1
Origin: upstream, lp:apparmor
2
Subject: aa-logprof - fix handling of 'exec' events (LP: #872446)
4
fixes bug: https://launchpad.net/bugs/872446
5
committer: Steve Beattie <sbeattie@ubuntu.com>
7
timestamp: Tue 2012-03-27 17:15:50 -0700
9
Subject: aa-logprof - fix handling of 'exec' events (LP: #872446)
11
Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/872446
13
Due to logging changes for 'exec' events, 'exec' events in aa-logprof
14
were being skipped when a profile is in enforcing mode. This patch
20
committer: Steve Beattie <sbeattie@ubuntu.com>
22
timestamp: Tue 2012-03-27 17:18:44 -0700
24
Subject: fix autodep profile construction
26
This patch fixes a couple of issue with autodep:
28
1) The initial profile construction had not been adjusted to include
29
the 'allow' or 'deny' hash prefixing the path elements. This
30
fixes it by eliminating the path portion entirely and pushing
31
the path based accesses to the later analysis section of code.
33
2) the mode of the original binary was accidentally getting reset
34
to 0, when it was intended to initialize the audit field to 0.
37
utils/Immunix/AppArmor.pm | 43 +++++++++++++++++++++++++------------------
38
1 file changed, 25 insertions(+), 18 deletions(-)
40
Index: b/utils/Immunix/AppArmor.pm
41
===================================================================
42
--- a/utils/Immunix/AppArmor.pm
43
+++ b/utils/Immunix/AppArmor.pm
44
@@ -748,22 +748,12 @@ sub create_new_profile($) {
48
- if ($fqdbin =~ /^\// ) {
51
- flags => "complain",
52
- include => { "abstractions/base" => 1 },
53
- path => { $fqdbin => { mode => str_to_mode("mr") } },
59
- flags => "complain",
60
- include => { "abstractions/base" => 1 },
66
+ flags => "complain",
67
+ include => { "abstractions/base" => 1 },
71
# if the executable exists on this system, pull in extra dependencies
73
@@ -771,7 +761,7 @@ sub create_new_profile($) {
74
if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) {
75
my $interpreter = get_full_path($1);
76
$profile->{$fqdbin}{allow}{path}->{$fqdbin}{mode} |= str_to_mode("r");
77
- $profile->{$fqdbin}{allow}{path}->{$fqdbin}{mode} |= 0;
78
+ $profile->{$fqdbin}{allow}{path}->{$fqdbin}{audit} |= 0;
79
$profile->{$fqdbin}{allow}{path}->{$interpreter}{mode} |= str_to_mode("ix");
80
$profile->{$fqdbin}{allow}{path}->{$interpreter}{audit} |= 0;
81
if ($interpreter =~ /perl/) {
82
@@ -785,6 +775,8 @@ sub create_new_profile($) {
84
handle_binfmt($profile->{$fqdbin}, $interpreter);
86
+ $profile->{$fqdbin}{allow}{path}->{$fqdbin}{mode} |= str_to_mode("mr");
87
+ $profile->{$fqdbin}{allow}{path}->{$fqdbin}{audit} |= 0;
88
handle_binfmt($profile->{$fqdbin}, $fqdbin);
91
@@ -798,6 +790,7 @@ sub create_new_profile($) {
94
push @created, $fqdbin;
95
+ $DEBUGGING && debug( Data::Dumper->Dump([$profile], [qw(*profile)]));
96
return { $fqdbin => $profile };
99
@@ -2850,7 +2843,21 @@ sub add_event_to_tree ($) {
104
+ } elsif (defined $e->{name}) {
105
+ add_to_tree( $e->{pid},
117
+ $DEBUGGING && debug "add_event_to_tree: dropped exec event in $e->{profile}";
119
} elsif ($e->{operation} =~ m/file_/) {
120
add_to_tree( $e->{pid},