** Branch linked: lp:ubuntu/karmic/apparmor
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Branch linked: lp:~ubuntu-branches/ubuntu/intrepid/apparmor/intrepid-
proposed
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
** Changed in: apparmor (openSUSE)
Status: In Progress = Fix Released
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
Copied to intrepid-updates.
** Changed in: apparmor (Ubuntu Intrepid)
Status: Fix Committed = Fix Released
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
** Changed in: apparmor (openSUSE)
Status: Confirmed = In Progress
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Test case for aa-logprof works properly after the update.
/etc/resolvconf/run/resolv.conf issue is also resolved.
TEST CASE for resolvconf:
$ sudo apt-get install resolvconf clamav-daemon
$ sudo /etc/init.d/clamav-daemon stop
$ sudo /etc/init.d/clamav-daemon start
$ tail /var/log/kern.log
Regression possibilities: given that in the default configuration (audit
messages going to syslog rather than auditd), none of the messages are
parsed properly by the library and thus are not being handed off to the
tools, rendering them useless for updating profiles; it would be hard to
regress
** Tags added: verification-done
** Tags removed: verification-needed
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
I'm sorry, the clamav-daemon test case is invalid as the version in
intrepid does not contain the nameservice line in
/etc/apparmor.d/usr.sbin/clamd (I had a modified clamd profile installed
that included the line). clamav-freshclam does have the nameservice line
however. Here is the correct test
** Bug watch added: Novell/SUSE Bugzilla #304491
https://bugzilla.novell.com/show_bug.cgi?id=304491
** Also affects: apparmor (openSUSE) via
https://bugzilla.novell.com/show_bug.cgi?id=304491
Importance: Unknown
Status: Unknown
--
aa-logprof generates faulty output messages
Attached is the patch that we'll likely go with upstream. Thanks.
** Attachment added: apparmor-lp271252.patch
http://launchpadlibrarian.net/19344493/apparmor-lp271252.patch
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug
Novell bugzilla #304491 is about the original addition of support for
parsing syslog messages (opensuse includes auditd by default, so
supporting syslogd was a lower priority initially); newly filed Novell
bugzilla #441381 is the correct one to reference here.
** Changed in: apparmor (openSUSE)
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
Status: Confirmed = Triaged
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: apparmor (openSUSE)
Status: Unknown = Confirmed
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
SRU Request to fix bug 271252 and bug 292580
Impact: aa-logprof is completely unusable on intrepid, due to changes
with kernel 2.6.27. Also, users of resolvconf will have problems with
applications that are protected by apparmor and doing name service
lookups.
See
Jamie, this package seems to indeed be accepted into jaunty, so surely
'fix released' is the correct state for that task?
** Changed in: apparmor (Ubuntu)
Status: Fix Committed = Fix Released
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You
** Changed in: apparmor (Ubuntu)
Status: Fix Released = Fix Committed
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
This bug was fixed in the package apparmor - 2.3+1289-0ubuntu5
---
apparmor (2.3+1289-0ubuntu5) jaunty; urgency=low
* abstractions/nameservice: allow read access to
/etc/resolvconf/run/resolv.conf (LP: #286080)
* adjust src/grammar.y and src/scanner.l to account for the moved
Accepted into intrepid-proposed, please test and give feedback here.
Please see https://wiki.ubuntu.com/Testing/EnableProposed for
documentation how to enable and use -proposed. Thank you in advance!
** Tags added: verification-needed
--
aa-logprof generates faulty output messages
Applied patch.
I had to add /var/log/kernel to logprof.conf, otherwise it seems to work ok
when it comes to parsing the messages.
# aa-logprof -f /var/log/kernel.0
Reading log entries from /var/log/kernel.0.
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:
Profile:
I think this patch might fix the problem. The format of audit messages
that are redirected to syslog because auditd isn't running changed
between Hardy and Intrepid and now have the type= field before the
audit tag like--
Nov 1 22:24:43 box kernel: [ 158.113592] type=1503
Jesse: I think they're two distinct issues, but both should be fixed.
WRT the passthrough issue, I think just dropping not understood characters
is okay; it already tries to do that, though in other situations it moves
to the 'unknown_message' state and tries to save the rest of the message
in the
I believe the root cause of this problem is that the lex grammar in
libapparmor used for parsing log messages is not robust enough.
I spent a bit of time instrumenting logprof and found that the garbage
characters are printed in the middle of when it calls
LibAppArmor::parse_record. This
It looks like the format for audit messages that show up in
/var/log/messages when auditd is not running changed between Hardy and
Intrepid.
The type= part of the message was after the
audit(NN.NNN:NN): part in Hardy, but before it in Intrepid and
that's likely causing the log parsing
I see similar problems on Intrepid. aa-logprof outputs lots of garbage (and
also seems to miss some real apparmor messages).
IMHO fixing this bug should have higher priority, apparmor is a
security-related program and used to work fine in Hardy.
--
aa-logprof generates faulty output messages
I can also confirm this problem and I'm setting status to confirmed.
I've had to disable many of my custom profiles due to changes in Ubuntu
8.10 and the increased difficulty in debugging and correcting the
problems.
** Changed in: apparmor (Ubuntu)
Status: New = Confirmed
--
aa-logprof
I run aa-logprof today and got the same error. I will also provide
/var/log/messages as an attachment
[EMAIL PROTECTED]:~$ sudo aa-logprof
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Can confirm this problem. I can't run aa-logprof from Intreprid beta
[EMAIL PROTECTED]:~$ sudo aa-logprof
[sudo] password for jory01:
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
That's awful. Can you please attach /var/log/messages to help us
diagnose the problem. Thanks!
--
aa-logprof generates faulty output messages
https://bugs.launchpad.net/bugs/271252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
The latest audit messages are actually not present in /var/log/messages or
/var/log/daemon.
They do however show up when running dmesg.
[EMAIL PROTECTED]:~# grep audit /var/log/messages /var/log/daemon.log| wc -l
0
[EMAIL PROTECTED]:~# dmesg|grep audit| wc -l
646
[EMAIL PROTECTED]:~# dmesg|grep
30 matches
Mail list logo