[Bug 340183] Re: aa-genprof creates empty profiles from /var/log/messages entries (works fine with auditd)

Wed, 11 Mar 2009 06:12:36 -0700 

I can confirm that aa-genprof is not working right.

TEST CASE:
1. create $HOME/foobar.sh:
2. sudo aa-genprof.sh $HOME/foobar.sh
3. in another window, run $HOME/foobar.sh
4. in the aa-genprof window, do (S)can -- it does not prompt. Tried (S)can 
again, still no prompt.

Here are the logs:
Mar 11 07:32:59 myhost kernel: [50805.318822] type=1505 
audit(1236774779.608:368): operation="profile_load" 
name="/home/jamie/foobar.sh" name2="default" pid=13649
Mar 11 07:33:07 myhost kernel: [50812.879558] type=1502 
audit(1236774787.169:369): operation="inode_permission" requested_mask="::r" 
denied_mask="::r" fsuid=1000 name="/bin/dash" pid=13726 
profile="/home/jamie/foobar.sh"
Mar 11 07:33:07 myhost kernel: [50812.879589] type=1502 
audit(1236774787.169:370): operation="file_mmap" requested_mask="::mr" 
denied_mask="::r" fsuid=1000 name="/bin/dash" pid=13726 
profile="/home/jamie/foobar.sh"
Mar 11 07:33:07 myhost kernel: [50812.879606] type=1502 
audit(1236774787.169:371): operation="file_mmap" requested_mask="::r" 
denied_mask="::r" fsuid=1000 name="/bin/dash" pid=13726 
profile="/home/jamie/foobar.sh"
Mar 11 07:33:07 myhost kernel: [50812.880123] type=1502 
audit(1236774787.172:372): operation="file_mprotect" requested_mask="::r" 
denied_mask="::r" fsuid=1000 name="/bin/dash" pid=13726 
profile="/home/jamie/foobar.sh"
Mar 11 07:33:07 myhost kernel: [50812.880417] type=1502 
audit(1236774787.172:373): operation="inode_permission" requested_mask="r::" 
denied_mask="r::" fsuid=1000 name="/home/jamie/foobar.sh" pid=13726 
profile="/home/jamie/foobar.sh"
Mar 11 07:33:07 myhost kernel: [50812.880817] type=1502 
audit(1236774787.172:374): operation="inode_permission" requested_mask="::x" 
denied_mask="::x" fsuid=1000 name="/bin/ls" pid=13727 
profile="/home/jamie/foobar.sh"
Mar 11 07:33:07 myhost kernel: [50812.880842] type=1504 
audit(1236774787.172:375): operation="exec" info="set profile" pid=13727 
profile="null-complain-profile"
Mar 11 07:33:07 myhost kernel: [50812.880853] type=1502 
audit(1236774787.172:376): operation="file_permission" requested_mask="::r" 
denied_mask="::r" fsuid=1000 name="/bin/ls" pid=13727 
profile="null-complain-profile"
Mar 11 07:33:07 myhost kernel: [50812.880906] type=1502 
audit(1236774787.172:377): operation="file_permission" requested_mask="::r" 
denied_mask="::r" fsuid=1000 name="/bin/ls" pid=13727 
profile="null-complain-profile"
Mar 11 07:33:18 myhost kernel: [50824.044090] __ratelimit: 4179 callbacks 
suppressed
Mar 11 07:33:18 myhost kernel: [50824.044094] type=1505 
audit(1236774798.332:1771): operation="profile_replace" 
name="/home/jamie/foobar.sh" name2="default" pid=13870

Here is the generated profile:
# Last Modified: Wed Mar 11 07:32:59 2009
#include <tunables/global>

/home/jamie/foobar.sh {
  #include <abstractions/base>

  /bin/dash ix,

}


** Changed in: apparmor (Ubuntu)
       Status: New => Confirmed

-- 
aa-genprof creates empty profiles from /var/log/messages entries (works fine 
with auditd)
https://bugs.launchpad.net/bugs/340183
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to