mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ignore file_perm events without request_mask

Browse source 
For some (not yet known) reason, we get file_perm events without
request_mask set, which causes an aa-logprof crash.

Reproducer log entry:
Jun 19 12:00:55 piorun kernel: [4475115.459952] audit: type=1400 audit(1434708055.676:19629): apparmor="ALLOWED" operation="file_perm" profile="/usr/sbin/apache2" pid=3512 comm="apache2" laddr=::ffff:193.0.236.159 lport=80 faddr=::ffff:192.168.103.80 fport=61985 family="inet6" sock_type="stream" protocol=6

This patch changes logparser.py to ignore those events.

References: https://bugs.launchpad.net/apparmor/+bug/1466812/


Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
This commit is contained in:
Christian Boltz 2015-07-08 22:34:38 +02:00
parent 56ac5c3e5a
commit 16e6d5ffd9
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
utils/apparmor/logparser.py
View file

@ -253,6 +253,11 @@ class ReadLog:
'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link', 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link',
'sysctl', 'getattr', 'setattr', 'xattr'] ): 'sysctl', 'getattr', 'setattr', 'xattr'] ):
# for some reason, we get file_perm log events without request_mask, see https://bugs.launchpad.net/apparmor/+bug/1466812/
if e['operation'] == 'file_perm' and e['request_mask'] is None:
self.debug_logger.debug('UNHANDLED (missing request_mask): %s' % e)
return None
# Map c (create) to a and d (delete) to w (logging is more detailed than the profile language) # Map c (create) to a and d (delete) to w (logging is more detailed than the profile language)
rmask = e['request_mask'] rmask = e['request_mask']
rmask = rmask.replace('c', 'a') rmask = rmask.replace('c', 'a')