtmp example files from various architectures, including a
hand-edited one claiming to be from 1999
* fixing a bug in `get_last_login_timestamp()` that unpacked `type` from
too many bytes - which accidently worked on x86_64
* detecting from which architecture the wtmp file comes (luckily the
timestamps are located at different locations)
See the individual commits for details.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1181155
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/809
(cherry picked from commit ca276d2bfd)
Acked-by: John Johansen <john.johansen@canonical.com>
Ensure that pre-2000 and post-2050 dates get rejected, and something in
between gets accepted.
This also extends coverage to 100% - before, the post-2050 branch was
not covered.
Both aarch64 and s390x have a bigger wtmp record size (16 bytes more
than x86_64, 400 bytes total).
The byte position of the timestamp is also different on each
architecture. To make things even more interesting, s390x is big endian.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1181155
'type' is a short (see "ut_type" in wtmp(5)), therefore only read two
bytes and unpack them as short. Afterwards read two padding bytes to
/dev/null.
This accidently worked on x86_64 because it's little endian, but will
fail on big endian architectures.
A small patch set to fix two issues with binutils/aa-features-abi:
1. The `aa-features-abi -f` short argument was not added to the
`getopt_long()` set of short arguments, resulting in the command
incorrectly failing when passed -f
2. Due to variable shadowing the file descriptor for the `--file`
argument was not being autoclosed.
- binutils/aa-features-abi: make -f short arg actually be accepted
- binutils/aa-features-abi: fix failure to close fd due to shadowed
var decl
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/804
(cherry picked from commit a24cda5ae1)
8137beb2 binutils/aa-features-abi: make -f short arg actually be accepted
ffc6529b binutils/aa-features-abi: fix failure to close fd due to shadowed var decl
parser: Fix unknown state condition RLIMIT_MODEINCLDE
See merge request apparmor/apparmor!803
Acked-by: Christian Boltz for all branches
(cherry picked from commit b0bc0d5323)
dc7755e5 parser: Fix unknown state condition RLIMIT_MODEINCLDE
The default log format for void linux is not handled by current log
parsing. The following example message results in an invalid record
error.
2021-09-11T20:57:41.91645 kern.notice: [ 469.180605] audit: type=1400 audit(1631392703.952:3): apparmor="ALLOWED" operation="mkdir" profile="/usr/bin/kak" name="/run/user/1000/kakoune/" pid=2545 comm="kak" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
This log message fails on parsing
kern.notice:
which differs from the expect syslog format of
host_name kernel:
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/196
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/799
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit b32b898a9a)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Some STATUS log events trigger a crash in aa-notify because the log
line doesn't have operation=. Examples are:
type=AVC msg=audit(1630913351.586:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0"
type=AVC msg=audit(1630913352.610:6): apparmor="STATUS" info="AppArmor sha1 policy hashing enabled" pid=1 comm="swapper/0"
Fix this by not looking at log events without operation=
Also add one of the example events as libapparmor testcase.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/194
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/797
Acked-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit c37586cd11)
Signed-off-by: John Johansen <john.johansen@canonical.com>
add a missing slash at the end of the sys rule
See merge request apparmor/apparmor!791
Acked-by: Christian Boltz <apparmor@cboltz.de> for 2.12..master
(cherry picked from commit 4fd7bcc289)
b3dcd02d add a missing slash at the end of the sys rule
Merge branch 'fix-policy-cache-regression-tests' into 'master'
When using the system parser ${parser_config} will be empty and so if this
is unconditionally passed as an argument to the parser then this gets in
interpreted as the name of a file to be compiled and hence the parser just
prints:
File not found, skipping...
File not found, skipping...
File not found, skipping...
...
for all the aa_policy_cache tests - instead fix this to pass a single args
argument to the parser which will only include parser_config if it is not
empty.
This fixes the regression tests to run to completion without error when
USE_SYSTEM=1 is set.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/782
Signed-off-by: Alex Murray <alex.murray@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
(cherry picked from commit 8d0b48df12)
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
libapparmor performs a test for the new stacking interface, however
how it does this test is problematic as it requires all confined
tasks to be given read access to the task introspection interface.
This results in tasks needing to be given read access to the interface
even if they don't need it. Making it possible for tasks to discover
their confinement even if they are not supposed to be able to.
Instead change the check to using state on the parent directory.
This will generate a getattr request instead of read and make it
on the directory instead of on any interface file that could be
used to obtain information.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen john.johansen@canonical.com
Acked-by: Timeout
(cherry-picked from commit 29215b4784)
Signed-off-by: John Johansen john.johansen@canonical.com
Adjust the interface check and fallback. Unfortunately there is no
solution that will fix all failure cases. Instead try to minimize
the failure cases and bias towards failures that don't cause a
regression under an old parser/policy.
Note: In cases where we absolutely know the interface should not
be accessed fail those accesses imediately instead of relying
on what ever LSM active to handle it.
While we are at it document the interfaces and failure cases.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 35e58273e6)
Signed-off-by: John Johansen <john.johansen@canonical.com>
The parameter that is landing upstream in "available" not
"private_enabled".
Also set the correct variable, as previously we were not.
Note: that skipping checking available for the private apparmor
proc interfaces is okay, as the dedicated apparmor interfaces will
fail correctly if available is False.
This just gives a clear way for userspace to query this info without
having to resort to error codes that access to the private interfaces
would return.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 3fb4c4b876)
Signed-off-by: John Johansen <john.johansen@canonical.com>
libapparmor performs a test for the new stacking interface, however
how it does this test is problematic as it requires all confined
tasks to be given read access to the task introspection interface.
This results in tasks needing to be given read access to the interface
even if they don't need it. Making it possible for tasks to discover
their confinement even if they are not supposed to be able to.
Instead change the check to using stat on the parent directory.
This will generate a getattr request instead of read and make it
on the directory instead of on any interface file that could be
used to obtain information.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/150
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/713
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 6c4ed2af8d)
Signed-off-by: John Johansen <john.johansen@canonical.com>
Currently for directory includes the directory timestamp is ignored.
This is wrong as operations like removing a file from the dir won't
be considered in the timestamp check.
Fix this by updating the timestamp check to include the included
directories timestamp.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/760
Signed-off-by: John Johansen <john@jjmx.net>
Acked-by: Georgia Garcia <georgia.garcia@canonical.com>
(cherry picked from commit 3d1232e640)
... and include it in abstractions/base.
This is a backport of
https://gitlab.com/apparmor/apparmor/-/merge_requests/772 which only
adds the crypto abstraction, but doesn't clean up the rules moved from
other abstractions into crypto.
Details:
* @{etc_ro}/gcrypt/random.conf r, (new rule) is possibly needed for all
programs that use libgcrypt.
* @{PROC}/sys/crypto/* r, (from base)
* crypto-policies (from ssl_certs)
* @{PROC}/sys/crypto/fips_enabled (from openssl)
MR 722 contains individual commits with more details.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/773
Acked-by: John Johansen <john.johansen@canonical.com>
... and include it in abstractions/base.
This is a backport of
https://gitlab.com/apparmor/apparmor/-/merge_requests/772 which only
adds the crypto abstraction, but doesn't clean up the rules moved from
other abstractions into crypto.
Details:
* @{etc_ro}/gcrypt/random.conf r, (new rule) is possibly needed for all
programs that use libgcrypt.
* @{PROC}/sys/crypto/* r, (from base)
* crypto-policies (from ssl_certs)
* @{PROC}/sys/crypto/fips_enabled (from openssl)
MR 722 contains individual commits with more details.
