From 13de4182c87a24a5c70e8ebab47a6bd91290f0be Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 29 Sep 2023 20:01:30 +0100 Subject: [PATCH] fix(aa-log): ensure unix logs generate unix rule. It may break some rule generation on old apparmor version (<3.1). But I don't have the time to support all apparmor version anyway... fix #225 --- pkg/aa/data_test.go | 2 +- pkg/aa/profile.go | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/pkg/aa/data_test.go b/pkg/aa/data_test.go index e25c78fe..2999c23d 100644 --- a/pkg/aa/data_test.go +++ b/pkg/aa/data_test.go @@ -159,7 +159,7 @@ var ( // Unix unix1Log = map[string]string{ "apparmor": "ALLOWED", - "class": "net", + "class": "unix", "family": "unix", "operation": "file_perm", "profile": "gsettings", diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go index 9168e1d0..714fbecd 100644 --- a/pkg/aa/profile.go +++ b/pkg/aa/profile.go @@ -92,11 +92,7 @@ func (p *AppArmorProfile) AddRule(log map[string]string) { case "cap": p.Rules = append(p.Rules, CapabilityFromLog(log, noNewPrivs, fileInherit)) case "net": - if log["family"] == "unix" { - p.Rules = append(p.Rules, UnixFromLog(log, noNewPrivs, fileInherit)) - } else { - p.Rules = append(p.Rules, NetworkFromLog(log, noNewPrivs, fileInherit)) - } + p.Rules = append(p.Rules, NetworkFromLog(log, noNewPrivs, fileInherit)) case "mount": p.Rules = append(p.Rules, MountFromLog(log, noNewPrivs, fileInherit)) case "remount":