Prevent crash on log entries for non-existing profile (!919) · Merge requests · AppArmor / apparmor

Christian Boltz requested to merge cboltz/apparmor:cboltz-no-such-profile into master Aug 29, 2022

If audit.log contains entries for a profile that doesn't exist (for example when working with a log file from another system), skip these log entries instead of crashing.

Reproducer (crashes without this patch):

aa-logprof -f <(echo 'type=AVC msg=audit(1661739121.578:77893): apparmor="DENIED" operation="open" profile="no_such_profile" name="/run/" pid=33099 comm="no" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0')

I propose this patch for 3.1 and master. (3.0 and older are not affected and do not need this fix.)

Prevent crash on log entries for non-existing profile

Merge request reports