On Sun, Jun 5, 2016 at 7:17 PM, Christian Boltz <[email protected]> wrote: > Hello, > > $subject. > > Also add a testcase to libapparmor's log collection > > > I propose this patch for trunk, 2.10 and 2.9 > > > [ 01-logparser-chown.diff ] > > --- utils/apparmor/logparser.py 2016-06-01 22:36:33.948597566 +0200 > +++ utils/apparmor/logparser.py 2016-06-05 15:39:16.365476108 +0200 > @@ -296,7 +296,7 @@ > self.debug_logger.debug('parse_event_for_tree: dropped exec > event in %s' % e['profile']) > > elif ( e['operation'].startswith('file_') or > e['operation'].startswith('inode_') or > - e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', > 'chmod', 'rename_src', > + e['operation'] in ['open', 'truncate', 'mkdir', 'mknod', > 'chmod', 'chown', 'rename_src', > 'rename_dest', 'unlink', 'rmdir', > 'symlink_create', 'link', > 'sysctl', 'getattr', 'setattr', 'xattr'] ): > > === added file 'libraries/libapparmor/testsuite/test_multi/file_chown.err' > === added file 'libraries/libapparmor/testsuite/test_multi/file_chown.in' > --- libraries/libapparmor/testsuite/test_multi/file_chown.in 1970-01-01 > 00:00:00 +0000 > +++ libraries/libapparmor/testsuite/test_multi/file_chown.in 2016-06-05 > 13:41:02 +0000 > @@ -0,0 +1,1 @@ > +type=AVC msg=audit(1465133533.431:728): apparmor="DENIED" operation="chown" > profile="/usr/sbin/cupsd" name="/run/cups/certs/" pid=8515 comm="cupsd" > requested_mask="w" denied_mask="w" fsuid=0 ouid=4 > > === added file 'libraries/libapparmor/testsuite/test_multi/file_chown.out' > --- libraries/libapparmor/testsuite/test_multi/file_chown.out 1970-01-01 > 00:00:00 +0000 > +++ libraries/libapparmor/testsuite/test_multi/file_chown.out 2016-06-05 > 13:41:11 +0000 > @@ -0,0 +1,15 @@ > +START > +File: file_chown.in > +Event type: AA_RECORD_DENIED > +Audit ID: 1465133533.431:728 > +Operation: chown > +Mask: w > +Denied Mask: w > +fsuid: 0 > +ouid: 4 > +Profile: /usr/sbin/cupsd > +Name: /run/cups/certs/ > +Command: cupsd > +PID: 8515 > +Epoch: 1465133533 > +Audit subid: 728 > > lgtm.
Acked-by: Kshitij Gupta <[email protected]> > > Regards, > > Christian Boltz > -- >> The wiki is as much yours as it is ours, and if you think that >> someone deserves recognition by naming them, you don't need >> anybody's permission. > Then I must put my thanks to Bill Gates somewhere. he made me use > Linux. :-) [> Peter Flodin and houghi in opensuse-wiki] > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor > -- Regards, Kshitij Gupta -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
