Hello, Am Sonntag, 31. Juli 2016, 20:11:44 CEST schrieb Kshitij Gupta: > On Sun, Jul 31, 2016 at 5:37 PM, Christian Boltz wrote:
> > I just found out that I did it a bit too quick - I did run the > > testsuite after changing logparser.py, but didn't re-run it after > > adding testcase_network_send_receive.* to the test_multi testsuite > > - and this test causes a test failure in > > utils/test/test-libapparmor-test_multi.py because network family, > > protocol and sock_type aren't set for events that look like a file > > event. > > > > The patch below fixes this (and is a baby step towards guessing the > > event type based on the event content instead of operation=...) > > > > > > [patch] logparser: store network-related params if an event looks > > like network > > > > Network events can come with an operation= that looks like a file > > event. Nevertheless, if the event has a typical network parameter > > (like net_protocol) set, make sure to store the network-related > > flags in ev. > > > > This fixes the test failure introduced in my last commit. > > > > > > I propose this patch for trunk, 2.10 and 2.9. > > > > > > [ 01-logparser-more-network.diff ] > > > > === modified file 'utils/apparmor/logparser.py' > > --- utils/apparmor/logparser.py 2016-07-29 22:41:43 +0000 > > +++ utils/apparmor/logparser.py 2016-07-31 11:46:07 +0000 > > @@ -133,7 +133,7 @@ > > > > ev['denied_mask'] = event.denied_mask > > ev['request_mask'] = event.requested_mask > > ev['magic_token'] = event.magic_token > > > > - if ev['operation'] and self.op_type(ev['operation']) == > > 'net': > > + if ev['operation'] and self.op_type(ev['operation']) == 'net' or > > event.net_protocol: > Maybe swap around the or operator and maybe sprinkle in a pinch of > parentheses[1]. Indeed, parenthesis sound like a good idea. It should be: + if ev['operation'] and (self.op_type(ev['operation']) == 'net' or event.net_protocol): I'll add them before commiting. (I doubt we'll get an event with net_protocol, but without operation, but better safe than sorry ;-) > LGTM. > > Acked-by: Kshitij Gupta <[email protected]> Thanks for the review! Regards, Christian Boltz -- No, you are wrong here. Typical user does not even know how to start command line, and of course is not aware of "zypper" or how to understand "zypper ps" output. Subscribers to -devel lists are in no way typical users. [Andrey Borzenkov in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
