[apparmor] [Bug 897957] Re: aa-genprof/logprof don't recognize encoded profile names

John Johansen john.johansen at canonical.com
Wed Nov 30 18:00:33 UTC 2011 

More example entries

Nov 29 17:01:52 ortho kernel: [289763.841084] type=1400
audit(1322614912.304:851): apparmor="ALLOWED" operation="open"
parent=16001 profile=74657374207370616365 name="/etc/ld.so.cache"
pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Nov 29 17:01:52 ortho kernel: [289763.842579] type=1400
audit(1322614912.304:855): apparmor="ALLOWED" operation="file_mmap"
parent=16001 profile=74657374207370616365 name="/lib/libncurses.so.5.9"
pid=17011 comm="bash" requested_mask="mr" denied_mask="mr" fsuid=0
ouid=0

Nov 29 17:01:58 ortho kernel: [289769.829897] type=1400
audit(1322614918.292:4376): apparmor="ALLOWED" operation="file_perm"
parent=16001 profile=74657374207370616365 name="/home/jj/.bash_history"
pid=17011 comm="bash" requested_mask="w" denied_mask="w" fsuid=0
ouid=1000

Nov 29 17:01:58 ortho kernel: [289769.830284] type=1400
audit(1322614918.292:4380): apparmor="ALLOWED" operation="truncate"
parent=16001 profile=74657374207370616365 name="/home/jj/.bash_history"
pid=17011 comm="bash" requested_mask="w" den

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/897957

Title:
  aa-genprof/logprof don't recognize encoded profile names

Status in AppArmor Linux application security framework:
  New

Bug description:
  When a profile name contains spaces or none printable characters, it
  gets encoded when logged.

  eg.
  [289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  which can be decoded with aa-decode
    > aa-decode 74657374207370616365
    Decoded: test space

  however aa-logprof and aa-genprof do no recognize encoded profile
  names and skip log entries containing them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/897957/+subscriptions

More information about the AppArmor mailing list