mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

'unconfined' can appear to mix up process names eg. (/usr/bin/rsync vs.

Browse source 
/usr/bin/rsyncd) bnc#408869

The unconfined tool shows:

[...]
29799 /usr/bin/rsync not confined
29799 /usr/bin/rsync not confined

This is because unconfined is grabbing the post symlink resolved exe filename
which for /usr/sbin/rsyncd is /usr/bin/rsync.

To fix this provide both the cmdline and exec name in parenthesis when the
exe name and the cmdline name differ.

For the above example you would see
29799 /usr/bin/rsync (/usr/sbin/rsyncd) not confined
This commit is contained in:
John Johansen 2008-11-21 12:31:22 +00:00
parent 07ded00bd3
commit 77caea2cc7
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
utils/unconfined
View file

@ -25,6 +25,7 @@
# audit local system for processes listening on network connections
# that are not currently running with a profile.
use strict;
use Getopt::Long;
use Immunix::SubDomain;
@ -82,29 +83,34 @@ for my $pid (sort { $a <=> $b } @pids) {
}
close(CURRENT);
}
my $cmdline = `cat /proc/$pid/cmdline`;
my $pname = (split(/\0/, $cmdline))[0];
if ($pname =~ /\// && !($pname eq $prog)) {
$pname = "($pname) ";
} else {
$pname = "";
}
if (not $attr) {
if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
#my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
my $cmdline = `cat /proc/$pid/cmdline`;
$cmdline =~ s/\0/ /g;
$cmdline =~ s/\s+$//;
chomp $cmdline;
print "$pid $prog ($cmdline) " . gettext("not confined\n");
} else {
print "$pid $prog " . gettext("not confined\n");
print "$pid $prog $pname" . gettext("not confined\n");
}
} else {
if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
#my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
my $cmdline = `cat /proc/$pid/cmdline`;
$cmdline =~ s/\0/ /g;
$cmdline =~ s/\s+$//;
chomp $cmdline;
print "$pid $prog ($cmdline) " . gettext("confined by") . " '$attr'\n";
} else {
print "$pid $prog " . gettext("confined by") . " '$attr'\n";
print "$pid $prog $pname" . gettext("confined by") . " '$attr'\n";
}
}
}