AF_TIPC not supported by parser when it is in the kernel

Bug #732837 reported by Jamie Strandboge on 2011-03-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned
2.6
Medium
Unassigned

Bug Description

If in python I do something like:
s = socket.socket(socket.AF_TIPC, socket.SOCK_RDM, 0)

I see this in the audit log:
type=AVC msg=audit(1299788719.107:159859): apparmor="DENIED" operation="create" parent=17142 profile="/home/jamie/tmp/test-net.py" pid=17143 comm="test-net.py" family="tipc" sock_type="rdm" protocol=0

If I then try to add rules for this in my profile:
  network tipc,
  network rdm,

I get:
$ sudo apparmor_parser -r -T -W /etc/apparmor.d/home.jamie.tmp.test-net.py
AppArmor parser error for /etc/apparmor.d/home.jamie.tmp.test-net.py in /etc/apparmor.d/home.jamie.tmp.test-net.py at line 39: Invalid network entry.

Leaving out the 'network tipc,' rule, but leaving 'rdm', the parser is ok, but I still get denials:
type=AVC msg=audit(1299789277.284:159863): apparmor="DENIED" operation="create" parent=17339 profile="/home/jamie/tmp/test-net.py" pid=17340 comm="test-net.py" family="tipc" sock_type="rdm" protocol=0

Jamie Strandboge (jdstrand) wrote :

FYI, this also fails:
s = socket.socket(socket.AF_TIPC, socket.SOCK_SEQPACKET, 0)

John Johansen (jjohansen) wrote :

There were several families being screened out because they caused build failures under previous releases. This is no longer the case and I have attached a proposed patch

Steve Beattie (sbeattie) wrote :

Fix committed to trunk and to the apparmor-2.6 branch.

Changed in apparmor:
status: New → Fix Released
Steve Beattie (sbeattie) wrote :

AppArmor 2.6.1 was released.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Patches