AppArmor

aa-logprof should propose profile flags

Bug #1763676 reported by Christian Boltz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Wishlist
Unassigned

Bug Description

Follow-up for https://bugzilla.opensuse.org/show_bug.cgi?id=918787

If aa-logprof finds a log line like

type=AVC msg=audit(1424425690.883:716630): apparmor="ALLOWED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/httpd2-prefork//null-4172" name="var/run/nscd/passwd" pid=25333 comm="id" requested_mask="r" denied_mask="r" fsuid=1002 ouid=0

it should propose to add the "attach_disconnected" flag to the profile.

Note: aa-logprof currently ignores such log events in logparser.py to avoid a crash.

Tags: aa-tools
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.