a535402f17
Accepted submit request 59064 from user jeff_mahoney OBS-URL: https://build.opensuse.org/request/show/59064 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=5
38 lines
1.5 KiB
Plaintext
38 lines
1.5 KiB
Plaintext
From: Jeff Mahoney <jeffm@suse.com>
|
|
Subject: apparmor: Subdomain.pm: Fix handling of audits of unconfined processes
|
|
|
|
The version of AppArmor that was accepted into the mainline kernel
|
|
issues audit events for things like change_hat while unconfined.
|
|
Previous versions just returned -EPERM without the audit.
|
|
|
|
This results in logprof and friends spewing uninitialized value errors
|
|
when it hits events like:
|
|
type=AVC msg=audit(1291742101.899:220): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=28005 comm="cron
|
|
|
|
... which happen any time an unconfined process does something with pam
|
|
when pam_apparmor is installed.
|
|
|
|
This patch skips those events.
|
|
|
|
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
|
---
|
|
utils/SubDomain.pm | 20 ++++++++++++++++----
|
|
1 file changed, 16 insertions(+), 4 deletions(-)
|
|
|
|
--- a/utils/SubDomain.pm
|
|
+++ b/utils/SubDomain.pm
|
|
@@ -2735,6 +2735,13 @@ sub add_event_to_tree ($) {
|
|
return if ($e->{operation} =~ /profile_set/);
|
|
|
|
my ($profile, $hat);
|
|
+
|
|
+ # The version of AppArmor that was accepted into the mainline kernel
|
|
+ # issues audit events for things like change_hat while unconfined.
|
|
+ # Previous versions just returned -EPERM without the audit so the
|
|
+ # events wouldn't have been picked up here.
|
|
+ return if (!$e->{profile});
|
|
+
|
|
# just convert new null profile style names to old before we begin processing
|
|
# profile and name can contain multiple layers of null- but all we care about
|
|
# currently is single level.
|