On 07/29/2016 04:06 PM, Christian Boltz wrote: > Hello, > > we already ignore network events that look like file events (based on > the operation keyword) if they have a request_mask of 'send' or > 'receive' to avoid aa-logprof crashes because of "unknown" permissions. > It turned out that both can happen at once, so we should also ignore > this case. > > Also add the now-ignored log event as test_multi testcase. > > > References: https://bugs.launchpad.net/apparmor/+bug/1577051 #13 > > > > I propose this patch for trunk, 2.10 and 2.9.
Acked-by: Tyler Hicks <[email protected]> Thanks for getting to this fix so quickly! Tyler > > > [ 01-logparser-send-receive.diff ] > > --- utils/apparmor/logparser.py 2016-06-05 20:28:24.214423206 +0200 > +++ utils/apparmor/logparser.py 2016-07-29 22:56:57.660828070 +0200 > @@ -310,7 +310,7 @@ > # sometimes network events come with an e['operation'] that > matches the list of file operations > # see https://bugs.launchpad.net/apparmor/+bug/1577051 and > https://bugs.launchpad.net/apparmor/+bug/1582374 > # XXX these events are network events, so we should map them as > such > - if e['request_mask'] in ('send', 'receive'): > + if 'send' in e['request_mask'] or 'receive' in e['request_mask']: > self.debug_logger.debug('UNHANDLED (request_mask is send or > receive): %s' % e) > return None > > === added file > 'libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.err' > === added file > 'libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.in' > --- > libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.in > 1970-01-01 00:00:00 +0000 > +++ > libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.in > 2016-07-29 20:59:48 +0000 > @@ -0,0 +1,1 @@ > +Jul 29 11:42:05 files kernel: [483212.877816] audit: type=1400 > audit(1469785325.122:21021): apparmor="ALLOWED" operation="file_inherit" > profile="/usr/bin/nginx-amplify-agent.py//null-/bin/dash" pid=18239 comm="sh" > laddr=192.168.10.3 lport=50758 faddr=54.153.70.241 fport=443 family="inet" > sock_type="stream" protocol=6 requested_mask="send receive" denied_mask="send > receive" > > === added file > 'libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.out' > --- > libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.out > 1970-01-01 00:00:00 +0000 > +++ > libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.out > 2016-07-29 21:00:03 +0000 > @@ -0,0 +1,19 @@ > +START > +File: testcase_network_send_receive.in > +Event type: AA_RECORD_ALLOWED > +Audit ID: 1469785325.122:21021 > +Operation: file_inherit > +Mask: send receive > +Denied Mask: send receive > +Profile: /usr/bin/nginx-amplify-agent.py//null-/bin/dash > +Command: sh > +PID: 18239 > +Network family: inet > +Socket type: stream > +Protocol: tcp > +Local addr: 192.168.10.3 > +Foreign addr: 54.153.70.241 > +Local port: 50758 > +Foreign port: 443 > +Epoch: 1469785325 > +Audit subid: 21021 > > > > > Regards, > > Christian Boltz > > >
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
