On Thu, 2016-07-28 at 14:19 +0100, Mark Wadham wrote: > I tried to write an apparmor profile for plex media server, which has a > binary with spaces in the name. > > I put it in quotes in the apparmor profile, but then all the complain > messages have hashes where the name should be, eg: > > > > > [ 9551.412776] audit: type=1400 audit(1469711661.099:16933): > > apparmor="ALLOWED" operation="recvmsg" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25858 comm=506C657820444C4E41205365727665 lport=1900 family="inet" > > sock_type="dgram" protocol=17 requested_mask="receive" > > denied_mask="receive" > > [ 9551.418972] audit: type=1400 audit(1469711661.107:16934): > > apparmor="ALLOWED" operation="create" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="inet" > > sock_type="dgram" protocol=0 requested_mask="create" > > denied_mask="create" > > [ 9551.419247] audit: type=1400 audit(1469711661.107:16935): > > apparmor="ALLOWED" operation="create" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="inet" > > sock_type="dgram" protocol=0 requested_mask="create" > > denied_mask="create" > > [ 9551.419610] audit: type=1400 audit(1469711661.107:16936): > > apparmor="ALLOWED" operation="create" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="unix" > > sock_type="dgram" protocol=0 requested_mask="create" > > denied_mask="create" addr=none > > [ 9551.419712] audit: type=1400 audit(1469711661.107:16937): > > apparmor="ALLOWED" operation="create" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="unix" > > sock_type="dgram" protocol=0 requested_mask="create" > > denied_mask="create" addr=none > > [ 9551.419846] audit: type=1400 audit(1469711661.107:16938): > > apparmor="ALLOWED" operation="getsockname" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="inet" > > sock_type="dgram" protocol=17 requested_mask="getattr" > > denied_mask="getattr" > > [ 9551.419940] audit: type=1400 audit(1469711661.107:16939): > > apparmor="ALLOWED" operation="getpeername" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="inet" > > sock_type="dgram" protocol=17 requested_mask="getattr" > > denied_mask="getattr" > > [ 9551.420017] audit: type=1400 audit(1469711661.107:16940): > > apparmor="ALLOWED" operation="setsockopt" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="inet" > > sock_type="dgram" protocol=17 requested_mask="setopt" > > denied_mask="setopt" > > [ 9551.420106] audit: type=1400 audit(1469711661.107:16941): > > apparmor="ALLOWED" operation="connect" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 family="inet" > > sock_type="dgram" protocol=17 requested_mask="connect" > > denied_mask="connect" > > [ 9551.420196] audit: type=1400 audit(1469711661.107:16942): > > apparmor="ALLOWED" operation="getsockname" > > profile=2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469 > > 61205365727665722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665 > > 722F506C657820444C4E4120536572766572 > > pid=25983 comm=506C657820444C4E41205365727665 laddr=45.32.182.252 > > lport=38561 faddr=45.32.182.252 fport=42674 family="inet" > > sock_type="dgram" protocol=17 requested_mask="getattr" > > denied_mask="getattr" > Am I doing something wrong or is this just not very well supported yet? >
You can use the aa-decode command for this. Ie: $ aa-decode \ 2F7573722F6C69622F706C65786D656469617365727665722F506C6578204D656469612053657276 65722F2F6E756C6C2D2F7573722F6C69622F706C65786D656469617365727665722F506C65782044 4C4E4120536572766572 Decoded: /usr/lib/plexmediaserver/Plex Media Server//null- /usr/lib/plexmediaserver/Plex DLNA Server -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
