AppArmor

Bug #1014304
Comment #7

Comment 7 for bug 1014304

Revision history for this message

Christian Boltz (cboltz) wrote on 2014-06-09: Re: genprof misses some permissions

Patch for comment #5 / #6 commited to bzr r2526.

After this is fixed, I can reproduce the problem with the python tools too.

However it looks like aa-logprof is the broken part - it seems to assign events for the null-xx subprofiles to the main profile instead of a) assigning them to the right subprofile or at least b) dropping them as "unknown null-xx subprofile" :-(

# python3 aa-logprof
Reading log entries from /var/log/audit/audit.log.
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:

Profile: /home/cb/linuxtag/apparmor/scripts/hello
Path: /home/sys-tmp/hello.txt
Old Mode: w
New Mode: rw (owner permissions off)
Severity: 6

1 - /home/sys-tmp/hello.txt
[2 - /home/*/hello.txt]
[(A)llow] / (D)eny / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Abo(r)t / (F)inish / (M)ore

# grep hello.txt /var/log/audit/audit.log
type=AVC msg=audit(1402352804.785:2172): apparmor="ALLOWED" operation="mknod" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/home/sys-tmp/hello.txt" pid=20095 comm="hello" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.785:2172): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/home/sys-tmp/hello.txt" pid=20095 comm="hello" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.787:2210): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-15" name="/home/sys-tmp/hello.txt" pid=20096 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.787:2211): apparmor="ALLOWED" operation="getattr" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-15" name="/home/sys-tmp/hello.txt" pid=20096 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.789:2248): apparmor="ALLOWED" operation="getattr" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-16" name="/home/sys-tmp/hello.txt" pid=20097 comm="rm" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.789:2249): apparmor="ALLOWED" operation="getattr" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-16" name="/home/sys-tmp/hello.txt" pid=20097 comm="rm" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.789:2250): apparmor="ALLOWED" operation="unlink" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-16" name="/home/sys-tmp/hello.txt" pid=20097 comm="rm" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000

Patch for comment #5 / #6 commited to bzr r2526.

After this is fixed, I can reproduce the problem with the python tools too.

# python3 aa-logprof
Reading log entries from /var/log/audit/audit.log.
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:
 
Profile:  /home/cb/linuxtag/apparmor/scripts/hello
Path:     /home/sys-tmp/hello.txt
Old Mode: w
New Mode: rw     (owner permissions off)
Severity: 6
 
  1 - /home/sys-tmp/hello.txt
 [2 - /home/*/hello.txt]
[(A)llow] / (D)eny / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Abo(r)t / (F)inish / (M)ore
 
 
# grep hello.txt /var/log/audit/audit.log
type=AVC msg=audit(1402352804.785:2172): apparmor="ALLOWED" operation="mknod" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/home/sys-tmp/hello.txt" pid=20095 comm="hello" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.785:2172): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/home/sys-tmp/hello.txt" pid=20095 comm="hello" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.787:2210): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-15" name="/home/sys-tmp/hello.txt" pid=20096 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.787:2211): apparmor="ALLOWED" operation="getattr" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-15" name="/home/sys-tmp/hello.txt" pid=20096 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.789:2248): apparmor="ALLOWED" operation="getattr" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-16" name="/home/sys-tmp/hello.txt" pid=20097 comm="rm" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.789:2249): apparmor="ALLOWED" operation="getattr" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-16" name="/home/sys-tmp/hello.txt" pid=20097 comm="rm" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(1402352804.789:2250): apparmor="ALLOWED" operation="unlink" profile="/home/cb/linuxtag/apparmor/scripts/hello//null-16" name="/home/sys-tmp/hello.txt" pid=20097 comm="rm" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000