mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils
History
Christian Boltz 0792e73ee9 Avoid raising an exception for hats in includes in aa-logprof 
aa-logprof raises an exception if
- an include file contains a hat
- that file is included in a profile and
- aa-logprof hits an audit log entry for this profile

Reproducer ("works" on 2.9 and trunk):
python3 aa-logprof -f <(echo 'Jun 19 11:50:36 piorun kernel: [4474496.458789] audit: type=1400 audit(1434707436.696:153): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2" name="/etc/gai.conf" pid=2910 comm="apache2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0') -d ../profiles/apparmor.d/

This happens because profiles/apparmor.d/apache2.d/phpsysinfo was
already read when pre-loading the include files.

This patch changes aa.py parse_profile_data() to only raise the
exception if it is not handling includes currently.


Acked-by: Steve Beattie <steve@nxnw.org> for both trunk and 2.9.
2015-07-09 15:12:43 +02:00
..
apparmor Avoid raising an exception for hats in includes in aa-logprof 2015-07-09 15:12:43 +02:00
easyprof Add aa-easyprof and easyprof.py and related pieces from the Ubuntu 2014-02-13 17:53:40 -08:00
po Launchpad automatic translations update. 2015-05-25 05:09:25 +00:00
test Add tests for RE_PROFILE_START and parse_profile_start_line() with unusual whitespace around flags 2015-07-08 22:50:01 +02:00
vim rename _clean to pod_clean in Makefiles 2015-01-30 22:15:53 +01:00
aa-audit Improve exception handling 2015-07-06 22:02:34 +02:00
aa-audit.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-autodep Improve exception handling 2015-07-06 22:02:34 +02:00
aa-autodep.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-cleanprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-cleanprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-complain Improve exception handling 2015-07-06 22:02:34 +02:00
aa-complain.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-decode speed up aa-decode by using a bash regex matching instead of calling egrep for each line. 2013-01-01 20:15:04 +01:00
aa-decode.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-disable Improve exception handling 2015-07-06 22:02:34 +02:00
aa-disable.pod utils: remove aa-enforce '--remove' option 2014-03-03 14:59:47 -08:00
aa-easyprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-easyprof.pod utils/aa-easyprof.pod: corrections for --show-templates and 2015-03-27 16:33:35 -05:00
aa-enforce Improve exception handling 2015-07-06 22:02:34 +02:00
aa-enforce.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-exec remove unneeded perl requires on Time::Local and File::Basename 2013-06-27 12:11:09 -05:00
aa-exec.pod fix broken URLs in various utils/*.pod files. 2013-09-19 21:17:39 +02:00
aa-genprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-genprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-logprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-logprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-mergeprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-mergeprof.pod update the aa-mergeprof manpage to match the new commandline syntax 2014-10-16 20:26:45 +02:00
aa-notify aa-notify: also display notifications for complain mode events 2015-04-29 01:03:17 +02:00
aa-notify.pod add missing --display to aa-notify.pod 2014-09-08 20:40:33 +02:00
aa-sandbox Improve exception handling 2015-07-06 22:02:34 +02:00
aa-sandbox.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-status Improve exception handling 2015-07-06 22:02:34 +02:00
aa-status.pod fix broken URLs in various utils/*.pod files. 2013-09-19 21:17:39 +02:00
aa-unconfined Improve exception handling 2015-07-06 22:02:34 +02:00
aa-unconfined.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
check_po.pl utitlity to look for problems in the po files. 2007-08-15 19:24:49 +00:00
logprof.conf Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00
logprof.conf.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
Makefile Delete apparmor/rule/ python cache files in "make clean" 2015-05-11 21:57:55 +02:00
notify.conf Here is a patch to standardize on all utils using the "aa-" prefix instead 2010-11-03 17:03:52 -07:00
python-tools-setup.py utils: fix python install for rule/ subdirectory 2015-01-13 13:03:11 -08:00
README.md Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
severity.db Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00

README.md

Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.