[apparmor] [patch 0/3] libapparmor: a few aalogparse fixes

Steve Beattie steve at nxnw.org
Wed Sep 3 07:40:20 UTC 2014 

In preparation for adding support for the new af_unix abstract socket
log messages, the following patch series addresses some currently
existing bugs in libapprmor's aalogparse functionality.

I have an un-included patch that adjusts the SO version, but want
to wait to get closer to a release before submitting/applying it,
so that we don't gratuitously change the version numbers.

Discovering log messages that libapparmor does not parse was done via
the included python script. I intend to submit it for inclusion, but I
need to modify it to return an error code if it finds messages it can't
parse, to allow it to be used as one of the last steps of test runs.
It's also unclear to me where in the source tree to make it available,
since it's clearly a developer oriented tool. Suggestions welcome.

#!/usr/bin/env python
# ----------------------------------------------------------------------
#    Copyright (C) 2014 Canonical, Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License as published by the Free Software Foundation.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
# ----------------------------------------------------------------------

import fileinput
import os
import re
import sys

import LibAppArmor as libapparmor
from argparse import ArgumentParser  # requires python 2.7 or newer

def decode_line(mesg):
    # print(mesg)
    event = libapparmor.parse_record(mesg)
    if event.event == libapparmor.AA_RECORD_INVALID:
        print(mesg)
    libapparmor.free_record(event)

def parse_file(log):

    aare = re.compile('apparmor=')

    if not os.path.exists(log):
        print('ERROR: unable to open \'%s\', skipping.' % log)
        return

    with fileinput.input(files=[log], bufsize=(128 * 1024)) as f:
        for line in f:
            line = line.strip()
            result = aare.search(line)
            if result is None:
                continue

            if sys.version_info < (3, 0):
                # parse_record fails with u'foo' style strings hence
                # typecasting to string
                line = str(line)
            decode_line(line)

def main():
    p = ArgumentParser()
    p.add_argument('logfile', nargs='*', help='logfiles to parse with libapparmor')
    config = p.parse_args()

    for f in config.logfile:
        parse_file(f)

if __name__ == '__main__':
    main()

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/

More information about the AppArmor mailing list