[Apparmor-general] logprof doesn't merge rwl and k rules
John Johansen
jjohansen at suse.de
Fri Sep 5 02:50:56 MDT 2008
Christian Boltz wrote:
> Hello,
>
> another issue I just found out: logprof doesn't always merge rules.
> This happens at least on rwl + k rules.
> (server running openSUSE 11.0)
>
> Using the "view changes" feature of logprof, I got the following diff:
>
> --- /tmp/YExp9qp80A 2008-09-04 20:41:35.000000000 +0200
> +++ /tmp/oECsEpwnRy 2008-09-04 20:41:35.000000000 +0200
> @@ -29,6 +29,7 @@
> capability sys_tty_config,
>
>
> +
> /bin/bash rix,
> /dev/random r,
> /etc/apache2/*.conf r,
> @@ -93,6 +94,7 @@
> /usr/share/snmp/mibs/.index rw,
> /usr/share/ssl/openssl.cnf r,
> /var/cache/php5-eaccelerator/** w,
> + owner /var/lib/php5/session_mm_* k,
> owner /var/lib/php5/session_mm_* rwl,
> /var/lock/httpd2.lock.* wl,
> /var/log/apache2/* rwl,
>
>
> IMHO the following lines
>
> + owner /var/lib/php5/session_mm_* k,
> owner /var/lib/php5/session_mm_* rwl,
>
> {c,sh}ould be merged to
>
> owner /var/lib/php5/session_mm_* krwl,
>
> Why does logprof generate an additional line instead?
>
this is a bug, I believe in the rule output code. I have squashed a few
of these lately and am working on a parser and tools update, which
should hopefully fix several problems in AppArmor 2.3 (opensuse 11.0).
john
More information about the Apparmor-general
mailing list