mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
8e74855531
audit.log entries for mount events don't always include `class=mount`, but can still be the base for mount rules. Change logparser.py to also consider `operation=mount` as a mount event. Actually we already had such a log and profile in our collection (testcase_mount_01), but since it existed years before MountRule was implemented, it was excluded in test-libapparmor-test_multi.py. Therefore we didn't notice that it failed to produce a profile rule when MountRule was introduced. Remove testcase_mount_01 from the list of known failures so that it gets tested - and fix the syntax error in the hand-written testcase_mount_01.profile. Also add testcase_mount_02 which is a mount event without fstype, srcname and class. I propose this fix for 4.0 and master. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1229 Approved-by: Georgia Garcia <georgia.garcia@canonical.com> Merged-by: Georgia Garcia <georgia.garcia@canonical.com> (cherry picked from commit |
||
|---|---|---|
| .. | ||
| doc | ||
| include | ||
| m4 | ||
| src | ||
| swig | ||
| testsuite | ||
| AUTHORS | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING.LGPL | ||
| INSTALL | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
What little documentation exists is in include/aalogparse.h. Please file bugs using https://gitlab.com/apparmor/apparmor/-/issues