Hello, most probably-file log events can also be network events. Therefore check for request_mask in all events, not only file_perm, file_inherit and (from the latest bugreport) file_receive.
References: https://bugs.launchpad.net/apparmor/+bug/1540562 I propose this patch for trunk, 2.10 and 2.9. [ 68-logparser-check-sanity-of-all-file-events.diff ] --- utils/apparmor/logparser.py 2016-02-01 21:31:56.439302830 +0100 +++ utils/apparmor/logparser.py 2016-02-01 22:38:40.519637878 +0100 @@ -300,10 +300,10 @@ 'rename_dest', 'unlink', 'rmdir', 'symlink_create', 'link', 'sysctl', 'getattr', 'setattr', 'xattr'] ): - # for some reason, we get file_perm and file_inherit log events without request_mask, see - # https://bugs.launchpad.net/apparmor/+bug/1466812/ and https://bugs.launchpad.net/apparmor/+bug/1509030 + # for some kernel-side reason, we get file-related log events without request_mask, see + # https://bugs.launchpad.net/apparmor/+bug/1466812/, https://bugs.launchpad.net/apparmor/+bug/1509030 and https://bugs.launchpad.net/apparmor/+bug/1540562 # request_mask can also be '', see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1525119 - if e['operation'] in ['file_perm', 'file_inherit'] and not e['request_mask']: + if not e['request_mask']: self.debug_logger.debug('UNHANDLED (missing request_mask): %s' % e) return None Regards, Christian Boltz -- Linux - und dein PC macht nie wieder blau.
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
