no logging with Cx|cx to non-existent subprofile
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
If I create the following rule:
<path> Cx -> <subprofile>,
apparmor_parser does not complain if '<subprofile>' does not exist and the kernel doesn't log that there was a problem transitioning.
This has happened when profiling in Ubuntu when using the 'sanitized_helper' but forgetting to '#include <abstractions/
$ cat /tmp/foo
#!/bin/sh
echo foo
/tmp/bar
$ cat /tmp/bar
#!/bin/sh
echo bar
head -1 /etc/hosts
$ cat /tmp/test.profile
#include <tunables/global>
/tmp/foo {
#include <abstractions/base>
#include <abstractions/bash>
/tmp/foo r,
/tmp/bar Cxr -> bar,
}
profile bar {
#include <abstractions/base>
#include <abstractions/bash>
/bin/dash r,
/tmp/bar r,
/usr/bin/head ixr,
/etc/hosts r,
}
Loading the above profile and executing /tmp/foo results in:
$ /tmp/foo
foo
bar
head: cannot open `/etc/hosts' for reading: Permission denied
This happens because 'foo' can't transition to 'bar' because 'bar' is not a subprofile of 'foo'. There is no kernel message and apparmor_parser also did not catch the profiling error. Depending on how the profiled applications are written, there may or may not be useful debugging information when profiling.
| John Johansen (jjohansen) wrote | #1 |
| Changed in apparmor (Ubuntu): | |
| status: | New → Confirmed |
| John Johansen (jjohansen) wrote | #2 |
| Jamie Strandboge (jdstrand) wrote | #3 |
There is a 64 bit quantal test kernel located at
http://