mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 23:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(aa-log): ensure unix logs generate unix rule.

Browse source 
It may break some rule generation on old apparmor version (<3.1). But I don't have the time to support all apparmor version anyway...

fix #225
This commit is contained in:
Alexandre Pujol 2023-09-29 20:01:30 +01:00
parent 70dc9b7844
commit 13de4182c8
Failed to generate hash of commit
2 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/aa/data_test.go
View file

@ -159,7 +159,7 @@ var (
// Unix // Unix
unix1Log = map[string]string{ unix1Log = map[string]string{
"apparmor": "ALLOWED", "apparmor": "ALLOWED",
"class": "net", "class": "unix",
"family": "unix", "family": "unix",
"operation": "file_perm", "operation": "file_perm",
"profile": "gsettings", "profile": "gsettings",

4
pkg/aa/profile.go
View file

@ -92,11 +92,7 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
case "cap": case "cap":
p.Rules = append(p.Rules, CapabilityFromLog(log, noNewPrivs, fileInherit)) p.Rules = append(p.Rules, CapabilityFromLog(log, noNewPrivs, fileInherit))
case "net": case "net":
if log["family"] == "unix" {
p.Rules = append(p.Rules, UnixFromLog(log, noNewPrivs, fileInherit))
} else {
p.Rules = append(p.Rules, NetworkFromLog(log, noNewPrivs, fileInherit)) p.Rules = append(p.Rules, NetworkFromLog(log, noNewPrivs, fileInherit))
}
case "mount": case "mount":
p.Rules = append(p.Rules, MountFromLog(log, noNewPrivs, fileInherit)) p.Rules = append(p.Rules, MountFromLog(log, noNewPrivs, fileInherit))
case "remount": case "remount":