logparser.py parse_event_for_tree() doesn't care about owner vs. all in file events

Bug #1538340 reported by Christian Boltz on 2016-01-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

parse_event_for_tree() in logparser.py doesn't check 'fsuid' and 'ouid' for file events.

This would be needed to find out if an 'owner' rule is enough or not.

For the records:
<cboltz> so it seems fsuid is the user ID of the running process
<cboltz> and ouid is the file owner's user ID
<sarnold> the filesystem uid, which is going to be the euid most of the time but some services may make it something else still (nfsd iirc?)

Christian Boltz (cboltz) wrote :

This is fixed since a month. AppArmor 2.12 contains the fixed logparser.py.

Changed in apparmor:
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.12-4ubuntu1

---------------
apparmor (2.12-4ubuntu1) bionic; urgency=medium

  [ Tyler Hicks ]
  * Merge from Debian to get gbp-pq related packaging improvements. Thanks to
    intrigeri for making those improvements! Remaining Ubuntu changes:
    - debian/gbp.conf: Use ubuntu/master as the debian-branch
    - Update package maintainer to be Ubuntu Developers in the control file
    - Call handle_system_policy_package_updates in apparmor.init.
      This is needed for snappy and system-images. Note that this prevents
      using a remove /var.
    - Apply Ubuntu-specific patches
      + parser-include-usr-share-apparmor.patch
      + profiles-grant-access-to-systemd-resolved.patch
      + add-chromium-browser.patch
    - Install Ubuntu chromium-browser profile and abstraction
    - Feature pinning is not used in Ubuntu

  [ intrigeri ]
  * Adjust the Vcs-{Browser,Git} control fields to reflect the branch where
    the Ubuntu packaging is maintained.

apparmor (2.12-4) unstable; urgency=medium

  * Migrate patch handling to gbp-pq (Closes: #888244).
  * Merge 2.12-3ubuntu1 (dropping the Ubuntu delta):
    - upstream-commit-46f88f5-properly-identify-empty-ouid-fsuid-fields.patch:
      new patch, properly identify empty ouid/fsuid fields in logs.
    - upstream-commit-130958a-allow-shell-helper-read-locale.patch:
      new patch, allow the shell helper regression test program read
      the locale.

 -- Tyler Hicks <email address hidden> Mon, 19 Mar 2018 16:24:57 +0000

Changed in apparmor (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers