Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:485
apparmor.openSUSE_11.4_Update
apparmor-2.5.1-network-fixes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apparmor-2.5.1-network-fixes of Package apparmor.openSUSE_11.4_Update
From: Jeff Mahoney <jeffm@suse.com> Subject: apparmor: Fix network event parsing References: bnc#665483 The upstream version of AppArmor had network mediation but it was removed. There's a compability patch floating around that both openSUSE and Ubuntu have applied to their kernels. Unfortunately, one part was overlooked. The socket operation event names where changed from the socket_ prefixed names they had when AppArmor was out-of-tree and utils/SubDomain.pm was never updated to understand them. This patch adds an operation-type table so that the code can just do a optype($operation) call to discover what type of operation a particular name refers to. It then uses this in place of the socket_ checks to decide whether an event is a network operation. This allows genprof and logprof to work with networking rules again. Signed-off-by: Jeff Mahoney <jeffm@suse.com> --- utils/SubDomain.pm | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) --- a/utils/SubDomain.pm +++ b/utils/SubDomain.pm @@ -233,6 +233,50 @@ my %MODE_HASH = ( N => $AA_EXEC_NT, ); + +# Currently only used by netdomain but there's no reason it couldn't +# be extended to support other types. +my %operation_types = ( + + # Old socket names + "socket_create", => "net", + "socket_post_create" => "net", + "socket_bind" => "net", + "socket_connect" => "net", + "socket_listen" => "net", + "socket_accept" => "net", + "socket_sendmsg" => "net", + "socket_recvmsg" => "net", + "socket_getsockname" => "net", + "socket_getpeername" => "net", + "socket_getsockopt" => "net", + "socket_setsockopt" => "net", + "socket_shutdown" => "net", + + # New socket names + "create" => "net", + "post_create" => "net", + "bind" => "net", + "connect" => "net", + "listen" => "net", + "accept" => "net", + "sendmsg" => "net", + "recvmsg" => "net", + "getsockname" => "net", + "getpeername" => "net", + "getsockopt" => "net", + "setsockopt" => "net", + "sock_shutdown" => "net", +); + +sub optype($) { + my $op = shift; + my $type = $operation_types{$op}; + + return "unknown" if !defined($type); + return $type; +} + sub debug ($) { my $message = shift; chomp($message); @@ -2911,7 +2955,7 @@ sub add_event_to_tree ($) { } $pid{$child} = $arrayref; push @{$arrayref}, [ "fork", $child, $profile, $hat ]; - } elsif ($e->{operation} =~ m/socket_/) { + } elsif (optype($e->{operation}) eq "net") { add_to_tree( $e->{pid}, $e->{parent}, "netdomain", @@ -6620,7 +6664,7 @@ sub parse_event($) { LibAppArmor::aa_log_record::swig_magic_token_get($event); # NetDomain - if ( $ev{'operation'} && $ev{'operation'} =~ /socket/ ) { + if ( $ev{'operation'} && optype($ev{'operation'}) eq "net" ) { $ev{'family'} = LibAppArmor::aa_log_record::swig_net_family_get($event); $ev{'protocol'} =
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor