On Fri, Apr 06, 2012 at 02:57:18PM -0700, John Johansen wrote: > On 04/06/2012 10:39 AM, Steve Beattie wrote: > > > > Bugs: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/800826 > > https://bugzilla.novell.com/show_bug.cgi?id=755923 > > > > This patch modifies the libapparmor log parsing code to add support > > for the additional ip address and port keywords that can occur in > > network rejection rules. The laddr and faddr keywords stand for local > > address and foreign address respectively. > > > > The regex used to match an ip address is not very strict, to hopefully > > catch the formats that the kernel emits for ipv6 addresses; however, > > because this is in a context triggered by the addr keywords, it should > > not over-eagerly consume non-ip addresses. Said addresses are returned > > as strings in the struct to be processed by the calling application. > > > > (When committing, empty .err files will need to be created as well.) > > > see the one comment below otherwise it looks good and can have my Acked-by:
> > -yy_flex_debug = 0; > > +yy_flex_debug = 1; > > %} > > > err I don't think we really want to be defaulting to flex_debug as on :) Doh, of course. I'll fix that. (Well, in truth, experimentation here seems to indicate that flex needs to be invoked with -d for this to actually do anything; I have locally build packages here with the patch as-is that do not emit debugging information to stderr, but when testing I had enabled it and got useful debugging info. Which is why it accidentally got left in.) -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
