mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libaalogparse: fix for new kernel dmesg format

Browse source 
Merge from trunk revision 2647

The upstream kernel at some point between the 3.13 and 3.16 kernel
adjusted the output of audit messages to include an additional "audit:"
keyword. e.g. a 3.13 message would look like:

  kernel: [182243.243324] type=1400 audit(1409684003.960:273342): [SNIP]

whereas in 3.16, it looks like:

  kernel: [182243.243324] audit: type=1400 audit(1409684003.960:273342): [SNIP]
                          ^^^^^^

This patch adjust the libapparmor aalogparse grammar and lexer to
compensate for this change.

Nominated-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Steve Beattie 2014-12-12 17:03:07 -08:00
parent a21d7df05b
commit b0273a9289
5 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libraries/libapparmor/src/grammar.y
View file

@ -182,6 +182,8 @@ syslog_type:
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP key_type audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
;
/* when audit dispatches a message it doesn't prepend the audit type string */

1
libraries/libapparmor/src/scanner.l
View file

@ -176,6 +176,7 @@ yy_flex_debug = 0;
<audit_id>{
{digits} { yylval->t_str = strdup(yytext); return(TOK_AUDIT_DIGITS);}
{colon}{ws} { yy_pop_state(yyscanner); return(TOK_COLON); }
{colon} { return(TOK_COLON); }
{period} { return(TOK_PERIOD); }
{open_paren} { return(TOK_OPEN_PAREN); }

0
libraries/libapparmor/testsuite/test_multi/syslog_audit_01.err Normal file
View file

1
libraries/libapparmor/testsuite/test_multi/syslog_audit_01.in Normal file
View file

@ -0,0 +1 @@
Sep 2 11:53:23 utopic-amd64 kernel: [182243.243324] audit: type=1400 audit(1409684003.960:273342): apparmor="DENIED" operation="mkdir" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/mkdir" name="/tmp/sdtest.7283-14445-r31VAP/tmpdir/" pid=7314 comm="mkdir" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

15
libraries/libapparmor/testsuite/test_multi/syslog_audit_01.out Normal file
View file

@ -0,0 +1,15 @@
START
File: test_multi/syslog_audit_01.in
Event type: AA_RECORD_DENIED
Audit ID: 1409684003.960:273342
Operation: mkdir
Mask: c
Denied Mask: c
fsuid: 0
ouid: 0
Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/mkdir
Name: /tmp/sdtest.7283-14445-r31VAP/tmpdir/
Command: mkdir
PID: 7314
Epoch: 1409684003
Audit subid: 273342