← Back to team overview

touch-packages team mailing list archive

[Bug 1528778] Re: aa-logprof doesn't support unix rules/events

 

Well, maybe things are even more interesting:
- the log message doesn't specify the len, so a socket name ending with \0 _will_ cause trouble
- for some reason, the log line above gets parsed as AA_RECORD_INVALID:

START
File: testcase_syslog_unix_01.in
Event type: AA_RECORD_INVALID
Audit ID: 1450687759.549:3582
Operation: connect
Mask: send receive connect
Denied Mask: send connect
Profile: /usr/sbin/cupsd
Command: cupsd
PID: 6049
Network family: unix
Socket type: stream
Protocol: ip
Epoch: 1450687759
Audit subid: 3582

- the peer address isn't included in the parsed log - but that might be
a side effect and/or reason for AA_RECORD_INVALID

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1528778

Title:
  aa-logprof doesn't support unix rules/events

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New

Bug description:
  aa-logprof ignores denied messages in kern.log. Logs sended to
  apparmor [at] cboltz.de.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: apparmor 2.10-0ubuntu6
  ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6
  Uname: Linux 4.2.0-21-generic x86_64
  ApportVersion: 2.19.1-0ubuntu5
  Architecture: amd64
  Date: Wed Dec 23 09:22:44 2015
  InstallationDate: Installed on 2014-04-19 (612 days ago)
  InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M
  SourcePackage: apparmor
  Syslog:
   
  UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions


References