Both aarch64 and s390x have a bigger wtmp record size (16 bytes more than x86_64, 400 bytes total).
The byte position of the timestamp is also different on each architecture. To make things even more interesting, s390x is big endian.
Note that this MR includes more things, like
* moving `get_last_login_timestamp()` to the new `apparmor/notify.py` file
* add unit tests for it
* add wtmp example files from various architectures, including a hand-edited one claiming to be from 1999
* fixing a bug in `get_last_login_timestamp()` that unpacked `type` from too many bytes - which accidently worked on x86_64
* detecting from which architecture the wtmp file comes (luckily the timestamps are located at different locations)
See the individual commits for details.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1181155
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/809
Acked-by: John Johansen <john.johansen@canonical.com>
Ensure that pre-2000 and post-2050 dates get rejected, and something in
between gets accepted.
This also extends coverage to 100% - before, the post-2050 branch was
not covered.
Both aarch64 and s390x have a bigger wtmp record size (16 bytes more
than x86_64, 400 bytes total).
The byte position of the timestamp is also different on each
architecture. To make things even more interesting, s390x is big endian.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1181155
'type' is a short (see "ut_type" in wtmp(5)), therefore only read two
bytes and unpack them as short. Afterwards read two padding bytes to
/dev/null.
This accidently worked on x86_64 because it's little endian, but will
fail on big endian architectures.
Some distros use /run/lock/samba as the Samba lock directory, so allow
that in the samba abstraction in addition to /run/samba.
MR: https://gitlab.com/apparmor/apparmor!805
Acked-by: John Johansen <john.johansen@canonical.com>
... and some rules in the smbd profile to execute it and send it a term
signal.
samba-bgqd is (quoting its manpage) "an internal helper program
performing asynchronous printing-related jobs."
samba-bgqd was added in Samba 4.15.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1191532
MR: https://gitlab.com/apparmor!807
Acked-by: John Johansen <john.johansen@canonical.com>
... and some rules in the smbd profile to execute it and send it a term
signal.
samba-bgqd is (quoting its manpage) "an internal helper program
performing asynchronous printing-related jobs."
samba-bgqd was added in Samba 4.15.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1191532
A small patch set to fix two issues with binutils/aa-features-abi:
1. The `aa-features-abi -f` short argument was not added to the
`getopt_long()` set of short arguments, resulting in the command
incorrectly failing when passed -f
2. Due to variable shadowing the file descriptor for the `--file`
argument was not being autoclosed.
- binutils/aa-features-abi: make -f short arg actually be accepted
- binutils/aa-features-abi: fix failure to close fd due to shadowed
var decl
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/804
The variable used to store the file descriptor for the --file ended up
being declared twice, resulting in the autoclose attribute attached to
the first declaration being removed by the shadowed second declaration.
Fix this by converting the second declaration to just be an assignment,
as was intended.
strace output before:
[...]
) = 1925
close(1) = 0
exit_group(0) = ?
+++ exited with 0 +++
strace output after removing shadow declaration:
) = 1925
close(1) = 0
close(3) = 0
exit_group(0) = ?
+++ exited with 0 +++
(File descriptor 3 is what is returned by the open() call on the
--file argument.)
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/804
The aa-features-abi -f short argument was not added to the
getopt_long() set of short arguments, resulting in the command
incorrectly failing like so:
$ ./aa-features-abi -f /etc/apparmor.d/abi/3.0
./aa-features-abi: invalid option -- 'f'
USAGE: ./aa-features-abi [OPTIONS] <SOURCE> [OUTPUT OPTIONS]
[...]
The long --file option works as expected.
Fix this by adding f to the set of short arguments passed to
getopt_long().
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/804
The parser is broken on RLIMIT parsing when receiving unexpected input
because the shared state for this specifies RLIMIT_MODEINCLUDE which
is an unknown start condition resulting in the following warning
parser_lex.l:745: undeclared start condition RLIMIT_MODEINCLUDE
and also means RLIMIT and INCLUDE are not properly handled
Signed-off-by: John Johansen <john.johansen@canonical.com>
If /proc/*/attr/apparmor/current exists, only read that - instead of
falling back to /proc/*/attr/current if a process is for example
unconfined so that read_proc_current returns None.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/199
Some STATUS log events trigger a crash in aa-notify because the log
line doesn't have operation=. Examples are:
type=AVC msg=audit(1630913351.586:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0"
type=AVC msg=audit(1630913352.610:6): apparmor="STATUS" info="AppArmor sha1 policy hashing enabled" pid=1 comm="swapper/0"
Fix this by not looking at log events without operation=
Also add one of the example events as libapparmor testcase.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/194
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/797
Acked-by: John Johansen <john.johansen@canonical.com>
The default log format for void linux is not handled by current log
parsing. The following example message results in an invalid record
error.
2021-09-11T20:57:41.91645 kern.notice: [ 469.180605] audit: type=1400 audit(1631392703.952:3): apparmor="ALLOWED" operation="mkdir" profile="/usr/bin/kak" name="/run/user/1000/kakoune/" pid=2545 comm="kak" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
This log message fails on parsing
kern.notice:
which differs from the expect syslog format of
host_name kernel:
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/196
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/799
Signed-off-by: John Johansen <john.johansen@canonical.com>
When building with YYDEBUG=1 the following failure occurs
grammar.y:49:46: error: unknown type name ‘no_debug_unused_’; did you mean ‘debug_unused_’?
void aalogparse_error(unused_ void *scanner, no_debug_unused_ char const *s)
^~~~~~~~~~~~~~~~
debug_unused_
g
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/799
Signed-off-by: John Johansen <john.johansen@canonical.com>
Some STATUS log events trigger a crash in aa-notify because the log
line doesn't have operation=. Examples are:
type=AVC msg=audit(1630913351.586:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0"
type=AVC msg=audit(1630913352.610:6): apparmor="STATUS" info="AppArmor sha1 policy hashing enabled" pid=1 comm="swapper/0"
Fix this by not looking at log events without operation=
Also add one of the example events as libapparmor testcase.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/194
... instead of keeping an own version of it witht the exact same code
and a TODO note to use the one from common.
Also adjust the aa-easyprof tests to directly import AppArmorException
from apparmor.common.
* removes runtime dependency on which
* fixes aa-unconfined when ss is installed outside {/usr,}/bin
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/784
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Acked-by: John Johansen <john.johansen@canonical.com>
* removes runtime dependency on which
* fixes aa-unconfined when ss is installed outside {/usr,}/bin
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
$0 is always the name of the script, even if using it inside a function.
Therefore use $0 directly, and no longer hand it over as a parameter.
Also `chmod +x aa-remove-unknown` to make in-tree testing easier.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/785
Acked-by: John Johansen <john.johansen@canonical.com>
... instead of None.
This avoids the need to allow type changes (None vs. str).
Also adjust the tests accordingly.
While on it, simplify the tests for attachment.
attachment is always a str, therefore adjust the test to expect an empty
str ('') instead of None - and later converting that None to ''.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/786
Acked-by: John Johansen <john.johansen@canonical.com>
... using [] instead of {}
This should keep the order of checking (and therefore code coverage)
constant, and should fix the randomly appearing partial coverage in
severity.py handle_variable_rank(). In some random cases (depending in
which order the replacements were done and checked for their severity),
the coverage report indicated that the 'elif' condition was never false.
Note: This is only "coverage cosmetics". In "real users", it doesn't
matter in which order the variable replacements are checked because the
result doesn't depend on the ordering.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/790
Acked-by: John Johansen <john.johansen@canonical.com>
