[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
** This bug is no longer a duplicate of bug 1522938 unix rules not written to profile -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
*** This bug is a duplicate of bug 1522938 *** https://bugs.launchpad.net/bugs/1522938 ** This bug has been marked a duplicate of bug 1522938 unix rules not written to profile -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
*** This bug is a duplicate of bug 1522938 *** https://bugs.launchpad.net/bugs/1522938 ** Changed in: apparmor (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
Well, maybe things are even more interesting: - the log message doesn't specify the len, so a socket name ending with \0 _will_ cause trouble - for some reason, the log line above gets parsed as AA_RECORD_INVALID: START File: testcase_syslog_unix_01.in Event type: AA_RECORD_INVALID Audit ID: 1450687759.549:3582 Operation: connect Mask: send receive connect Denied Mask: send connect Profile: /usr/sbin/cupsd Command: cupsd PID: 6049 Network family: unix Socket type: stream Protocol: ip Epoch: 1450687759 Audit subid: 3582 - the peer address isn't included in the parsed log - but that might be a side effect and/or reason for AA_RECORD_INVALID -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
The zeros are probably intentional; the name of abstract unix sockets allows ascii NULs, and they may or may not be relevant based on the address length as reported in the C APIs. It's a terrible interface all around.. (and now that I just now realize that a unix socket with name @00...00 len=2 is different from unix socket with name @00...00 len=4 I wonder what breaks if these two are actually used somewhere. Hmm.) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
I will :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
Loosing unix rules is already fixed in bzr (trunk r3310, 2.10 branch r3292, 2.9 branch r2981) since a week, see bug 1522938. BTW: Given how many issues you find, maybe you should switch to bzr trunk? ;-) ** Also affects: apparmor Importance: Undecided Status: New ** Tags added: aa-tools -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in AppArmor: New Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1528778] Re: aa-logprof doesn't support unix rules/events
Yup, aa-logprof doesn't recognize unix rules and events. If I add manually this rules, after next aa-logprof running and answering questions, all added unix rules are deleted from profile files. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events Status in apparmor package in Ubuntu: New Bug description: aa-logprof ignores denied messages in kern.log. Logs sended to apparmor [at] cboltz.de. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: apparmor 2.10-0ubuntu6 ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6 Uname: Linux 4.2.0-21-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Dec 23 09:22:44 2015 InstallationDate: Installed on 2014-04-19 (612 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528778/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
