not really, comm= added by the audit subsystem and is set by the thread the check is being done in, in kernel context. Both the send and receive check are being done in the same place so comm= will not change. We are not in control of this so there is little we can do about it.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1317555 Title: 'signal peer=@{profile_name},' does not work as expected when in a profile using a regex match as a name Status in AppArmor Linux application security framework: Triaged Status in apparmor package in Ubuntu: Triaged Bug description: Kees Cook reported signal mediation issues stemming from the 'signal peer=@{profile_name},' rule in the base abstraction. It does not work as expected when @{profile_name} contains a regex match. If an application confined with a profile that uses a regex match as the name attempts to signal itself, the signal is denied. Here's a simple reproducer: # Set up the test environment $ mkdir /tmp/test $ cd /tmp/test $ cp -a /bin/kill . $ cp -a /bin/sleep . # Run the unconfined test to verify that it works (it does) $ /tmp/test/sleep 30s & [2] 31464 $ /tmp/test/kill -USR1 $! [2]+ User defined signal 1 /tmp/test/sleep 30s # Create and load the AppArmor profile $ cat << EOF > profile #include <tunables/global> /tmp/test/{kill,sleep} { #include <abstractions/base> file, } profile test { #include <abstractions/base> file, } EOF $ sudo apparmor_parser -r profile # Run the test under /tmp/test/{kill,sleep} confinement # Note that this will not work, likely due to the regex in the profile name $ /tmp/test/sleep 30s & [1] 31473 $ /tmp/test/kill -USR1 $! # Look at the new denials # Oddly, comm="kill" is in both denials, despite the denials being for send and receive masks type=AVC msg=audit(1399560667.038:720): apparmor="DENIED" operation="signal" profile="/tmp/test/{kill,sleep}" pid=31474 comm="kill" requested_mask="send" denied_mask="send" signal=usr1 peer="/tmp/test/{kill,sleep}" type=AVC msg=audit(1399560667.038:720): apparmor="DENIED" operation="signal" profile="/tmp/test/{kill,sleep}" pid=31474 comm="kill" requested_mask="receive" denied_mask="receive" signal=usr1 peer="/tmp/test/{kill,sleep}" # Run the test once more under the "test" profile (it succeeds) $ aa-exec -p test -- /tmp/test/sleep 30s & [1] 31476 $ aa-exec -p test -- /tmp/test/kill -USR1 $! [1]+ User defined signal 1 aa-exec -p test -- /tmp/test/sleep 30s To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1317555/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
