~ubuntu-branches/ubuntu/hardy/apparmor/hardy-proposed

Committer: Bazaar Package Importer
Author(s): Kees Cook, Mathias Gug, Kees Cook
Date: 2007-09-12 13:14:02 UTC
Revision ID: james.westby@ubuntu.com-20070912131402-ddq6yhifebd5zl8n

Tags: 2.1+961-0ubuntu2

[ Mathias Gug ]
* Disable html documentation: Fixes LP: #139091.
  * parser/Makefile, debian/rules: disable html documentation building.
  * debian/control: remove latex2html dependency.
* profiles/apparmor.d/usr.sbin.avahi-daemon: add sys_chroot capability.
  Fixes LP: #139092.

[ Kees Cook ]
* profiles/apparmor.d/abstractions/user-tmp: adjust directory permissions
  for newly unmasked /tmp handling (LP: #138978).
* utils/SubDomain.pm: disable remote repositories until RPC::XML MIR
  clears (LP: 139091).
* utils/*.pod: adjust for Ubuntu paths and "aa-" prefixes (LP: #116647).
* Fix upgrades to not unload profiles, which would cause programs to
  become unconfined:
  - debian/rules: don't stop apparmor on upgrades.
  - debian/apparmor.postinst: reload profiles after a configure.

Show diffs side-by-side

added added

removed removed

utils/logprof.pod

=head1 NAME

logprof - utility program for managing AppArmor security profiles

aa-logprof - utility program for managing AppArmor security profiles

=head1 SYNOPSIS

B<logprof [I<-d /path/to/profiles>] [I<-f /path/to/logfile>] [I<-m E<lt>mark in logfileE<gt>>]>

B<aa-logprof [I<-d /path/to/profiles>] [I<-f /path/to/logfile>] [I<-m E<lt>mark in logfileE<gt>>]>

=head1 OPTIONS

B< -m --logmark "mark">

logprof will ignore all events in the system log before the

aa-logprof will ignore all events in the system log before the

specified mark is seen. If the mark contains spaces, it must

be surrounded with quotes to work correctly.

=head1 DESCRIPTION

B<logprof> is an interactive tool used to review AppArmor's

B<aa-logprof> is an interactive tool used to review AppArmor's

complain mode output and generate new entries for AppArmor security

profiles.

Running logprof will scan the log file and if there are new AppArmor

Running aa-logprof will scan the log file and if there are new AppArmor

events that are not covered by the existing profile set, the user will

be prompted with suggested modifications to augment the profile.

When logprof exits profile changes are saved to disk. If AppArmor is

When aa-logprof exits profile changes are saved to disk. If AppArmor is

running, the updated profiles are reloaded and if any processes that

generated AppArmor events are still running in the null-complain-profile,

those processes are set to run under their proper profiles.

=head2 Responding to AppArmor Events

B<logprof> will generate a list of suggested profile changes that

B<aa-logprof> will generate a list of suggested profile changes that

the user can choose from, or they can create their own, to modifiy the

permission set of the profile so that the generated access violation

will not re-occur.

path for this event, they'll be informed and have the option to fix it.

If the user selects (G)lob last piece then, taking the currently selected

option, logprof will remove the last path element and replace it with /*.

option, aa-logprof will remove the last path element and replace it with /*.

If the last path element already was /*, logprof will go up a directory

If the last path element already was /*, aa-logprof will go up a directory

level and replace it with /**.

100

This new globbed entry is then added to the suggestion list and marked

103

So /usr/share/themes/foo/bar/baz.gif can be turned into

104

/usr/share/themes/** by hitting "g" three times.

105

106

If the user selects (A)llow, logprof will take the current selection

106

If the user selects (A)llow, aa-logprof will take the current selection

107

and add it to the profile, deleting other entries in the profile that

108

are matched by the new entry.

109

110

Adding r access to /usr/share/themes/** would delete an entry for r

111

access to /usr/share/themes/foo/*.gif if it exists in the profile.

112

113

If (Q)uit is selected at this point, logprof will ignore all new pending

113

If (Q)uit is selected at this point, aa-logprof will ignore all new pending

114

capability and path accesses.

115

116

After all of the path accesses have been handled, logrof will write all

119

=head2 New Process (Execution) Events

120

121

If there are unhandled x accesses generated by the execve(2) of a

122

new process, logprof will display the parent profile and the target

122

new process, aa-logprof will display the parent profile and the target

123

program that's being executed and prompt the user to select and execute

124

modifier. These modifiers will allow a choice for the target to: have it's

125

own profile (px), inherit the parent's profile (ix), run unconstrained

126

(ux), or deny access for the target. See apparmor.d(5) for details.

127

128

If there is a corresponding entry for the target in the qualifiers

129

section of /etc/logprof.conf, the presented list will contain only the

129

section of /etc/apparmor/logprof.conf, the presented list will contain only the

130

allowed modes.

131

132

The default option for this question is selected using this logic--

138

# else

139

# deny is default

140

141

logprof will never suggest "ux" as the default.

141

aa-logprof will never suggest "ux" as the default.

142

143

=head2 ChangeHat Events

144

162

=head1 SEE ALSO

163

164

klogd(8), auditd(8), apparmor(7), apparmor.d(5), change_hat(2),

165

logprof.conf(5), genprof(1), complain(1), enforce(1), and

165

logprof.conf(5), aa-genprof(1), aa-complain(1), aa-enforce(1), and

166

L<http://forge.novell.com/modules/xfmod/project/?apparmor>.

167

168

=cut

Older »