felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(aa-log): handle owner rule even if thhe log is not complete.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-25 20:32:13 +00:00
parent d8d15c8a35
commit 5d40cc1166
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pkg/aa/rules.go
View file

@ -39,9 +39,8 @@ func NewQualifierFromLog(log map[string]string) Qualifier {
owner := false owner := false
fsuid, hasFsUID := log["fsuid"] fsuid, hasFsUID := log["fsuid"]
ouid, hasOuUID := log["ouid"] ouid, hasOuUID := log["ouid"]
OUID, hasOUID := log["OUID"]
isDbus := strings.Contains(log["operation"], "dbus") isDbus := strings.Contains(log["operation"], "dbus")
if hasFsUID && hasOuUID && hasOUID && fsuid == ouid && OUID != "root" && !isDbus { if hasFsUID && hasOuUID && fsuid == ouid && ouid != "0" && !isDbus {
owner = true owner = true
} }