Merge Prevent crash on log entries for non-existing profile

If audit.log contains entries for a profile that doesn't exist (for example when working with a log file from another system), skip these log entries instead of crashing. Reproducer (crashes without this patch): aa-logprof -f <(echo 'type=AVC msg=audit(1661739121.578:77893): apparmor="DENIED" operation="open" profile="no_such_profile" name="/run/" pid=33099 comm="no" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0') I propose this patch for 3.1 and master. (3.0 and older are not affected and do not need this fix.) MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/919 Approved-by: Jon Tourville <jon.tourville@canonical.com> Merged-by: Christian Boltz <apparmor@cboltz.de>
2025-03-04 16:35:02 +01:00 · 2022-08-29 19:56:01 +00:00 · 2022-08-29 19:56:01 +00:00 · f5594fbb7c
commit f5594fbb7c
parent 447199029e 94c7c79c8b
1 changed files with 1 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -1118,7 +1118,7 @@ def ask_the_questions(log_dict):
            else:
                sev_db.set_variables({})

-            if True:
+            if aa.get(profile):  # only continue/ask if the parent profile exists
                if not aa[profile].get(hat, {}).get('file'):
                    if aamode != 'merge':
                        # Ignore log events for a non-existing profile or child profile. Such events can occur