* add Canonical to the headers of the pod files touched
* use aa_change_hat() instead of change_hat() (LP: #692216)
* use http://wiki.apparmor.net in the SEE ALSO
* use http://https://bugs.launchpad.net/apparmor/+filebug for bugs
* prefix 'aa-' in SEE ALSO section for utilities (eg, 'aa-complain'
for 'complain')
Nominated-by: Jamie Strandboge <jamie@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
rename_dest, and mkdir operations into account, as well as add
logparsing library testcases for those operations.
Bug: https://bugs.launchpad.net/apparmor/+bug/623467
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
to debug why and where a policy load failed. For now just ignore it.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
a comment and document why its there and what to do with it once the
old entry types are cleaned up.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
capname fields in LSM_AUDIT records; For now just use capname and
silently drop capability when it is found.
Nominated-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Update log parser grammar to handle new LSM-audit log messages.
Add testcases for new LSM-audit log messages.
Nominated-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Kees Cook <kees@ubuntu.com>
These replacement routines allow an application to avoid the probing
behavior of earlier version of change_hat. Allowing them to be faster
and have better learning characteristics.
Acked-By: Steve Beattie <steve@ubuntu.com>
Ref: https://bugs.launchpad.net/bugs/431929
Parse log entries containing an ouid.
(I added a testcase to Marc's fix.)
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
The format of audit messages that are redirected to syslog because
auditd isn't running changed between Hardy and Intrepid and now have
the type=NNNN field before the audit tag like--
Nov 1 22:24:43 box kernel: [ 158.113592] type=1503
audit(1225603483.635:5): operation="inode_permission" requested_mask="r::"
denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034
profile="/usr/sbin/cupsd"
I believe this patch will address the moved type=NNNN field as well as
capturing non-matching logfile input instead of printing it to stdout.
Patch modified by Steve Beattie <sbeattie@ubuntu.com> to take into
account a couple of different situations.
https://bugs.launchpad.net/bugs/271252https://bugzilla.novell.com/show_bug.cgi?id=441381
