AppArmor无内核及系统日志的问题及解决
在AppArmor中,正常情况下,一旦违反了规则,是能够在内核及系统日志中看到相关信息的。比如:在Ubuntu下正常产生的日志信息(示例)如下:
kernel: [140321.028000] audit(1191433716.584:1578): type=1502 operation=”inode_create” requested_mask=”w” denied_mask=”w” name=”/home/n1/Desktop/abc” pid=4864 profile=”/home/n1/Desktop/testapp”
kernel: [140362.236000] audit(1191433758.086:1579): type=1502 operation=”inode_permission” requested_mask=”r” denied_mask=”r” name=”/home/n1/Desktop/abcd” pid=4877 profile=”/home/n1/Desktop/testapp”根据以上日志信息,定位到产生此日志的内核代码是security/apparmor/audit.c中的audit_pre函数。audit_pre函数在<linux内核源码根目录>/security/apparmor/audit.c中,代码如下:
/*** audit_base - core AppArmor function.* @ab: audit buffer to fill (NOT NULL)* @ca: audit structure containing data to audit (NOT NULL)** Record common AppArmor audit data from @sa*/
static void audit_pre(struct audit_buffer *ab, void *ca)
{struct common_audit_data *sa = ca;if (aa_g_audit_header) {audit_log_format(ab, "apparmor=\"%s\"",aa_audit_type[aad(sa)->type]);}if (aad(sa)->op) {audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);}if (aad(sa)->info) {audit_log_format(ab, " info=\"%s\"", aad(sa)->info);if (aad(sa)->error)audit_log_format(ab, " error=%d", aad(sa)->error);}if (aad(sa)->label) {struct aa_label *label = aad(sa)->label;if (label_isprofile(label)) {struct aa_profile *profile = labels_profile(label);if (profile->ns != root_ns) {audit_log_format(ab, " namespace=");audit_log_untrustedstring(ab,profile->ns->base.hname);}audit_log_format(ab, " profile=");audit_log_untrustedstring(ab, profile->base.hname);} else {audit_log_format(ab, " label=");aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,GFP_ATOMIC);}}if (aad(sa)->name) {audit_log_format(ab, " name=");audit_log_untrustedstring(ab, aad(sa)->name);}
}
而audit_pre函数是在同文件中的aa_audit_msg函数中被调用的,该函数代码如下:
/*** aa_audit_msg - Log a message to the audit subsystem* @sa: audit event structure (NOT NULL)* @cb: optional callback fn for type specific fields (MAYBE NULL)*/
void aa_audit_msg(int type, struct common_audit_data *sa,void (*cb) (struct audit_buffer *, void *))
{aad(sa)->type = type;common_lsm_audit(sa, audit_pre, cb);
}common_lsm_audit函数在security/lsm_audit.c中实现,代码如下:
/*** common_lsm_audit - generic LSM auditing function* @a: auxiliary audit data* @pre_audit: lsm-specific pre-audit callback* @post_audit: lsm-specific post-audit callback** setup the audit buffer for common security information* uses callback to print LSM specific information*/
void common_lsm_audit(struct common_audit_data *a,void (*pre_audit)(struct audit_buffer *, void *),void (*post_audit)(struct audit_buffer *, void *))
{struct audit_buffer *ab;if (a == NULL)return;/* we use GFP_ATOMIC so we won't sleep */ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,AUDIT_AVC);if (ab == NULL)return;if (pre_audit)pre_audit(ab, a);dump_common_audit_data(ab, a);if (post_audit)post_audit(ab, a);audit_log_end(ab);
}
在此函数开头处加入打印语句,如:printk(KERN_ERR "daozhelilema? phph?");,观察/var/log/kern.log或/var/log/syslog文件,看是否出现此打印信息。
重新编译内核并烧录及重启后,重新通过sudo aa-genprof test_app生成规则文件。然后再次执行./test_app abc,同时通过tail -f /var/log/kern.log看是否有打印。
/var/log/kern.log中最终出现以下打印:
Apr 27 14:45:55 Ding-Perlis-MP260S48 kernel: [ 645.816085] daozhelilema? phph?说明能够到common_lsm_audit函数。
在此函数中继续添加更多打印,观察是否能够进入common_lsm_audit函数中的pre_audit即实际的audit_pre函数。加入更多打印后的comon_lsm_audit函数代码如下:
void common_lsm_audit(struct common_audit_data *a,void (*pre_audit)(struct audit_buffer *, void *),void (*post_audit)(struct audit_buffer *, void *))
{struct audit_buffer *ab;
printk(KERN_ERR "daozhelilema? phph?");if (a == NULL)return;/* we use GFP_ATOMIC so we won't sleep */ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,AUDIT_AVC);
printk(KERN_ERR "daozhelilema2? phph?");if (ab == NULL)return;
printk(KERN_ERR "daozhelilema3? phph?");if (pre_audit){printk(KERN_ERR "daozhelilema4? phph?");pre_audit(ab, a);}dump_common_audit_data(ab, a);if (post_audit)post_audit(ab, a);audit_log_end(ab);
}重复前述步骤,最终看到/var/log/kern.log出现如下打印:
Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [ 179.266281] daozhelilema? phph?
Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [ 179.266288] daozhelilema2? phph?
Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [ 179.266290] daozhelilema3? phph?
Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [ 179.26630] daozhelilema4? phph?再次深入跟进,这一次连同security/apparmor/audit.c中的audit_pre函数一起加上打印,代码如下所示:
static void audit_pre(struct audit_buffer *ab, void *ca)
{struct common_audit_data *sa = ca;
printk(KERN_ERR "daozhelilema11? phph?\n");if (aa_g_audit_header) {printk(KERN_ERR "daozhelilema22? phph?\n");audit_log_format(ab, "apparmor=\"%s\"",aa_audit_type[aad(sa)->type]);}
printk(KERN_ERR "daozhelilema33? phph?\n");if (aad(sa)->op) {printk(KERN_ERR "daozhelilema44? phph?\n");audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);}
printk(KERN_ERR "daozhelilema55? phph?\n");if (aad(sa)->info) {printk(KERN_ERR "daozhelilema66? phph?\n");audit_log_format(ab, " info=\"%s\"", aad(sa)->info);if (aad(sa)->error)audit_log_format(ab, " error=%d", aad(sa)->error);}
printk(KERN_ERR "daozhelilema77? phph?\n");if (aad(sa)->label) {struct aa_label *label = aad(sa)->label;if (label_isprofile(label)) {struct aa_profile *profile = labels_profile(label);if (profile->ns != root_ns) {audit_log_format(ab, " namespace=");audit_log_untrustedstring(ab,profile->ns->base.hname);}audit_log_format(ab, " profile=");audit_log_untrustedstring(ab, profile->base.hname);} else {audit_log_format(ab, " label=");aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,GFP_ATOMIC);}}if (aad(sa)->name) {audit_log_format(ab, " name=");audit_log_untrustedstring(ab, aad(sa)->name);}
}comon_lsm_audit函数中的打印语句也完善一下:
void common_lsm_audit(struct common_audit_data *a,void (*pre_audit)(struct audit_buffer *, void *),void (*post_audit)(struct audit_buffer *, void *))
{struct audit_buffer *ab;
printk(KERN_ERR "daozhelilema? phph?\n");if (a == NULL)return;/* we use GFP_ATOMIC so we won't sleep */ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,AUDIT_AVC);
printk(KERN_ERR "daozhelilema2? phph?\n");if (ab == NULL)return;
printk(KERN_ERR "daozhelilema3? phph?\n");if (pre_audit){printk(KERN_ERR "daozhelilema4? phph?\n");pre_audit(ab, a);}
printk(KERN_ERR "daozhelilema5? phph?\n");dump_common_audit_data(ab, a);if (post_audit)post_audit(ab, a);audit_log_end(ab);
}重复前述步骤,最终看到/var/log/kern.log出现如下打印:
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729542] daozhelilema? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729559] daozhelilema2? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729563] daozhelilema3? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729566] daozhelilema4? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729569] daozhelilema11? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729573] daozhelilema22? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729577] daozhelilema33? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729580] daozhelilema44? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729584] daozhelilema55? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729587] daozhelilema77? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729591] daozhelilema5? phph?
这样看来是audit_pre函数已经调用到了,但是audit_log_format函数没有起作用。看一下其实现,在kernel/audit.c中,代码如下:
/*** audit_log_format - format a message into the audit buffer.* @ab: audit_buffer* @fmt: format string* @...: optional parameters matching @fmt string** All the work is done in audit_log_vformat.*/
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{va_list args;if (!ab)return;va_start(args, fmt);audit_log_vformat(ab, fmt, args);va_end(args);
}在audie_log_format函数中也加上打印,如下所示:
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{va_list args;
printk(KERN_ERR "daozhelilema 88? phph?\n");if (!ab)return;
printk(KERN_ERR "daozhelilema 99? phph?\n");va_start(args, fmt);audit_log_vformat(ab, fmt, args);va_end(args);
}重复前述步骤,最终看到/var/log/kern.log出现如下打印:
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269097] daozhelilema? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269113] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269117] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269121] daozhelilema2? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269125] daozhelilema3? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269128] daozhelilema4? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269132] daozhelilema11? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269135] daozhelilema22? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269139] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269142] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269146] daozhelilema33? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269150] daozhelilema44? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269153] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269157] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269160] daozhelilema55? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269164] daozhelilema77? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269167] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269171] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269175] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269178] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269182] daozhelilema5? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269185] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269189] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269193] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269197] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269200] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269204] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269207] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269211] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269214] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269218] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269233] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269236] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269240] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269244] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269248] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269251] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269255] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269258] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269265] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269268] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269274] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269277] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269281] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269284] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269295] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269298] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269302] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269305] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269309] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269312] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269321] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269324] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269328] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269331] daozhelilema 99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269344] daozhelilema 88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [ 300.269347] daozhelilema 99? phph?
可见,audit_log_format也进入了,并且ab这个指针变量也已经赋值。那么剩下的就只有va_start到va_end这一段代码了,核心函数是audit_log_vformat,其位于同文件(kernel/audit.c)中,就在audit_log_format函数的上边,代码如下:
/** Format an audit message into the audit buffer. If there isn't enough* room in the audit buffer, more room will be allocated and vsnprint* will be called a second time. Currently, we assume that a printk* can't format message larger than 1024 bytes, so we don't either.*/
static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,va_list args)
{int len, avail;struct sk_buff *skb;va_list args2;if (!ab)return;BUG_ON(!ab->skb);skb = ab->skb;avail = skb_tailroom(skb);if (avail == 0) {avail = audit_expand(ab, AUDIT_BUFSIZ);if (!avail)goto out;}va_copy(args2, args);len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args);if (len >= avail) {/* The printk buffer is 1024 bytes long, so if we get* here and AUDIT_BUFSIZ is at least 1024, then we can* log everything that printk could have logged. */avail = audit_expand(ab,max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));if (!avail)goto out_va_end;len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2);}if (len > 0)skb_put(skb, len);
out_va_end:va_end(args2);
out:return;
}在此函数中继续添加打印语句,如下所示:
static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,va_list args)
{int len, avail;struct sk_buff *skb;va_list args2;if (!ab)return;BUG_ON(!ab->skb);skb = ab->skb;
printk(KERN_ERR "daozhelilema101010? phph?\n");avail = skb_tailroom(skb);if (avail == 0) {avail = audit_expand(ab, AUDIT_BUFSIZ);if (!avail){printk(KERN_ERR "daozhelilema111111? phph?\n");goto out;}}
printk(KERN_ERR "daozhelilema222222? phph?\n");va_copy(args2, args);len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args);if (len >= avail) {/* The printk buffer is 1024 bytes long, so if we get* here and AUDIT_BUFSIZ is at least 1024, then we can* log everything that printk could have logged. */avail = audit_expand(ab,max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));if (!avail){printk(KERN_ERR "daozhelilema333333? phph?\n");goto out_va_end;}len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2);}if (len > 0){printk(KERN_ERR "daozhelilema444444? phph?\n");skb_put(skb, len);}
out_va_end:va_end(args2);
out:return;
}重复前述步骤,最终看到/var/log/kern.log出现如下打印:
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498300] daozhelilema? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498315] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498318] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498323] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498326] daozhelilema2? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498329] daozhelilema3? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498332] daozhelilema4? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498336] daozhelilema11? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498339] daozhelilema22? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498342] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498345] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498349] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498352] daozhelilema33? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498355] daozhelilema44? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498358] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498361] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498365] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498368] daozhelilema55? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498371] daozhelilema77? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498374] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498377] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498380] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498384] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498387] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498390] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498394] daozhelilema5? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498397] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498400] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498403] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498408] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498411] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498414] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498417] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498420] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498423] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498427] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498430] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498433] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498436] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498439] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498442] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498458] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498462] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498465] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498469] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498471] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498475] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498478] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498481] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498485] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498489] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498492] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498496] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498501] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498504] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498509] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498512] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498515] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498518] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498523] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498526] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498529] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498538] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498541] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498545] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498548] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498552] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498555] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498558] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498561] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498564] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498570] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498574] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498577] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498580] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498583] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498586] daozhelilema444444? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498599] daozhelilema101010? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498602] daozhelilema222222? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [ 615.498606] daozhelilema444444? phph?
由此可见,自行加入的打印能够正常打印出来即产生在内核日志文件中(不包括if语句中的打印语句),而skb开头的相关语句仍然不能在内核日志中输出信息。
综上情况表明:没有日志的问题根源并不是AppArmor本身的问题,基本上可以断定是skb相关的内核代码及选项的问题。
相关文章:
AppArmor无内核及系统日志的问题及解决
在AppArmor中,正常情况下,一旦违反了规则,是能够在内核及系统日志中看到相关信息的。比如:在Ubuntu下正常产生的日志信息(示例)如下: kernel: [140321.028000] audit(1191433716.584:1578): t…...
本地更改配置ssh密钥和更改github网址
配置 SSH 密钥以进行身份验证,可以遵循以下步骤: 生成SSH密钥 打开 Git Bash 终端 在 Windows 上,可以打开 Git Bash 终端。通常,可以在开始菜单中搜索 Git Bash 并启动它。一旦打开了 Git Bash 终端,将进入一个基于…...
MATLAB函数封装2:QT调用封装函数
在利用MATLAB进行封装函数之后,最主要的目的是对函数进行调用,能够对矩阵运算和其他算法的运行进行快捷处理。 在有了MATLAB函数之后封装成DLL文件之后,在QT中添加动态链接库,就可以实现函数的调用过程,这个过程相对简…...
AJAX和JSON
1、什么是AJAX? AJAX(ASynchronous JavaScript And XML)异步的JavaScript 和 XML; 由Jesse James Garrett 在他的文章AJAX:A New Approoch to Web Applications中首次提出。 ajax(Web数据交互方式)_百…...
源码:SharedPreferences分析
一、持久化方式: DataStore:稳定性 MMKV:效率 SharedPreferneces 区别: 功能MMKVJetpack DataStoreSharedPreferneces是否阻塞主线程否否是是否线程安全是 是 是是否支持跨进程是否否是否类型…...
大二一个学期学这么点内容,没有概念,只有实操
如何查看所有的数据库: Show databases; 如何进入某个数据库: use xxx; 如何新进数据库: Create database jx; 如何删除数据库: Drop database jx; 如何查看所有的表格: Show tables; 如何创建数据表…...
AppWeb 身份验证绕过漏洞 (CVE-2018-8715)
当前漏洞环境部署在vulhub,当前验证环境为vulhub靶场(所有实验均为虚拟环境) 实验环境:攻击机----kali 靶机:centos7 1、进入靶场,启动环境 2、访问AppWeb控制台:http://your-ip:8080 使用用户名、密码adm…...
为什么监控摄像头画面不如手机拍摄视频画面清晰
一天和一个做餐饮的朋友吃饭聊天,他提出一个问题,几百块的监控摄像头就是纯粹做监控功能 ,视频拍摄的画面为什么还没有几百元的手机拍摄的视频画面清晰,对于此特意查了一下技术资料,整理一下,以备下次再详细…...
EU GMP附录一与关键区域空气微生物取样方案及相关法规标准解读
2022版EU GMP附录一与关键区域空气微生物取样方案疑问解答 3月30日2022版EU GMP附录一与关键区域空气微生物取样方案网络研讨会期间,我们收集到了部分参会听众针对该主题所提出的常见问题。根据以下这些问题,lighthouse微生物应用专家将来为您答疑解惑。…...
【软件测试】自动化测试日志问题该怎么解决?测试老鸟总结方案...
目录:导读 前言一、Python编程入门到精通二、接口自动化项目实战三、Web自动化项目实战四、App自动化项目实战五、一线大厂简历六、测试开发DevOps体系七、常用自动化测试工具八、JMeter性能测试九、总结(尾部小惊喜) 前言 Python自动化测试&…...
快速响应 智慧应急|大势智慧亮相第三届武汉国际安全应急博览会
4月26日至4月28日,第三届武汉国际安全应急博览会(后简称“应博会”)在湖北武汉顺利举办。本次展会,大势智慧以实时三维重建能力为核心,提供各类应急场景的技术支撑,助力应急处置和救援等方面的应用。 展会…...
MySQL数据库——MySQL DELETE:删除数据
在 MySQL 中,可以使用 DELETE 语句来删除表的一行或者多行数据。 删除单个表中的数据 使用 DELETE 语句从单个表中删除数据,语法格式为: DELETE FROM <表名> [WHERE 子句] [ORDER BY 子句] [LIMIT 子句] 语法说明如下: …...
管家婆安装导致电脑蓝屏问题解决方案
安装完管家婆后,电脑蓝屏,重启还是蓝屏,这该怎么办? 导致的原因:因加密狗驱动不适配于Windows10系统,导致电脑蓝屏 修复方案:进入电脑安全模式(怎么进入问度娘)&#…...
Compiler Lab1- 自制词法分析器
由于编译原理课的Lab1为自制词法分析器,所以笔者用C实现了一个极简的C语言词法分析器,用于分析C语言源代码。它可以处理关键字、标识符、整数、实数、浮点数的科学计数法表示、运算符、分隔符、字符串字面量、字符字面量、注释和预处理指令。请注意&…...
构建API的战斗——与来自Kong的Marco Palladino的问答
Kong是一个开源的API网关,可用于管理、安全性和监视微服务和API的所有流量。以下是Kong官方网站的介绍: Kong是一个云原生、快速、可扩展的分布式微服务抽象层(也称为API网关、API中枢、API发布器或API服务的网关)。 Kong即可充当…...
)
华为OD机试 - 对称美学(Python)
题目描述 对称就是最大的美学,现有一道关于对称字符串的美学。已知: 第1个字符串:R 第2个字符串:BR 第3个字符串:RBBR 第4个字符串:BRRBRBBR 第5个字符串:RBBRBRRBBRRBRBBR 相信你已经发现规律了,没错!就是第 i 个字符串 = 第 i - 1 号字符串取反 + 第 i - 1 号字符…...
argparse.ArgumentParser
文章目录 argparse.Namespace() Python参数解析工具argparse.ArgumentParser()和实例详解 创建解析器 parserargparse.ArgumentParser() 添加参数 parser.add_argument(name or flags…[, action][, nargs][, const][, default][, type][, choices][, required][, help][, meta…...
大数据Doris(五):FE 扩缩容
文章目录 FE 扩缩容 一、通过MySQL客户端连接Doris 二、FE Follower扩缩容 1、准备 FE 安装包...
react相关概念
真实DOM和虚拟DOM区别 react关于虚拟DOM和真实DOM 虚拟DOM比较“轻”,真实DOM比较“重”,因为虚拟DOM是React在用,无需真实DOM上那么多属性 虚拟DOM最终一定会转为真实DOM放入页面 JSX JSX: 全称JavsScript XML 是react定义的一种类似于XM…...
计算机的硬件系统的组成
微型计算机是指一种体积小、功能强大的计算机系统,通常用于个人或小型企业的日常办公、娱乐等需求。微型计算机的硬件系统主要由以下几个部分组成: 一、中央处理器(CPU) 中央处理器,简称CPU(Central Proc…...
利用最小二乘法找圆心和半径
#include <iostream> #include <vector> #include <cmath> #include <Eigen/Dense> // 需安装Eigen库用于矩阵运算 // 定义点结构 struct Point { double x, y; Point(double x_, double y_) : x(x_), y(y_) {} }; // 最小二乘法求圆心和半径 …...
springboot 百货中心供应链管理系统小程序
一、前言 随着我国经济迅速发展,人们对手机的需求越来越大,各种手机软件也都在被广泛应用,但是对于手机进行数据信息管理,对于手机的各种软件也是备受用户的喜爱,百货中心供应链管理系统被用户普遍使用,为方…...
盘古信息PCB行业解决方案:以全域场景重构,激活智造新未来
一、破局:PCB行业的时代之问 在数字经济蓬勃发展的浪潮中,PCB(印制电路板)作为 “电子产品之母”,其重要性愈发凸显。随着 5G、人工智能等新兴技术的加速渗透,PCB行业面临着前所未有的挑战与机遇。产品迭代…...
解决Ubuntu22.04 VMware失败的问题 ubuntu入门之二十八
现象1 打开VMware失败 Ubuntu升级之后打开VMware上报需要安装vmmon和vmnet,点击确认后如下提示 最终上报fail 解决方法 内核升级导致,需要在新内核下重新下载编译安装 查看版本 $ vmware -v VMware Workstation 17.5.1 build-23298084$ lsb_release…...
2024年赣州旅游投资集团社会招聘笔试真
2024年赣州旅游投资集团社会招聘笔试真 题 ( 满 分 1 0 0 分 时 间 1 2 0 分 钟 ) 一、单选题(每题只有一个正确答案,答错、不答或多答均不得分) 1.纪要的特点不包括()。 A.概括重点 B.指导传达 C. 客观纪实 D.有言必录 【答案】: D 2.1864年,()预言了电磁波的存在,并指出…...
【算法训练营Day07】字符串part1
文章目录 反转字符串反转字符串II替换数字 反转字符串 题目链接:344. 反转字符串 双指针法,两个指针的元素直接调转即可 class Solution {public void reverseString(char[] s) {int head 0;int end s.length - 1;while(head < end) {char temp …...
【HTTP三个基础问题】
面试官您好!HTTP是超文本传输协议,是互联网上客户端和服务器之间传输超文本数据(比如文字、图片、音频、视频等)的核心协议,当前互联网应用最广泛的版本是HTTP1.1,它基于经典的C/S模型,也就是客…...
多模态大语言模型arxiv论文略读(108)
CROME: Cross-Modal Adapters for Efficient Multimodal LLM ➡️ 论文标题:CROME: Cross-Modal Adapters for Efficient Multimodal LLM ➡️ 论文作者:Sayna Ebrahimi, Sercan O. Arik, Tejas Nama, Tomas Pfister ➡️ 研究机构: Google Cloud AI Re…...
有限自动机到正规文法转换器v1.0
1 项目简介 这是一个功能强大的有限自动机(Finite Automaton, FA)到正规文法(Regular Grammar)转换器,它配备了一个直观且完整的图形用户界面,使用户能够轻松地进行操作和观察。该程序基于编译原理中的经典…...
Java 二维码
Java 二维码 **技术:**谷歌 ZXing 实现 首先添加依赖 <!-- 二维码依赖 --><dependency><groupId>com.google.zxing</groupId><artifactId>core</artifactId><version>3.5.1</version></dependency><de…...