For now just look at 'name=...' which is usually the last in the log entry,
so validate input against this and output based on it.
TODO: better handle other cases too
- Update matching regex for reordered kernel audit messages (when they
come through syslog). Ideally, rather than use a regex, the utils would
just use the log parsing library to determine whether it's a log even
of interest.
- fix debugging code write a logfile in /var/log/apparmor and not a
predictable location in /tmp; File::Temp would be the right solution
except that the log file is created in a BEGIN clause, and
File::Temp.new() ends up returning an unopened filehandle in that
situation, so logging fails. Someone with more perl-fu may know how to
fix that.
Fork tracking is broken by the kernel message for clone no longer supplying
the child pid correctly. Instead the parent pid will be output with each
message and the tools will fake a fork when they detect a previously
unknow parent child relationship.
/usr/bin/rsyncd) bnc#408869
The unconfined tool shows:
[...]
29799 /usr/bin/rsync not confined
29799 /usr/bin/rsync not confined
This is because unconfined is grabbing the post symlink resolved exe filename
which for /usr/sbin/rsyncd is /usr/bin/rsync.
To fix this provide both the cmdline and exec name in parenthesis when the
exe name and the cmdline name differ.
For the above example you would see
29799 /usr/bin/rsync (/usr/sbin/rsyncd) not confined
- flags being dropped from hats
- rules can be poorly split on writing the profile
- identical rules with different permissions are not properly combined, so
that only permissions of the last rule are kept
Added missing capabilities names.
Simple rlimits support. It doesn't care about range of individual limit,
you can add ie -100G stack size or 100M nice. But maybe sufficient?
- rpc was failing when passing arrays because the perl is_utf8 string flag
was set even though its only sending numbers but newer HTTP::Message
checks for this is_utf8 and if it finds it aborts.
- fix local profiles
local profiles were failing because
1.) the parameters to serialize_profile were bad
2.) the file location was not getting updated so they would get written
back to the inactive profiles directory
