mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ignore ptrace log events without denied_mask

Browse source 
This fixes a crash in the tools.

Reported by peetaur on IRC.


Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.11.
This commit is contained in:
Christian Boltz 2017-05-20 01:05:33 +02:00
parent fe612e771b
commit 4dbc7e0f4b
5 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.in Normal file
View file

@ -0,0 +1 @@
type=AVC msg=audit(1495217772.047:4471): apparmor="DENIED" operation="ptrace" profile="/usr/bin/pidgin" pid=21704 comm="pidgin" peer="unconfined"

11
libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.out Normal file
View file

@ -0,0 +1,11 @@
START
File: ptrace_1.in
Event type: AA_RECORD_DENIED
Audit ID: 1495217772.047:4471
Operation: ptrace
Profile: /usr/bin/pidgin
Peer: unconfined
Command: pidgin
PID: 21704
Epoch: 1495217772
Audit subid: 4471

2
libraries/libapparmor/testsuite/test_multi/ptrace_no_denied_mask.profile Normal file
View file

@ -0,0 +1,2 @@
/usr/bin/pidgin {
}

3
utils/apparmor/logparser.py
View file

@ -341,6 +341,9 @@ class ReadLog:
if not e['peer']:
self.debug_logger.debug('ignored garbage ptrace event with empty peer')
return None
if not e['denied_mask']:
self.debug_logger.debug('ignored garbage ptrace event with empty denied_mask')
return None
return(e['pid'], e['parent'], 'ptrace',
[profile, hat, prog, aamode, e['denied_mask'], e['peer']])