[apparmor] [patch] library: fix parsing for yet another format (lp: #1399027)

John Johansen john.johansen at canonical.com
Fri Dec 12 22:44:10 UTC 2014 

On 12/12/2014 11:23 AM, Steve Beattie wrote:
> Hi,
> 
> This patch fixes the libapparmor log parsing library to take into
> account yet another log format style, as well as incorporating a
> testcase for it.
> 
> Bugs:
>   https://bugs.launchpad.net/apparmor/+bug/1399027
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771400
>   https://bugzilla.opensuse.org/show_bug.cgi?id=905368
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

Acked-by: John Johansen <john.johansen at canonical.com>

acked for 2.9 as well

we will want this for the 2.8.x series as well, if we ever roll
another point release. So pre ack for that hopefully non-existent
release as well.

> ---
>  libraries/libapparmor/src/grammar.y                            |    2 +
>  libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in  |    1 
>  libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out |   15 ++++++++++
>  3 files changed, 18 insertions(+)
> 
> Index: b/libraries/libapparmor/src/grammar.y
> ===================================================================
> --- a/libraries/libapparmor/src/grammar.y
> +++ b/libraries/libapparmor/src/grammar.y
> @@ -210,6 +210,8 @@ syslog_type:
>  	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
>  	| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
>  	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
> +	| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_AUDIT TOK_COLON key_type audit_id key_list
> +	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
>  	| syslog_date TOK_ID TOK_SYSLOG_USER key_list
>  	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
>  	;
> Index: b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in
> @@ -0,0 +1 @@
> +Dec  7 13:18:59 rosa kernel: audit: type=1400 audit(1417954745.397:82): apparmor="ALLOWED" operation="open" profile="/home/simi/bin/aa-test" name="/usr/bin/" pid=3231 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> Index: b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out
> @@ -0,0 +1,15 @@
> +START
> +File: syslog_audit_02.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1417954745.397:82
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /home/simi/bin/aa-test
> +Name: /usr/bin/
> +Command: ls
> +PID: 3231
> +Epoch: 1417954745
> +Audit subid: 82
> 
> 
>

More information about the AppArmor mailing list