Jamie, can you describe how you hit this, as I'm unable to reproduce it.
In the example below auditd is not running:
$ cat tmp/my.sh
#!/bin/sh
cat "$@" > /dev/null
$ cat /etc/apparmor.d/home.ubuntu.tmp.my.sh
# Last Modified: Mon Mar 26 10:59:48 2012
#include <tunables/global>
/home/ubuntu/tmp/my.sh {
#include <abstractions/base>
/bin/cat rix,
/bin/dash ix,
/home/ubuntu/tmp/my.sh r,
}
$ sudo aa-status | grep my.sh
/home/ubuntu/tmp/my.sh
/home/ubuntu/tmp/my.sh//null-f
$ tmp/my.sh /etc/fstab
cat: /etc/fstab: Permission denied
$ sudo aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:
Profile: /home/ubuntu/tmp/my.sh
Path: /etc/fstab
Mode: r
Severity: 3
1 - #include <abstractions/evince>
[2 - /etc/fstab]
(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/fstab r to profile.
Profile: /home/ubuntu/tmp/my.sh
Path: /etc/resolv.conf
Mode: r
Severity: 2
1 - #include <abstractions/nameservice>
[2 - /etc/resolv.conf]
(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish
/ (O)pts
Profile: /home/ubuntu/tmp/my.sh
Path: /etc/resolv.conf
Mode: r
Severity: 2
1 - #include <abstractions/nameservice>
[2 - /etc/resolv.conf]
(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/resolv.conf r to profile.
= Changed Local Profiles =
The following local profiles were changed. Would you like to save them?
[1 - /home/ubuntu/tmp/my.sh]
(S)ave Changes / [(V)iew Changes] / Abo(r)t
= Changed Local Profiles =
The following local profiles were changed. Would you like to save them?
[1 - /home/ubuntu/tmp/my.sh]
(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /home/ubuntu/tmp/my.sh.
$ cat /etc/apparmor.d/home.ubuntu.tmp.my.sh
# Last Modified: Mon Mar 26 11:04:45 2012
#include <tunables/global>
/home/ubuntu/tmp/my.sh {
#include <abstractions/base>
/bin/cat rix,
/bin/dash ix,
/etc/fstab r,
/etc/resolv.conf r,
/home/ubuntu/tmp/my.sh r,
}
(note that resolv.conf access rejection was from a prior run of my.sh)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/872446
Title:
aa-logprof should detect denials as well as complaints
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/872446/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
