[Touch-packages] [Bug 1511791] Re: dbus rule regression with wpa supplicant profile

Thu, 12 Nov 2015 19:01:22 -0800 

I de-compiled the dfa (attached), and as expected the walk matches up
with apparmor_parser -D dfa-states

The specific deny message when walked ends in state 21, which has the
correct rw permissions associated. If the query has a trailing \0 the
dfa will transition into the non-match state.

Important states to note from the walk:
{0} non-matching state
{1} start
{7} start of system/session dbus match
{48} start of name match
{54} start of peer match
{61} start of path match
{194} start of iface match
{21} start & finish of member/method match


** Attachment added: "Decompile dump of loaded dfa"
   
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1511791/+attachment/4517923/+files/wpa-dfa.txt

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1511791

Title:
  dbus rule regression with wpa supplicant profile

Status in apparmor package in Ubuntu:
  New

Bug description:
  I'm running wpa-supplicant with the following profile in complain
  mode:

   http://paste.ubuntu.com/13011146/

  After upgrading from vivid to wiley I get lots of notifications like
  this in syslog:

  [256841.262100] audit: type=1107 audit(1446223151.195:18142): pid=822
  uid=103 auid=4294967295 ses=4294967295 msg='apparmor="ALLOWED"
  operation="dbus_method_call"  bus="system"
  path="/fi/w1/wpa_supplicant1/Interfaces/19/BSSs/3103"
  interface="org.freedesktop.DBus.Properties" member="GetAll"
  name=":1.259" mask="receive" pid=1287 label="/sbin/wpa_supplicant"
  peer_pid=10013 peer_label="unconfined" exe="/usr/bin/dbus-daemon"
  sauid=103 hostname=? addr=? terminal=?'

  However, AFAICS, this should (and was in vivid) match lines 32-34 of
  the profile and shouldn't cause a log entry.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1511791/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to