[apparmor] [patch] remove old log format code from libapparmor
Steve Beattie
steve at nxnw.org
Fri Jan 21 05:17:46 UTC 2011
This patch removes the old log parsing code from libapparmor.
The testcases that were in place for the old style log messages have
had their expected output modified such that they are expected to
return invalid results, rather than deleting the testcases outright.
---
libraries/libapparmor/src/grammar.y | 208 ----------
libraries/libapparmor/src/scanner.l | 98 ----
libraries/libapparmor/testsuite/test_multi/old_style_log_01.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_02.out | 10
libraries/libapparmor/testsuite/test_multi/old_style_log_03.out | 10
libraries/libapparmor/testsuite/test_multi/old_style_log_04.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_05.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_06.out | 10
libraries/libapparmor/testsuite/test_multi/old_style_log_07.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_08.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_09.out | 10
libraries/libapparmor/testsuite/test_multi/old_style_log_10.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_11.out | 10
libraries/libapparmor/testsuite/test_multi/old_style_log_12.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_13.out | 10
libraries/libapparmor/testsuite/test_multi/old_style_log_14.out | 11
libraries/libapparmor/testsuite/test_multi/old_style_log_15.out | 9
libraries/libapparmor/testsuite/test_multi/old_style_log_16.out | 7
libraries/libapparmor/testsuite/test_multi/old_style_log_17.out | 6
libraries/libapparmor/testsuite/test_multi/old_style_log_18.out | 10
20 files changed, 65 insertions(+), 421 deletions(-)
Index: b/libraries/libapparmor/src/grammar.y
===================================================================
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@@ -79,10 +79,10 @@ aa_record_event_type lookup_aa_event(uns
long t_long;
}
-%type <t_str> old_profile safe_string protocol
+%type <t_str> safe_string protocol
%token <t_long> TOK_DIGITS TOK_TYPE_UNKNOWN
-%token <t_str> TOK_QUOTED_STRING TOK_PATH TOK_ID TOK_NULL_COMPLAIN TOK_MODE TOK_DMESG_STAMP
-%token <t_str> TOK_SINGLE_QUOTED_STRING TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE_TIME
+%token <t_str> TOK_QUOTED_STRING TOK_ID TOK_MODE TOK_DMESG_STAMP
+%token <t_str> TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE_TIME
%token <t_str> TOK_HEXSTRING TOK_TYPE_OTHER TOK_MSG_REST
%token TOK_EQUALS
@@ -105,31 +105,6 @@ aa_record_event_type lookup_aa_event(uns
%token TOK_TYPE_AA_STATUS
%token TOK_TYPE_AA_ERROR
%token TOK_TYPE_LSM_AVC
-%token TOK_OLD_TYPE_APPARMOR
-%token TOK_OLD_APPARMOR_REJECT
-%token TOK_OLD_APPARMOR_PERMIT
-%token TOK_OLD_APPARMOR_AUDIT
-%token TOK_OLD_APPARMOR_LOGPROF_HINT
-%token TOK_OLD_UNKNOWN_HAT
-%token TOK_OLD_ACTIVE
-%token TOK_OLD_UNKNOWN_PROFILE
-%token TOK_OLD_MISSING_PROFILE
-%token TOK_OLD_CHANGING_PROFILE
-%token TOK_OLD_ACCESS
-%token TOK_OLD_TO
-%token TOK_OLD_FROM
-%token TOK_OLD_PIPE
-%token TOK_OLD_EXTENDED
-%token TOK_OLD_ATTRIBUTE
-%token TOK_OLD_ON
-%token TOK_OLD_MKDIR
-%token TOK_OLD_RMDIR
-%token TOK_OLD_XATTR
-%token TOK_OLD_CHANGE
-%token TOK_OLD_SYSCALL
-%token TOK_OLD_LINK
-%token TOK_OLD_FORK
-%token TOK_OLD_CHILD
%token TOK_KEY_APPARMOR
%token TOK_KEY_TYPE
@@ -147,7 +122,6 @@ aa_record_event_type lookup_aa_event(uns
%token TOK_KEY_PID
%token TOK_KEY_PROFILE
%token TOK_AUDIT
-%token TOK_KEY_IMAGE
%token TOK_KEY_FAMILY
%token TOK_KEY_SOCK_TYPE
%token TOK_KEY_PROTOCOL
@@ -172,15 +146,10 @@ log_message: audit_type
audit_type: TOK_KEY_TYPE TOK_EQUALS type_syntax ;
-type_syntax: old_syntax { ret_record->version = AA_RECORD_SYNTAX_V1; }
- | new_syntax { ret_record->version = AA_RECORD_SYNTAX_V2; }
+type_syntax: new_syntax { ret_record->version = AA_RECORD_SYNTAX_V2; }
| other_audit
;
-old_syntax: TOK_OLD_TYPE_APPARMOR audit_msg old_msg
- | TOK_TYPE_UNKNOWN audit_msg old_msg
- ;
-
new_syntax:
TOK_TYPE_AA_REJECT audit_msg key_list { ret_record->event = AA_RECORD_DENIED; }
| TOK_TYPE_AA_AUDIT audit_msg key_list { ret_record->event = AA_RECORD_AUDIT; }
@@ -201,9 +170,7 @@ other_audit: TOK_TYPE_OTHER audit_msg TO
;
syslog_type:
- syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id old_msg
- { ret_record->version = AA_RECORD_SYNTAX_V1; }
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
+ syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; }
| syslog_date TOK_ID TOK_SYSLOG_KERNEL key_type audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; }
@@ -215,167 +182,9 @@ syslog_type:
/* when audit dispatches a message it doesn't prepend the audit type string */
audit_dispatch:
- audit_msg old_msg { ret_record->version = AA_RECORD_SYNTAX_V1; }
audit_msg key_list { ret_record->version = AA_RECORD_SYNTAX_V2; }
;
-old_msg:
- old_permit_reject_type old_permit_reject_syntax
- | TOK_OLD_APPARMOR_LOGPROF_HINT old_logprof_syntax { ret_record->event = AA_RECORD_HINT; }
- ;
-
-old_permit_reject_type:
- TOK_OLD_APPARMOR_REJECT { ret_record->event = AA_RECORD_DENIED; }
- | TOK_OLD_APPARMOR_PERMIT { ret_record->event = AA_RECORD_ALLOWED; }
- | TOK_OLD_APPARMOR_AUDIT { ret_record->event = AA_RECORD_AUDIT; }
- ;
-
-old_permit_reject_syntax:
- TOK_MODE TOK_OLD_ACCESS old_permit_reject_path_pipe_extended
- TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
- {
- ret_record->requested_mask = $1;
- ret_record->operation = strdup("access");
- }
- | dir_action TOK_OLD_ON TOK_PATH
- TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
- {
- ret_record->name = $3;
- }
- | TOK_OLD_XATTR TOK_ID TOK_OLD_ON TOK_PATH
- TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
- {
- ret_record->operation = strdup("xattr");
- ret_record->attribute = $2;
- ret_record->name = $4;
- }
- | TOK_KEY_ATTRIBUTE TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN
- TOK_OLD_CHANGE TOK_OLD_TO TOK_PATH
- TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
- {
- ret_record->operation = strdup("setattr");
- ret_record->attribute = $3;
- ret_record->name = $7;
- }
- | TOK_OLD_ACCESS TOK_OLD_TO TOK_KEY_CAPABILITY TOK_SINGLE_QUOTED_STRING
- TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
- {
- ret_record->operation = strdup("capability");
- ret_record->name = $4;
- }
- | TOK_OLD_ACCESS TOK_OLD_TO TOK_OLD_SYSCALL TOK_SINGLE_QUOTED_STRING
- TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
- {
- ret_record->operation = strdup("syscall");
- ret_record->name = $4;
- }
- | TOK_OLD_LINK TOK_OLD_ACCESS TOK_OLD_FROM TOK_PATH TOK_OLD_TO TOK_PATH
- TOK_OPEN_PAREN old_process_state TOK_CLOSE_PAREN
- {
- ret_record->requested_mask = strdup("l");
- ret_record->name = $4;
- ret_record->name2 = $6;
- }
- ;
-
-dir_action:
- TOK_OLD_MKDIR { ret_record->operation = strdup("mkdir"); }
- | TOK_OLD_RMDIR { ret_record->operation = strdup("rmdir"); }
- ;
-
-old_process_state:
- TOK_ID TOK_OPEN_PAREN TOK_ID TOK_CLOSE_PAREN old_profile_names
- {
- ret_record->info = $1;
- ret_record->pid = atol($3);
- free($3);
- }
- ;
-
-old_profile_names:
- TOK_KEY_PROFILE old_profile TOK_OLD_ACTIVE old_profile
- { ret_record->profile = $2;
- ret_record->active_hat = $4;
- }
- ;
-
-old_permit_reject_path_pipe_extended:
- TOK_OLD_TO TOK_PATH
- {
- ret_record->name = $2;
- }
- | TOK_OLD_TO TOK_OLD_PIPE /* Frankly, I don't think this is used */
- {
- ret_record->info = strdup("pipe");
- }
- | TOK_OLD_EXTENDED TOK_KEY_ATTRIBUTE /* Nor this */
- {
- ret_record->info = strdup("extended attribute");
- }
- ;
-old_logprof_syntax:
- old_logprof_syntax2 key_pid
- TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
- {
- ret_record->profile = strdup($5);
- free($5);
- ret_record->active_hat = strdup($8);
- free($8);
- }
- | old_logprof_fork_syntax
- | TOK_OLD_CHANGING_PROFILE key_pid
- { ret_record->profile = strdup("null-complain-profile"); }
- ;
-
-old_logprof_syntax2:
- TOK_OLD_UNKNOWN_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
- {
- ret_record->operation = strdup("profile_set");
- ret_record->info = strdup("unknown profile");
- ret_record->name = strdup($4);
- free($4);
- }
- | TOK_OLD_MISSING_PROFILE TOK_KEY_IMAGE TOK_EQUALS TOK_ID
- {
- ret_record->operation = strdup("exec");
- ret_record->info = strdup("mandatory profile missing");
- ret_record->name = strdup($4);
- free($4);
- }
- | TOK_OLD_UNKNOWN_HAT TOK_ID
- {
- ret_record->operation = strdup("change_hat");
- ret_record->name = strdup($2);
- free($2);
- ret_record->info = strdup("unknown_hat");
- }
- ;
-
-/* TODO: Clean this up */
-old_logprof_fork_syntax:
- TOK_OLD_FORK key_pid
- TOK_OLD_CHILD TOK_EQUALS TOK_DIGITS old_logprof_fork_addition
- {
- ret_record->operation = strdup("clone");
- ret_record->task = $5;
- }
- ;
-
-old_logprof_fork_addition:
- /* Nothin */
- | TOK_KEY_PROFILE TOK_EQUALS old_profile TOK_OLD_ACTIVE TOK_EQUALS old_profile
- {
- ret_record->profile = $3;
- ret_record->active_hat = $6;
- }
- ;
-
-old_profile:
- TOK_PATH { $$ = $1; }
- | TOK_ID { $$ = $1; }
- | TOK_NULL_COMPLAIN { $$ = strdup("null-complain-profile"); }
- ;
-
audit_msg: TOK_KEY_MSG TOK_EQUALS audit_id
;
@@ -441,7 +250,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QU
| TOK_KEY_COMM TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->comm = $3;}
| TOK_KEY_APPARMOR TOK_EQUALS apparmor_event
- | TOK_KEY_CAPABILITY TOK_EQUALS TOK_ID
+ | TOK_KEY_CAPABILITY TOK_EQUALS TOK_DIGITS
{ /* need to reverse map number to string, need to figure out
* how to get auto generation of reverse mapping table into
* autotools Makefile. For now just drop assumming capname is
@@ -460,6 +269,11 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QU
{ /* target was always name2 in the past */
ret_record->name2 = $3;
}
+ | TOK_MSG_REST
+ {
+ ret_record->event = AA_RECORD_INVALID;
+ ret_record->info = $1;
+ }
;
apparmor_event:
Index: b/libraries/libapparmor/src/scanner.l
===================================================================
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@@ -83,7 +83,6 @@ minus "-"
open_paren "("
close_paren ")"
ID [^ \t\n\(\)="'!]
-path "/"{ID}*
hexstring ({hex}{hex})+
period "\."
mode_chars ([RrWwaLlMmkXx])|([Pp][Xx])|([Uu][Xx])|([Ii][Xx])|([Pp][Ii][Xx])
@@ -106,35 +105,6 @@ lsm_avc_type "AVC"
unknown_type UNKNOWN\[{digits}+\]
other_audit_type [[:alnum:]\[\]_-]+
-/* Old message tokens */
-
-old_apparmor_type "APPARMOR"
-old_apparmor_reject "REJECTING"
-old_apparmor_permit "PERMITTING"
-old_apparmor_audit "AUDITING"
-old_apparmor_logprof "LOGPROF-HINT"
-old_unknown_hat "unknown_hat"
-old_unknown_profile "unknown_profile"
-old_missing_profile "missing_mandatory_profile"
-old_changing_profile "changing_profile"
-old_active "active"
-old_access "access"
-old_from "from"
-old_to "to"
-old_pipe "pipe"
-old_extended "extended"
-old_rmdir "rmdir"
-old_mkdir "mkdir"
-old_on "on"
-old_xattr "xattr"
-old_change "change"
-old_syscall "syscall"
-old_link "link"
-old_fork "fork"
-old_child "child"
-
-null_complain "null-complain-profile"
-
/* Key tokens */
key_apparmor "apparmor"
@@ -153,7 +123,6 @@ key_magic_token "magic_token"
key_info "info"
key_pid "pid"
key_profile "profile"
-key_image "image"
key_family "family"
key_sock_type "sock_type"
key_protocol "protocol"
@@ -177,12 +146,10 @@ dmesg_timestamp \[[[:digit:] ]{5,}\.[[:
%x quoted_string
%x sub_id
%x audit_id
-%x single_quoted_string
%x hostname
%x dmesg_timestamp
%x safe_string
%x audit_types
-%x old_action
%x other_audit
%x unknown_message
@@ -206,7 +173,6 @@ yy_flex_debug = 0;
<sub_id>{
{open_paren} { return(TOK_OPEN_PAREN); }
{close_paren} { BEGIN(INITIAL); return(TOK_CLOSE_PAREN); }
- "'" { string_buf_reset(); BEGIN(single_quoted_string); }
{ws} { }
\" { string_buf_reset(); BEGIN(quoted_string); }
{ID}+ {
@@ -217,19 +183,6 @@ yy_flex_debug = 0;
{equals} { return(TOK_EQUALS); }
}
-
-"'" { string_buf_reset(); BEGIN(single_quoted_string); }
-<single_quoted_string>"'" { /* End of the quoted string */
- BEGIN(INITIAL);
- yylval->t_str = strdup(string_buf);
- return(TOK_SINGLE_QUOTED_STRING);
- }
-
-
-<single_quoted_string>\\(.|\n) { string_buf_append(1, &yytext[1]); }
-
-<single_quoted_string>[^\\\n\'\"]+ { string_buf_append(yyleng, yytext); }
-
\" { string_buf_reset(); BEGIN(quoted_string); }
<quoted_string>\" { /* End of the quoted string */
BEGIN(INITIAL);
@@ -243,7 +196,6 @@ yy_flex_debug = 0;
<quoted_string>[^\\\n\"]+ { string_buf_append(yyleng, yytext); }
<safe_string>{
- "'" { string_buf_reset(); BEGIN(single_quoted_string); }
\" { string_buf_reset(); BEGIN(quoted_string); }
{hexstring} { yylval->t_str = hex_to_string(yytext); BEGIN(INITIAL); return(TOK_HEXSTRING);}
{equals} { return(TOK_EQUALS); }
@@ -274,7 +226,6 @@ yy_flex_debug = 0;
BEGIN(INITIAL);
return(TOK_TYPE_UNKNOWN);
}
- {old_apparmor_type} { BEGIN(INITIAL); return(TOK_OLD_TYPE_APPARMOR); }
{other_audit_type} { yylval->t_str = strdup(yytext);
BEGIN(other_audit);
return(TOK_TYPE_OTHER);
@@ -291,42 +242,8 @@ yy_flex_debug = 0;
return(TOK_OPEN_PAREN);
}
{close_paren} { return(TOK_CLOSE_PAREN); }
-{path} { yylval->t_str = strdup(yytext); return(TOK_PATH); }
{period} { return(TOK_PERIOD); }
-{old_apparmor_reject} { BEGIN(old_action); return(TOK_OLD_APPARMOR_REJECT); }
-{old_apparmor_permit} { BEGIN(old_action); return(TOK_OLD_APPARMOR_PERMIT); }
-{old_apparmor_audit} { BEGIN(old_action); return(TOK_OLD_APPARMOR_AUDIT); }
-{old_apparmor_logprof} { return(TOK_OLD_APPARMOR_LOGPROF_HINT); }
-{old_unknown_hat} { BEGIN(sub_id); return(TOK_OLD_UNKNOWN_HAT); }
-{old_unknown_profile} { return(TOK_OLD_UNKNOWN_PROFILE); }
-{old_missing_profile} { return(TOK_OLD_MISSING_PROFILE); }
-{old_changing_profile} { return(TOK_OLD_CHANGING_PROFILE); }
-{old_active} { BEGIN(sub_id); return(TOK_OLD_ACTIVE); }
-{old_access} { return(TOK_OLD_ACCESS); }
-{old_to} { return(TOK_OLD_TO); }
-{old_from} { return(TOK_OLD_FROM); }
-{old_pipe} { return(TOK_OLD_PIPE); }
-{old_extended} { return(TOK_OLD_EXTENDED); }
-{old_on} { return(TOK_OLD_ON); }
-{old_change} { return(TOK_OLD_CHANGE); }
-{key_capability} { BEGIN(sub_id); return(TOK_KEY_CAPABILITY); }
-{old_syscall} { return(TOK_OLD_SYSCALL); }
-{old_fork} { return(TOK_OLD_FORK); }
-{old_child} { return(TOK_OLD_CHILD); }
-
-<old_action>{
- {ws}+ { /* eat whitespace */ }
- {modes} { /* modes must stay out of INITIAL because of false pos matches e.g. Mar */
- yylval->t_str = strdup(yytext); BEGIN(INITIAL); return(TOK_MODE); }
- {old_link} { BEGIN(INITIAL); return(TOK_OLD_LINK); }
- {old_access} { BEGIN(INITIAL); return(TOK_OLD_ACCESS); }
- {old_mkdir} { BEGIN(INITIAL); return(TOK_OLD_MKDIR); }
- {old_rmdir} { BEGIN(INITIAL); return(TOK_OLD_RMDIR); }
- {old_xattr} { BEGIN(sub_id); return(TOK_OLD_XATTR); }
- {key_attribute} { BEGIN(sub_id); return(TOK_KEY_ATTRIBUTE); }
-}
-
{key_apparmor} { BEGIN(audit_types); return(TOK_KEY_APPARMOR); }
{key_type} { BEGIN(audit_types); return(TOK_KEY_TYPE); }
{key_msg} { return(TOK_KEY_MSG); }
@@ -350,18 +267,7 @@ yy_flex_debug = 0;
{key_fsuid} { return(TOK_KEY_FSUID); }
{key_ouid} { return(TOK_KEY_OUID); }
{key_comm} { return(TOK_KEY_COMM); }
- /* This key_capability entry is here to document, what should be.
- * currently the capability token is handled by the old set of rules above
- * it should be handled here, but there is no good way to combine them
- * that doesn't require more work than it is worth atm because of the
- * switch to sub_id in the old scanner rules.
- * The switch to sub_id causes the new rule set in the grammar to need to
- * accept a TOK_ID instead of TOK_DIGITS, which it should be.
- * once the old rules and old scanning is ripped out this scanner rule
- * should be activated and the corresponding rule in the grammar should
- * be updated to use TOK_DIGITS
- * {key_capability} { return(TOK_KEY_CAPABILITY); }
- */
+{key_capability} { return(TOK_KEY_CAPABILITY); }
{key_capname} { return(TOK_KEY_CAPNAME); }
{key_offset} { return(TOK_KEY_OFFSET); }
{key_target} { return(TOK_KEY_TARGET); }
@@ -371,8 +277,6 @@ yy_flex_debug = 0;
{syslog_time} { yylval->t_str = strdup(yytext); BEGIN(hostname); return(TOK_DATE_TIME); }
{audit} { yy_push_state(audit_id, yyscanner); return(TOK_AUDIT); }
-{null_complain} { return(TOK_NULL_COMPLAIN); }
-{key_image} { BEGIN(sub_id); return(TOK_KEY_IMAGE); }
. { /* ignore any non-matched input */ BEGIN(unknown_message); yyless(0); }
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_14.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_14.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_14.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_14.in
-Event type: AA_RECORD_AUDIT
+Event type: AA_RECORD_INVALID
Audit ID: 1177962426.395:2107
-Operation: access
-Mask: mr
-Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/changehat_wrapper
-Name: /lib/ld-2.4.so
-Info: open
-PID: 7139
-Active hat: open
+Operation: APPARMOR
+Info: AUDITING mr access to /lib/ld-2.4.so (open(7139) profile /home/steve/svn/apparmor-forge/tests/regression/subdomain/changehat_wrapper active open)
Epoch: 1177962426
Audit subid: 2107
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_16.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_16.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_16.out
@@ -1,9 +1,8 @@
START
File: test_multi/old_style_log_16.in
-Event type: AA_RECORD_HINT
+Event type: AA_RECORD_INVALID
Audit ID: 1168661976.062:55
-Operation: clone
-Task: 38229
-PID: 27764
+Operation: APPARMOR
+Info: LOGPROF-HINT fork pid=27764 child=38229
Epoch: 1168661976
Audit subid: 55
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_04.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_04.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_04.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_04.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1177962395.525:1837
-Mask: l
-Profile: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
-Name: /tmp/sdtest.3676-13458-it3683/target
-Name2: /tmp/sdtest.3676-13458-it3683/src
-Info: link
-PID: 3823
-Active hat: /home/steve/svn/apparmor-forge/tests/regression/subdomain/link
+Operation: APPARMOR
+Info: REJECTING link access from /tmp/sdtest.3676-13458-it3683/target to /tmp/sdtest.3676-13458-it3683/src (link(3823) profile /home/steve/svn/apparmor-forge/tests/regression/subdomain/link active /home/steve/svn/apparmor-forge/tests/regression/subdomain/link)
Epoch: 1177962395
Audit subid: 1837
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_08.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_08.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_08.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_08.in
-Event type: AA_RECORD_ALLOWED
+Event type: AA_RECORD_INVALID
Audit ID: 1168662182.495:58
-Operation: access
-Mask: r
-Profile: /home/matt/projects/change_hat_test/test_hat
-Name: /home/matt/projects/change_hat_test/test
-Info: test_hat
-PID: 27871
-Active hat: null-complain-profile
+Operation: APPARMOR
+Info: PERMITTING r access to /home/matt/projects/change_hat_test/test (test_hat(27871) profile /home/matt/projects/change_hat_test/test_hat active null-complain-profile)
Epoch: 1168662182
Audit subid: 58
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_09.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_09.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_09.out
@@ -1,12 +1,8 @@
START
File: test_multi/old_style_log_09.in
-Event type: AA_RECORD_ALLOWED
+Event type: AA_RECORD_INVALID
Audit ID: 1167188680.127:54
-Operation: rmdir
-Profile: /bin/freak-aa-out
-Name: /path/to/something
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
+Operation: APPARMOR
+Info: PERMITTING rmdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
Epoch: 1167188680
Audit subid: 54
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_10.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_10.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_10.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_10.in
-Event type: AA_RECORD_ALLOWED
+Event type: AA_RECORD_INVALID
Audit ID: 1167188680.127:54
-Operation: setattr
-Profile: /bin/freak-aa-out
-Name: /else
-Attribute: something
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
+Operation: APPARMOR
+Info: PERMITTING attribute (something) change to /else (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
Epoch: 1167188680
Audit subid: 54
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_11.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_11.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_11.out
@@ -1,12 +1,8 @@
START
File: test_multi/old_style_log_11.in
-Event type: AA_RECORD_ALLOWED
+Event type: AA_RECORD_INVALID
Audit ID: 1167188680.127:54
-Operation: capability
-Profile: /bin/freak-aa-out
-Name: cap
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
+Operation: APPARMOR
+Info: PERMITTING access to capability 'cap' (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
Epoch: 1167188680
Audit subid: 54
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_13.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_13.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_13.out
@@ -1,12 +1,8 @@
START
File: test_multi/old_style_log_13.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1173790298.983:1669
-Operation: syscall
-Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
-Name: sysctl (write)
-Info: syscall_sysctl
-PID: 25423
-Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl
+Operation: APPARMOR
+Info: REJECTING access to syscall 'sysctl (write)' (syscall_sysctl(25423) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl active /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_sysctl)
Epoch: 1173790298
Audit subid: 1669
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_01.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_01.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_01.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_01.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1157215966.604:46
-Operation: access
-Mask: r
-Profile: /usr/sbin/httpd2-prefork
-Name: /bin/df
-Info: sh
-PID: 7902
-Active hat: SYSINFO
+Operation: APPARMOR
+Info: REJECTING r access to /bin/df (sh(7902) profile /usr/sbin/httpd2-prefork active SYSINFO)
Epoch: 1157215966
Audit subid: 46
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_03.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_03.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_03.out
@@ -1,12 +1,8 @@
START
File: test_multi/old_style_log_03.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1173790298.651:1662
-Operation: syscall
-Profile: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
-Name: ptrace
-Info: syscall_ptrace
-PID: 25210
-Active hat: /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace
+Operation: APPARMOR
+Info: REJECTING access to syscall 'ptrace' (syscall_ptrace(25210) profile /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace active /home/steve/svn/trunk-forge/tests/regression/subdomain/syscall_ptrace)
Epoch: 1173790298
Audit subid: 1662
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_06.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_06.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_06.out
@@ -1,12 +1,8 @@
START
File: test_multi/old_style_log_06.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1167188680.127:54
-Operation: mkdir
-Profile: /bin/freak-aa-out
-Name: /path/to/something
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
+Operation: APPARMOR
+Info: REJECTING mkdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
Epoch: 1167188680
Audit subid: 54
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_15.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_15.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_15.out
@@ -1,11 +1,8 @@
START
File: test_multi/old_style_log_15.in
-Event type: AA_RECORD_HINT
+Event type: AA_RECORD_INVALID
Audit ID: 1168661976.062:55
-Operation: clone
-Profile: /home/matt/projects/change_hat_test/test_hat
-Task: 38229
-PID: 27764
-Active hat: /home/matt/projects/change_hat_test/test_hat
+Operation: APPARMOR
+Info: LOGPROF-HINT fork pid=27764 child=38229 profile=/home/matt/projects/change_hat_test/test_hat active=/home/matt/projects/change_hat_test/test_hat
Epoch: 1168661976
Audit subid: 55
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_18.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_18.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_18.out
@@ -1,12 +1,8 @@
START
File: test_multi/old_style_log_18.in
-Event type: AA_RECORD_HINT
+Event type: AA_RECORD_INVALID
Audit ID: 1168661976.062:55
-Operation: change_hat
-Profile: /home/matt/projects/change_hat_test/test_hat
-Name: TESTHAT
-Info: unknown_hat
-PID: 27764
-Active hat: /home/matt/projects/change_hat_test/test_hat
+Operation: APPARMOR
+Info: LOGPROF-HINT unknown_hat TESTHAT pid=27764 profile=/home/matt/projects/change_hat_test/test_hat active=/home/matt/projects/change_hat_test/test_hat
Epoch: 1168661976
Audit subid: 55
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_02.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_02.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_02.out
@@ -1,13 +1,7 @@
START
File: test_multi/old_style_log_02.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1167188680.127:54
-Operation: access
-Mask: r
-Profile: /bin/freak-aa-out
-Name: /bin/freak-aa-out
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
+Info: REJECTING r access to /bin/freak-aa-out (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
Epoch: 1167188680
Audit subid: 54
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_05.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_05.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_05.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_05.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1167188680.127:54
-Operation: access
-Mask: r
-Profile: /bin/freak-aa-out
-Name: /bin/freak-aa-out
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
+Operation: APPARMOR
+Info: REJECTING r access to /bin/freak-aa-out (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
Epoch: 1167188680
Audit subid: 54
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_07.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_07.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_07.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_07.in
-Event type: AA_RECORD_DENIED
+Event type: AA_RECORD_INVALID
Audit ID: 1167188680.127:54
-Operation: xattr
-Profile: /bin/freak-aa-out
-Name: /path/to/something
-Attribute: set
-Info: bash
-PID: 23415
-Active hat: /bin/freak-aa-out
+Operation: APPARMOR
+Info: REJECTING xattr set on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)
Epoch: 1167188680
Audit subid: 54
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_12.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_12.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_12.out
@@ -1,13 +1,8 @@
START
File: test_multi/old_style_log_12.in
-Event type: AA_RECORD_ALLOWED
+Event type: AA_RECORD_INVALID
Audit ID: 1201615421.935:4837
-Mask: l
-Profile: null-complain-profile
-Name: /home/jj/.fonts.cache-2.LCK
-Name2: /home/jj/.fonts.cache-2.TMP-IyT7AP
-Info: firefox-bin
-PID: 16844
-Active hat: null-complain-profile
+Operation: APPARMOR
+Info: PERMITTING link access from /home/jj/.fonts.cache-2.LCK to /home/jj/.fonts.cache-2.TMP-IyT7AP (firefox-bin(16844) profile null-complain-profile active null-complain-profile)
Epoch: 1201615421
Audit subid: 4837
Index: b/libraries/libapparmor/testsuite/test_multi/old_style_log_17.out
===================================================================
--- a/libraries/libapparmor/testsuite/test_multi/old_style_log_17.out
+++ b/libraries/libapparmor/testsuite/test_multi/old_style_log_17.out
@@ -1,8 +1,8 @@
START
File: test_multi/old_style_log_17.in
-Event type: AA_RECORD_HINT
+Event type: AA_RECORD_INVALID
Audit ID: 1164007073.953:518
-Profile: null-complain-profile
-PID: 29420
+Operation: APPARMOR
+Info: LOGPROF-HINT changing_profile pid=29420
Epoch: 1164007073
Audit subid: 518
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110120/a206372b/attachment-0001.pgp>
More information about the AppArmor
mailing list