Hello, $subject.
That's not nice, but still better than a crash ;-) References: https://bugs.launchpad.net/apparmor/+bug/1466812/ I propose this patch for trunk and 2.9 BTW: when I test the log entry Oct 22 15:57:38 NR021AA kernel: [ 69.827705] audit: type=1400 audit(1445522258.769:1054): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2407 comm="nm-dhcp-client." lport=10580 family="inet6" sock_type="dgram" protocol=17 with test_multi.multi, it tells me Event type: AA_RECORD_INVALID Is that really the expected result? [ 04-logparser-file_inherit.diff ] === modified file 'utils/apparmor/logparser.py' --- utils/apparmor/logparser.py 2015-10-03 18:18:54 +0000 +++ utils/apparmor/logparser.py 2015-10-23 09:41:49 +0000 @@ -282,8 +286,9 @@ 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link', 'sysctl', 'getattr', 'setattr', 'xattr'] ): - # for some reason, we get file_perm log events without request_mask, see https://bugs.launchpad.net/apparmor/+bug/1466812/ - if e['operation'] == 'file_perm' and e['request_mask'] is None: + # for some reason, we get file_perm and file_inherit log events without request_mask, see + # https://bugs.launchpad.net/apparmor/+bug/1466812/ and https://bugs.launchpad.net/apparmor/+bug/1509030 + if e['operation'] in ['file_perm', 'file_inherit'] and e['request_mask'] is None: self.debug_logger.debug('UNHANDLED (missing request_mask): %s' % e) return None Regards, Christian Boltz -- In /etc steht, was Du denkst. In /proc steht, was das OS denkt. [Thomas Blum in doc] -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
