touch-packages team mailing list archive

[Christian Boltz <1432350@xxxxxxxxxxxxxxxxxx>]

That sounds like bug 1399027.

The libapparmor part is fixed in 2.9.1, the python side is only fixed in
bzr (will be in 2.9.2). The openSUSE 13.2 update package and Factory
already have the patch added to the package.

I'll let this bug open for Ubuntu - providing updated packages would
make sense ;-)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1432350

Title:
  aa-logprof and aa-genprof work only with audit.log not syslog

Status in apparmor package in Ubuntu:
  New

Bug description:
  Ubuntu 14.10

  apparmor 2.8.98-0ubuntu2

  Analyzing the logs with aa-logprof works when the logs are written by
  audid:

  # aa-logprof -f /var/log/audit/audit.log 
  Reading log entries from /var/log/audit/audit.log.
  Updating AppArmor profiles in /etc/apparmor.d.
  Complain-mode changes:
  WARN: unknown capability: CAP_setgid

  Profile:    /usr/sbin/havp
  Capability: setgid
  Severity:   unknown

   [1 - #include <abstractions/dovecot-common>]
    2 - #include <abstractions/postfix-common> 
    3 - capability setgid 
  [(A)llow] / (D)eny / (I)gnore / Audi(t) / Abo(r)t / (F)inish

  
  It does not work when the logs are written to /var/log/syslog
  root@apparmor:~# aa-logprof 
  Reading log entries from /var/log/syslog.
  Updating AppArmor profiles in /etc/apparmor.d.

  One contained message:
  Mar 15 13:20:07 test kernel: [ 3349.757377] audit: type=1400 audit(1426422007.555:122): apparmor="DENIED" operation="unlink" profile="/usr/sbin/havp" name="/run/havp/havp.pid" pid=10888 comm="havp" requested_mask="d" denied_mask="d" fsuid=109 ouid=109

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1432350/+subscriptions