From bf613f59a5c75793c2ca8e9098e1b0d3d6222d8e Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 19 Mar 2024 21:26:12 +0000 Subject: [PATCH] feat(profile): replace @{md5} by @{hex32}. --- apparmor.d/abstractions/audio-client | 4 ++-- apparmor.d/groups/browsers/firefox | 2 +- apparmor.d/groups/bus/dbus-system | 4 ++-- apparmor.d/groups/bus/ibus-dconf | 4 ++-- apparmor.d/groups/bus/ibus-engine-simple | 2 +- apparmor.d/groups/bus/ibus-extension-gtk3 | 2 +- apparmor.d/groups/bus/ibus-memconf | 2 +- apparmor.d/groups/bus/ibus-portal | 2 +- apparmor.d/groups/bus/ibus-x11 | 4 ++-- apparmor.d/groups/children/child-systemctl | 8 ++++---- apparmor.d/groups/gnome/gnome-control-center | 2 +- apparmor.d/groups/gnome/gnome-initial-setup | 2 +- apparmor.d/groups/gnome/gnome-shell | 4 ++-- apparmor.d/groups/gnome/gnome-terminal-server | 2 +- apparmor.d/groups/kde/drkonqi-coredump-processor | 10 +++++----- apparmor.d/groups/systemd/journalctl | 14 ++++++++------ apparmor.d/groups/systemd/networkctl | 8 ++++---- apparmor.d/groups/systemd/systemd-journald | 4 ++-- apparmor.d/groups/ubuntu/subiquity-console-conf | 8 ++++---- apparmor.d/groups/whonix/torbrowser-wrapper | 8 ++++---- apparmor.d/groups/whonix/whonix-firewall-restarter | 8 ++++---- apparmor.d/profiles-a-f/aa-log | 2 +- apparmor.d/profiles-g-l/hw-probe | 8 ++++---- pkg/logs/logs.go | 1 + 24 files changed, 59 insertions(+), 56 deletions(-) diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client index eeb05f26..443d8638 100644 --- a/apparmor.d/abstractions/audio-client +++ b/apparmor.d/abstractions/audio-client @@ -22,7 +22,7 @@ /etc/pulse/client.conf.d/{,**} r, /etc/wildmidi/wildmidi.cfg r, - owner @{desktop_cache_dirs}/event-sound-cache.tdb.@{md5}.@{multiarch} rwk, # libcanberra + owner @{desktop_cache_dirs}/event-sound-cache.tdb.@{hex32}.@{multiarch} rwk, # libcanberra owner @{desktop_config_dirs}/pulse/ rw, owner @{desktop_config_dirs}/pulse/client.conf r, owner @{desktop_config_dirs}/pulse/client.conf.d/{,*.conf} r, @@ -33,7 +33,7 @@ owner @{HOME}/.libao r, owner @{HOME}/.esd_auth r, - owner @{user_cache_dirs}/event-sound-cache.tdb.@{md5}.@{multiarch} rwk, # libcanberra + owner @{user_cache_dirs}/event-sound-cache.tdb.@{hex32}.@{multiarch} rwk, # libcanberra owner @{user_config_dirs}/pulse/ rw, owner @{user_config_dirs}/pulse/client.conf r, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 432a0904..9f396d83 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -130,7 +130,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kioslaverc r, diff --git a/apparmor.d/groups/bus/dbus-system b/apparmor.d/groups/bus/dbus-system index 32b56681..99d48a57 100644 --- a/apparmor.d/groups/bus/dbus-system +++ b/apparmor.d/groups/bus/dbus-system @@ -46,9 +46,9 @@ profile dbus-system flags=(attach_disconnected) { /var/lib/dbus/machine-id r, @{desktop_share_dirs}/icc/ r, - @{desktop_share_dirs}/icc/edid-@{md5}.icc r, + @{desktop_share_dirs}/icc/edid-@{hex32}.icc r, @{user_share_dirs}/icc/ r, - @{user_share_dirs}/icc/edid-@{md5}.icc r, + @{user_share_dirs}/icc/edid-@{hex32}.icc r, @{run}/systemd/users/@{int} r, @{run}/systemd/sessions/*.ref rw, diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 9d91cd39..9e069ba0 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -38,13 +38,13 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { owner @{desktop_config_dirs}/dconf/ w, owner @{desktop_config_dirs}/dconf/user rw, owner @{desktop_config_dirs}/ibus/bus/ r, - owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{desktop_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner @{DESKTOP_HOME}/greeter-dconf-defaults r, owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner /dev/tty@{int} rw, diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple index 8044a4d8..fbdcd3fa 100644 --- a/apparmor.d/groups/bus/ibus-engine-simple +++ b/apparmor.d/groups/bus/ibus-engine-simple @@ -22,7 +22,7 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) { owner @{desktop_cache_dirs}/ibus/dbus-@{rand8} rw, owner @{desktop_config_dirs}/ibus/bus/ r, - owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{desktop_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner /dev/tty@{int} rw, diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index a05e968e..e9c703d5 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -46,7 +46,7 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { owner @{GDM_HOME}/greeter-dconf-defaults r, owner @{desktop_config_dirs}/dconf/user r, owner @{desktop_config_dirs}/ibus/bus/ r, - owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{desktop_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, /dev/tty@{int} rw, diff --git a/apparmor.d/groups/bus/ibus-memconf b/apparmor.d/groups/bus/ibus-memconf index 0ca28bb0..e5f44022 100644 --- a/apparmor.d/groups/bus/ibus-memconf +++ b/apparmor.d/groups/bus/ibus-memconf @@ -21,7 +21,7 @@ profile ibus-memconf @{exec_path} { owner @{desktop_cache_dirs}/ibus/dbus-@{rand8} rw, owner @{desktop_config_dirs}/ibus/bus/ r, - owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{desktop_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, include if exists } diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index 782716a7..d7f2fc0e 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -29,7 +29,7 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, owner @{desktop_config_dirs}/ibus/bus/ r, - owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{desktop_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner /dev/tty@{int} rw, diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index c3476f6a..bae89756 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -32,12 +32,12 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, owner @{desktop_config_dirs}/ibus/bus/ r, - owner @{desktop_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{desktop_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner /dev/tty@{int} rw, diff --git a/apparmor.d/groups/children/child-systemctl b/apparmor.d/groups/children/child-systemctl index 2625d9aa..599efa9e 100644 --- a/apparmor.d/groups/children/child-systemctl +++ b/apparmor.d/groups/children/child-systemctl @@ -39,10 +39,10 @@ profile child-systemctl flags=(attach_disconnected) { /etc/systemd/user/{,**} rwl, /{run,var}/log/journal/ r, - /{run,var}/log/journal/@{md5}/ r, - /{run,var}/log/journal/@{md5}/user-@{hex}.journal* r, - /{run,var}/log/journal/@{md5}/system.journal* r, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/system.journal* r, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r, @{run}/systemd/private rw, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index da635136..6d5d0552 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -101,7 +101,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/gnome-control-center/{,**} rw, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, owner @{user_config_dirs}/rygel.conf{,.@{rand6}} rw, diff --git a/apparmor.d/groups/gnome/gnome-initial-setup b/apparmor.d/groups/gnome/gnome-initial-setup index 6c67889d..6cc32d53 100644 --- a/apparmor.d/groups/gnome/gnome-initial-setup +++ b/apparmor.d/groups/gnome/gnome-initial-setup @@ -53,7 +53,7 @@ profile gnome-initial-setup @{exec_path} { owner @{user_config_dirs}/gnome-initial-setup-done.@{rand6}BQK2 rw, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, @{run}/systemd/sessions/@{int} r, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index cdc0c609..cafad19c 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -252,7 +252,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{GDM_HOME}/greeter-dconf-defaults r, owner @{gdm_cache_dirs}/ w, - owner @{gdm_cache_dirs}/event-sound-cache.tdb.@{md5}.@{multiarch} rwk, + owner @{gdm_cache_dirs}/event-sound-cache.tdb.@{hex32}.@{multiarch} rwk, owner @{gdm_cache_dirs}/fontconfig/{,*} rwl, owner @{gdm_cache_dirs}/gstreamer-@{int}/ rw, owner @{gdm_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw, @@ -266,7 +266,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{gdm_config_dirs}/dconf/user r, owner @{gdm_config_dirs}/ibus/ rw, owner @{gdm_config_dirs}/ibus/bus/ rw, - owner @{gdm_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{gdm_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner @{gdm_config_dirs}/pulse/ rw, owner @{gdm_config_dirs}/pulse/client.conf r, owner @{gdm_config_dirs}/pulse/cookie rwk, diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 6e2cfe86..0dee00c6 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -57,7 +57,7 @@ profile gnome-terminal-server @{exec_path} { owner @{user_config_dirs}/*xdg-terminals.list* rw, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, + owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, owner /tmp/#@{int} rw, diff --git a/apparmor.d/groups/kde/drkonqi-coredump-processor b/apparmor.d/groups/kde/drkonqi-coredump-processor index 245838f7..14e74bdc 100644 --- a/apparmor.d/groups/kde/drkonqi-coredump-processor +++ b/apparmor.d/groups/kde/drkonqi-coredump-processor @@ -18,11 +18,11 @@ profile drkonqi-coredump-processor @{exec_path} { /usr/share/icu/@{int}.@{int}/*.dat r, /{run,var}/log/journal/ r, - /{run,var}/log/journal/@{md5}/ r, - /{run,var}/log/journal/@{md5}/system.journal r, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal r, - /{run,var}/log/journal/@{md5}/user-@{uid}.journal r, - /{run,var}/log/journal/@{md5}/user-@{uid}@@{hex}.journal r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/system.journal r, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal r, + /{run,var}/log/journal/@{hex32}/user-@{uid}.journal r, + /{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex}.journal r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/systemd/journalctl b/apparmor.d/groups/systemd/journalctl index bac2a1c1..e58edb01 100644 --- a/apparmor.d/groups/systemd/journalctl +++ b/apparmor.d/groups/systemd/journalctl @@ -36,12 +36,14 @@ profile journalctl @{exec_path} flags=(attach_disconnected) { /var/lib/systemd/catalog/.#database* rw, /{run,var}/log/journal/ r, - /{run,var}/log/journal/@{md5}/ r, - /{run,var}/log/journal/@{md5}/system.journal* r, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal* rw, - /{run,var}/log/journal/@{md5}/user-@{hex}.journal* rw, - owner /{run,var}/log/journal/@{md5}/fss wl -> /var/log/journal/@{md5}/fss.tmp.*, - owner /{run,var}/log/journal/@{md5}/fss.tmp.* rw, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/system.journal* r, + /{run,var}/log/journal/@{hex32}/system@@{hex32}-@{hex}-@{hex}.journal* rw, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* rw, + /{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex}-@{hex}.journal* rw, + /{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex}-@{hex}.journal* rw, + owner /{run,var}/log/journal/@{hex32}/fss wl -> /var/log/journal/@{hex32}/fss.tmp.*, + owner /{run,var}/log/journal/@{hex32}/fss.tmp.* rw, owner /var/tmp/#@{int} rw, @{run}/host/container-manager r, diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl index 7815e7f7..fa85126d 100644 --- a/apparmor.d/groups/systemd/networkctl +++ b/apparmor.d/groups/systemd/networkctl @@ -46,10 +46,10 @@ profile networkctl @{exec_path} flags=(attach_disconnected) { # To be able to read logs @{run}/log/ r, /{run,var}/log/journal/ r, - /{run,var}/log/journal/@{md5}/ r, - /{run,var}/log/journal/@{md5}/user-@{hex}.journal* r, - /{run,var}/log/journal/@{md5}/system.journal* r, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/system.journal* r, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r, @{run}/systemd/netif/leases/@{int} r, @{run}/systemd/netif/links/@{int} r, diff --git a/apparmor.d/groups/systemd/systemd-journald b/apparmor.d/groups/systemd/systemd-journald index 4aceaba7..aa7b21df 100644 --- a/apparmor.d/groups/systemd/systemd-journald +++ b/apparmor.d/groups/systemd/systemd-journald @@ -36,8 +36,8 @@ profile systemd-journald @{exec_path} { @{run}/log/ rw, /{run,var}/log/journal/ rw, - /{run,var}/log/journal/@{md5}/ rw, - /{run,var}/log/journal/@{md5}/* rwl -> /{run,var}/log/journal/@{md5}/#@{int}, + /{run,var}/log/journal/@{hex32}/ rw, + /{run,var}/log/journal/@{hex32}/* rwl -> /{run,var}/log/journal/@{hex32}/#@{int}, owner @{run}/systemd/journal/{,**} rw, owner @{run}/systemd/notify rw, diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf index 386b56bf..6e8e2921 100644 --- a/apparmor.d/groups/ubuntu/subiquity-console-conf +++ b/apparmor.d/groups/ubuntu/subiquity-console-conf @@ -99,10 +99,10 @@ profile subiquity-console-conf @{exec_path} { @{run}/log/ rw, /{run,var}/log/journal/ rw, - /{run,var}/log/journal/@{md5}/ rw, - /{run,var}/log/journal/@{md5}/system.journal* rw, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal* rw, - /{run,var}/log/journal/@{md5}/user-@{hex}.journal* rw, + /{run,var}/log/journal/@{hex32}/ rw, + /{run,var}/log/journal/@{hex32}/system.journal* rw, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* rw, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* rw, owner @{PROC}/@{pid}/stat r, diff --git a/apparmor.d/groups/whonix/torbrowser-wrapper b/apparmor.d/groups/whonix/torbrowser-wrapper index c543283a..d2280cf6 100644 --- a/apparmor.d/groups/whonix/torbrowser-wrapper +++ b/apparmor.d/groups/whonix/torbrowser-wrapper @@ -51,10 +51,10 @@ profile torbrowser-wrapper @{exec_path} { /etc/machine-id r, /{run,var}/log/journal/ r, - /{run,var}/log/journal/@{md5}/ r, - /{run,var}/log/journal/@{md5}/user-@{hex}.journal* r, - /{run,var}/log/journal/@{md5}/system.journal* r, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/system.journal* r, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r, include if exists } diff --git a/apparmor.d/groups/whonix/whonix-firewall-restarter b/apparmor.d/groups/whonix/whonix-firewall-restarter index 52281ed4..2d326107 100644 --- a/apparmor.d/groups/whonix/whonix-firewall-restarter +++ b/apparmor.d/groups/whonix/whonix-firewall-restarter @@ -32,10 +32,10 @@ profile whonix-firewall-restarter @{exec_path} { /etc/machine-id r, /{run,var}/log/journal/ r, - /{run,var}/log/journal/@{md5}/ r, - /{run,var}/log/journal/@{md5}/user-@{hex}.journal* r, - /{run,var}/log/journal/@{md5}/system.journal* r, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/system.journal* r, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r, owner /tmp/tmp.@{rand10} rw, diff --git a/apparmor.d/profiles-a-f/aa-log b/apparmor.d/profiles-a-f/aa-log index d9e38e52..c5bc84c7 100644 --- a/apparmor.d/profiles-a-f/aa-log +++ b/apparmor.d/profiles-a-f/aa-log @@ -25,7 +25,7 @@ profile aa-log @{exec_path} { /var/log/syslog* r, /{run,var}/log/journal/ r, - /{run,var}/log/journal/@{md5}/{,*} r, + /{run,var}/log/journal/@{hex32}/{,*} r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index 5d7c0186..e1c2d984 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -134,10 +134,10 @@ profile hw-probe @{exec_path} { @{run}/log/ rw, /{run,var}/log/journal/ rw, - /{run,var}/log/journal/@{md5}/ rw, - /{run,var}/log/journal/@{md5}/user-@{hex}.journal* rw, - /{run,var}/log/journal/@{md5}/system.journal* rw, - /{run,var}/log/journal/@{md5}/system@@{hex}.journal* rw, + /{run,var}/log/journal/@{hex32}/ rw, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* rw, + /{run,var}/log/journal/@{hex32}/system.journal* rw, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* rw, owner @{PROC}/@{pid}/stat r, diff --git a/pkg/logs/logs.go b/pkg/logs/logs.go index 7d488058..ce0a8143 100644 --- a/pkg/logs/logs.go +++ b/pkg/logs/logs.go @@ -65,6 +65,7 @@ var ( `:1.[0-9]*`, `:*`, // dbus peer name `@{bin}/(|ba|da)sh`, `@{sh_path}`, // collect all shell `@{lib}/modules/[^/]+\/`, `@{lib}/modules/*/`, // strip kernel version numbers from kernel module accesses + `[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]`, `@{hex32}`, `[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]`, `@{uuid}`, `[0-9][0-9][0-9][0-9][0-9][0-9]+`, `@{int}`,