[apparmor] [patch] fix logparser.py to support changes syslog format
Christian Boltz
apparmor at cboltz.de
Sat Jan 17 10:05:59 UTC 2015
Hello,
Am Freitag, 16. Januar 2015 schrieb Seth Arnold:
> On Fri, Jan 16, 2015 at 10:40:39PM +0100, Christian Boltz wrote:
> > this patch updates logparser.py to support the changed syslog format
> > by adding (audit:\s+)? to RE_LOG_v2_6_syslog.
> >
> > References: https://bugs.launchpad.net/apparmor/+bug/1399027
>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks, commited to trunk.
I forgot to ask - I propose this patch also for the 2.9 branch. Any
objections?
> > [ logparser-lp1399027.diff ]
> >
> > === modified file 'utils/apparmor/logparser.py'
> > --- utils/apparmor/logparser.py 2014-08-20 22:55:44 +0000
> > +++ utils/apparmor/logparser.py 2015-01-16 21:24:45 +0000
> > @@ -25,7 +25,7 @@
> >
> > _ = init_translation()
> >
> > class ReadLog:
> > - RE_LOG_v2_6_syslog =
> > re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?type=\d+\s+audit\([\d\.\:]
> > +\):\s+apparmor=') + RE_LOG_v2_6_syslog =
> > re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?(audit:\s+)?type=\d+\s+aud
> > it\([\d\.\:]+\):\s+apparmor=')>
> > RE_LOG_v2_6_audit =
> > re.compile('type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor='
> > ) # Used by netdomain to identify the operation types
> > # New socket names
Regards,
Christian Boltz
--
Und früher waren die Winter nicht so kalt wie heute. Der 10er-Turm im
Schwimmbad war viel niedriger. Aber ich hatte nachts oft Rückenschmerzen
vom vielen Geldsäcke-aus-dem-Fenster-werfen. Gute alte Zeit.
[Ratti in suse-linux]
More information about the AppArmor
mailing list