logprof and genprof don't detect socket events
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Fix Released
|
Undecided
|
Unassigned | ||
| 2.5 |
Fix Released
|
High
|
Unassigned | ||
Bug Description
The version of AppArmor that was accepted upstream initially had network mediation but it was removed. There's a compatibility patch floating around that (at least) openSUSE and Ubuntu have applied to their kernel trees to re-add support for socket operations.
This works to allow the profiles to be honored in the kernel, but one step was overlooked. Somewhere during the upstream acceptance phase, the naming of the socket event operations was changed to drop the socket_ prefix. This doesn't have any effect on network mediation or security but does mean that logprof and genprof stopped recognizing networking events and could not suggest them during their runs.
The attached patch adds an operation type hash that can be used to replace the simple /socket_/ checks that were used previously to identify a a network operation. My testing shows that it is properly detecting networking events again.
Related branches
| Jeff Mahoney (jeffm-jeffreymahoney) wrote | #1 |
| Jeff Mahoney (jeffm-jeffreymahoney) wrote | #2 |
| Steve Beattie (sbeattie) wrote | #3 |
| Changed in apparmor: | |
| status: | New → Fix Released |
| Steve Beattie (sbeattie) wrote | #4 |
This issue was initially reported at https:/