[Bug 872446] Re: aa-logprof should detect denials as well as complaints

[Steve Beattie]

Jamie, can you describe how you hit this, as I'm unable to reproduce it.
In the example below auditd is not running:

$ cat tmp/my.sh
#!/bin/sh

cat "$@" > /dev/null

$ cat /etc/apparmor.d/home.ubuntu.tmp.my.sh
# Last Modified: Mon Mar 26 10:59:48 2012
#include <tunables/global>

/home/ubuntu/tmp/my.sh {
  #include <abstractions/base>

  /bin/cat rix,
  /bin/dash ix,
  /home/ubuntu/tmp/my.sh r,
}

$ sudo aa-status | grep my.sh
   /home/ubuntu/tmp/my.sh
   /home/ubuntu/tmp/my.sh//null-f

$ tmp/my.sh /etc/fstab
cat: /etc/fstab: Permission denied

$ sudo aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:

Profile:  /home/ubuntu/tmp/my.sh
Path:     /etc/fstab
Mode:     r
Severity: 3

  1 - #include <abstractions/evince>
 [2 - /etc/fstab]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/fstab r to profile.

Profile:  /home/ubuntu/tmp/my.sh
Path:     /etc/resolv.conf
Mode:     r
Severity: 2

  1 - #include <abstractions/nameservice>
 [2 - /etc/resolv.conf]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish
/ (O)pts

Profile:  /home/ubuntu/tmp/my.sh
Path:     /etc/resolv.conf
Mode:     r
Severity: 2

  1 - #include <abstractions/nameservice>
 [2 - /etc/resolv.conf]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/resolv.conf r to profile.

= Changed Local Profiles =

The following local profiles were changed.  Would you like to save them?

 [1 - /home/ubuntu/tmp/my.sh]

(S)ave Changes / [(V)iew Changes] / Abo(r)t

= Changed Local Profiles =

The following local profiles were changed.  Would you like to save them?

 [1 - /home/ubuntu/tmp/my.sh]

(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /home/ubuntu/tmp/my.sh.

$ cat /etc/apparmor.d/home.ubuntu.tmp.my.sh
# Last Modified: Mon Mar 26 11:04:45 2012
#include <tunables/global>

/home/ubuntu/tmp/my.sh {
  #include <abstractions/base>


  /bin/cat rix,
  /bin/dash ix,
  /etc/fstab r,
  /etc/resolv.conf r,
  /home/ubuntu/tmp/my.sh r,

}

(note that resolv.conf access rejection was from a prior run of my.sh)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/872446

Title:
  aa-logprof should detect denials as well as complaints

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/872446/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs