[apparmor] [patch] library: fix parsing for yet another format (lp: #1399027)

Steve Beattie steve at nxnw.org
Fri Dec 12 19:23:44 UTC 2014 

Hi,

This patch fixes the libapparmor log parsing library to take into
account yet another log format style, as well as incorporating a
testcase for it.

Bugs:
  https://bugs.launchpad.net/apparmor/+bug/1399027
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771400
  https://bugzilla.opensuse.org/show_bug.cgi?id=905368

Signed-off-by: Steve Beattie <steve at nxnw.org>
---
 libraries/libapparmor/src/grammar.y                            |    2 +
 libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in  |    1 
 libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out |   15 ++++++++++
 3 files changed, 18 insertions(+)

Index: b/libraries/libapparmor/src/grammar.y
===================================================================
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@@ -210,6 +210,8 @@ syslog_type:
 	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
 	| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
 	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
+	| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_AUDIT TOK_COLON key_type audit_id key_list
+	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
 	| syslog_date TOK_ID TOK_SYSLOG_USER key_list
 	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
 	;
Index: b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in
===================================================================
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in
@@ -0,0 +1 @@
+Dec  7 13:18:59 rosa kernel: audit: type=1400 audit(1417954745.397:82): apparmor="ALLOWED" operation="open" profile="/home/simi/bin/aa-test" name="/usr/bin/" pid=3231 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Index: b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out
===================================================================
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out
@@ -0,0 +1,15 @@
+START
+File: syslog_audit_02.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1417954745.397:82
+Operation: open
+Mask: r
+Denied Mask: r
+fsuid: 1000
+ouid: 0
+Profile: /home/simi/bin/aa-test
+Name: /usr/bin/
+Command: ls
+PID: 3231
+Epoch: 1417954745
+Audit subid: 82

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141212/0e391a72/attachment.pgp>

More information about the AppArmor mailing list