mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
8e74855531
audit.log entries for mount events don't always include `class=mount`, but can still be the base for mount rules. Change logparser.py to also consider `operation=mount` as a mount event. Actually we already had such a log and profile in our collection (testcase_mount_01), but since it existed years before MountRule was implemented, it was excluded in test-libapparmor-test_multi.py. Therefore we didn't notice that it failed to produce a profile rule when MountRule was introduced. Remove testcase_mount_01 from the list of known failures so that it gets tested - and fix the syntax error in the hand-written testcase_mount_01.profile. Also add testcase_mount_02 which is a mount event without fstype, srcname and class. I propose this fix for 4.0 and master. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1229 Approved-by: Georgia Garcia <georgia.garcia@canonical.com> Merged-by: Georgia Garcia <georgia.garcia@canonical.com> (cherry picked from commit |
||
|---|---|---|
| .. | ||
| config | ||
| lib | ||
| libaalogparse.test | ||
| test_multi | ||
| Makefile.am | ||
| test_multi.c | ||