of a mix of symlinks to non-prefixed comands, and "apparmor_" prefixed
commands.
This also refactors the manpage generation slightly since we no longer
need special cases for the manpages, and drops aa-eventd from the default
list of tools to install (it also lacks a manpage).
This just adds prototypes to all functions to make further cleanup
slightly easier by getting perl to complain if not enough args are
passed to a function. Perl doesn't appear to complain about this in
every case even with prototypes, which is kind of annoying.
One of the uses of eval { } wasn't checking $@ for errors, so if
something bad happened, it'd be silently ignored. This just adds in
an extra check to die if we hit a failure.
started. Since apparmor_notify is not installed by default and not started
by default, the act of installing and starting it implies the desire to
get messages.
https://bugs.launchpad.net/apparmor/+bug/623467
This patch adds some additional testcases to the log parsing
testsuite, to cover rejections for operations that aren't covered by
other testcase (truncate, rename_src, rename_dest, mkdir) as well
as fixing SubDomain.pm to take those operations into account when
parsing log files.
The operations link, unlink, and possibly setattr still need to be
covered by SubDomain.pm
when auditd logs get rotated)
- use getgrnam() with setgid when dropping to nobody_group
- add '-u USER' option to drop to this user when running priviliged but
not under sudo. Useful for starting when logged in as root.
- add a read access check before get_logfile_inode() so we don't have to
wait for the timeout in get_logfile_inode()
- set euid only when dropping privileges, instead of using POSIX::setuid()
which sets uid, euid and saved id when starting privileged
- create send_message() function which fork/execs so that we can set the
real uid before calling notify-send (notify-send looks at the real uid
when trying to connect to dbus)
- adjust reopen_logfile() to raise privileges (via euid) before accessing
logfile when $< != $>. Drop them again after open().
- also check for inode change
- update size to use stat
- treat logfile_size like logfile_inode
- update logfile_size and logfile_inode in reopen_logfile()
- add -f option to optionally specify the logfile
- when polling, check to see if the logfile size decreased, and if so, reopen
it. Currently this only works if you can read the file after dropping
privileges
For now just look at 'name=...' which is usually the last in the log entry,
so validate input against this and output based on it.
TODO: better handle other cases too
- Update matching regex for reordered kernel audit messages (when they
come through syslog). Ideally, rather than use a regex, the utils would
just use the log parsing library to determine whether it's a log even
of interest.
- fix debugging code write a logfile in /var/log/apparmor and not a
predictable location in /tmp; File::Temp would be the right solution
except that the log file is created in a BEGIN clause, and
File::Temp.new() ends up returning an unopened filehandle in that
situation, so logging fails. Someone with more perl-fu may know how to
fix that.
Fork tracking is broken by the kernel message for clone no longer supplying
the child pid correctly. Instead the parent pid will be output with each
message and the tools will fake a fork when they detect a previously
unknow parent child relationship.
/usr/bin/rsyncd) bnc#408869
The unconfined tool shows:
[...]
29799 /usr/bin/rsync not confined
29799 /usr/bin/rsync not confined
This is because unconfined is grabbing the post symlink resolved exe filename
which for /usr/sbin/rsyncd is /usr/bin/rsync.
To fix this provide both the cmdline and exec name in parenthesis when the
exe name and the cmdline name differ.
For the above example you would see
29799 /usr/bin/rsync (/usr/sbin/rsyncd) not confined
