AF_TIPC not supported by parser when it is in the kernel

Bug #732837 reported by Jamie Strandboge
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

If in python I do something like:
s = socket.socket(socket.AF_TIPC, socket.SOCK_RDM, 0)

I see this in the audit log:
type=AVC msg=audit(1299788719.107:159859): apparmor="DENIED" operation="create" parent=17142 profile="/home/jamie/tmp/" pid=17143 comm="" family="tipc" sock_type="rdm" protocol=0

If I then try to add rules for this in my profile:
  network tipc,
  network rdm,

I get:
$ sudo apparmor_parser -r -T -W /etc/apparmor.d/
AppArmor parser error for /etc/apparmor.d/ in /etc/apparmor.d/ at line 39: Invalid network entry.

Leaving out the 'network tipc,' rule, but leaving 'rdm', the parser is ok, but I still get denials:
type=AVC msg=audit(1299789277.284:159863): apparmor="DENIED" operation="create" parent=17339 profile="/home/jamie/tmp/" pid=17340 comm="" family="tipc" sock_type="rdm" protocol=0

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, this also fails:
s = socket.socket(socket.AF_TIPC, socket.SOCK_SEQPACKET, 0)

Revision history for this message
John Johansen (jjohansen) wrote :

There were several families being screened out because they caused build failures under previous releases. This is no longer the case and I have attached a proposed patch

Revision history for this message
Steve Beattie (sbeattie) wrote :

Fix committed to trunk and to the apparmor-2.6 branch.

Changed in apparmor:
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

AppArmor 2.6.1 was released.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers