aa-genprof/logprof don't recognize encoded profile names
Bug #897957 reported by
John Johansen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Low
|
Unassigned |
Bug Description
When a profile name contains spaces or none printable characters, it gets encoded when logged.
eg.
[289763.843292] type=1400 audit(132261491
which can be decoded with aa-decode
> aa-decode 746573742073706
Decoded: test space
however aa-logprof and aa-genprof do no recognize encoded profile names and skip log entries containing them.
Changed in apparmor: | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: | added: aa-tools |
Changed in apparmor: | |
importance: | Medium → Low |
To post a comment you must log in.
More example entries
Nov 29 17:01:52 ortho kernel: [289763.841084] type=1400 audit(132261491 2.304:851) : apparmor="ALLOWED" operation="open" parent=16001 profile= 746573742073706 16365 name="/ etc/ld. so.cache" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 29 17:01:52 ortho kernel: [289763.842579] type=1400 audit(132261491 2.304:855) : apparmor="ALLOWED" operation= "file_mmap" parent=16001 profile= 746573742073706 16365 name="/ lib/libncurses. so.5.9" pid=17011 comm="bash" requested_mask="mr" denied_mask="mr" fsuid=0 ouid=0
Nov 29 17:01:58 ortho kernel: [289769.829897] type=1400 audit(132261491 8.292:4376) : apparmor="ALLOWED" operation= "file_perm" parent=16001 profile= 746573742073706 16365 name="/ home/jj/ .bash_history" pid=17011 comm="bash" requested_mask="w" denied_mask="w" fsuid=0 ouid=1000
Nov 29 17:01:58 ortho kernel: [289769.830284] type=1400 audit(132261491 8.292:4380) : apparmor="ALLOWED" operation= "truncate" parent=16001 profile= 746573742073706 16365 name="/ home/jj/ .bash_history" pid=17011 comm="bash" requested_mask="w" den