search

ctc-oss / fapolicy-analyzer

Tools to assist with the configuration and management of fapolicyd.
https://ctc-oss.github.io/fapolicy-analyzer
GNU General Public License v3.0
13 stars 5 forks source link

Multiple gid in analysis #650

Closed jw3 closed 2 years ago

jw3 commented 2 years ago

Ensure gid lists in analysis logs make it to the UI.

Testing

Given the log

rule=1 dec=allow perm=any uid=0 gid=990,999 pid=111 exe=/usr/bin/bash : path=/usr/bin/foo
rule=1 dec=allow perm=any uid=0 gid=999     pid=111 exe=/usr/bin/bash : path=/usr/bin/bar
Subjects in log: 1

# Subject events

# User events - 0
0:990 /usr/bin/bash => /usr/bin/foo
0:999 /usr/bin/bash => /usr/bin/foo
0:999 /usr/bin/bash => /usr/bin/bar

# Group events - 999
0:999 /usr/bin/bash => /usr/bin/foo
0:999 /usr/bin/bash => /usr/bin/bar

# Group events - 990
0:990 /usr/bin/bash => /usr/bin/foo

python3 examples/analyze_log.py tests/data/events2.log

Closes #267

jw3 commented 2 years ago

@tparchambault @dorschs57 could you take a quick look at this, check that it doesn't break or introduce odd behavior to the analysis view.