get_app_pkg_name() parses the value of /proc/self/attr/current to determine the value to use for the cache directory, but it has an off by one error as seen with this apparmor denial:
Oct 4 14:47:00 localhost kernel: [ 2456.617111] type=1400 audit(1380916020.878:369): apparmor="DENIED" operation="mkdir" parent=3324 profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" name="/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo/" pid=15749 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
The app's apparmor label is "net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6" so it should use:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos
however is actually uses:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo
This can perhaps be seen more clearly with the attached test program. Steps to reproduce:
$ cat > /tmp/bug.profile <<EOM
#include <tunables/global>
profile test_me {
file,
}
EOM
$ sudo apparmor_parser -r /tmp/bug.profile
$ g++ /tmp/bug.cpp -o /tmp/bug
$ aa-exec -p test_me -- /tmp/bug
/proc/self/attr/current=test_me (enforce)
app_pkg_name=tes
$
get_app_pkg_name() parses the value of /proc/self/ attr/current to determine the value to use for the cache directory, but it has an off by one error as seen with this apparmor denial: 0.878:369) : apparmor="DENIED" operation="mkdir" parent=3324 profile= "net.launchpad. ubuntu- security. ubuntu- sdk-1310- api-demos_ ubuntu- sdk-1310- api-demos_ 0.6" name="/ home/jamie/ .cache/ net.launchpad. ubuntu- security. ubuntu- sdk-1310- api-demo/ " pid=15749 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Oct 4 14:47:00 localhost kernel: [ 2456.617111] type=1400 audit(138091602
The app's apparmor label is "net.launchpad. ubuntu- security. ubuntu- sdk-1310- api-demos_ ubuntu- sdk-1310- api-demos_ 0.6" so it should use: .cache/ net.launchpad. ubuntu- security. ubuntu- sdk-1310- api-demos
/home/jamie/
however is actually uses: .cache/ net.launchpad. ubuntu- security. ubuntu- sdk-1310- api-demo
/home/jamie/
This can perhaps be seen more clearly with the attached test program. Steps to reproduce: attr/current= test_me (enforce)
$ cat > /tmp/bug.profile <<EOM
#include <tunables/global>
profile test_me {
file,
}
EOM
$ sudo apparmor_parser -r /tmp/bug.profile
$ g++ /tmp/bug.cpp -o /tmp/bug
$ aa-exec -p test_me -- /tmp/bug
/proc/self/
app_pkg_name=tes
$