mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-12 15:26:44 +01:00
parent
3f98e86e24
commit
14a5d8deae
3 changed files with 28 additions and 1 deletions
|
@ -138,7 +138,12 @@ func New(file io.Reader, profile string) AppArmorLogs {
|
||||||
|
|
||||||
aa := make(AppArmorLog)
|
aa := make(AppArmorLog)
|
||||||
for _, item := range tmp {
|
for _, item := range tmp {
|
||||||
kv := strings.Split(item, "=")
|
kv := strings.FieldsFunc(item, func(r rune) bool {
|
||||||
|
if r == '"' {
|
||||||
|
quoted = !quoted
|
||||||
|
}
|
||||||
|
return !quoted && r == '='
|
||||||
|
})
|
||||||
if len(kv) >= 2 {
|
if len(kv) >= 2 {
|
||||||
key, value := kv[0], kv[1]
|
key, value := kv[0], kv[1]
|
||||||
if slices.Contains(toClean, key) {
|
if slices.Contains(toClean, key) {
|
||||||
|
|
|
@ -267,6 +267,27 @@ func TestNew(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "startplasma",
|
||||||
|
path: filepath.Join(testdata, "audit.log"),
|
||||||
|
want: AppArmorLogs{
|
||||||
|
{
|
||||||
|
"apparmor": "ALLOWED",
|
||||||
|
"operation": "link",
|
||||||
|
"class": "file",
|
||||||
|
"profile": "startplasma",
|
||||||
|
"name": "@{user_cache_dirs}/ksycoca5_de_LQ6f0J2qZg4vOKgw2NbXuW7iuVU=.isNSBz",
|
||||||
|
"target": "@{user_cache_dirs}/#@{int}",
|
||||||
|
"comm": "startplasma-way",
|
||||||
|
"denied_mask": "k",
|
||||||
|
"requested_mask": "k",
|
||||||
|
"fsuid": "1000",
|
||||||
|
"ouid": "1000",
|
||||||
|
"FSUID": "user",
|
||||||
|
"OUID": "user",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
|
1
tests/testdata/logs/audit.log
vendored
1
tests/testdata/logs/audit.log
vendored
|
@ -54,4 +54,5 @@ type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="capable"
|
||||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="getattr" class="file" profile="pacman//null-/usr/share/code-features/patch.py" name="/etc/ld.so.preload" pid=18817 comm="patch.py" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
|
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="getattr" class="file" profile="pacman//null-/usr/share/code-features/patch.py" name="/etc/ld.so.preload" pid=18817 comm="patch.py" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
|
||||||
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="capable" class="cap" info="optional: no audit" error=-1 profile="pacman" comm="killall" capability=19 capname="sys_ptrace"
|
type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="capable" class="cap" info="optional: no audit" error=-1 profile="pacman" comm="killall" capability=19 capname="sys_ptrace"
|
||||||
apparmor="ALLOWED" operation="open" class="file" profile="signal-desktop" name="/sys/devices/pci0000:00/0000:00:02.0/boot_vga" comm="signal-desktop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 FSUID="user" OUID="root"
|
apparmor="ALLOWED" operation="open" class="file" profile="signal-desktop" name="/sys/devices/pci0000:00/0000:00:02.0/boot_vga" comm="signal-desktop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 FSUID="user" OUID="root"
|
||||||
|
apparmor="ALLOWED" operation="link" class="file" profile="startplasma" name="@{user_cache_dirs}/ksycoca5_de_LQ6f0J2qZg4vOKgw2NbXuW7iuVU=.isNSBz" comm="startplasma-way" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 target="@{user_cache_dirs}/#@{int}" FSUID="user" OUID="user"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue