On Sat, Nov 19, 2016 at 12:34:29AM +0100, Christian Boltz wrote: > > > 'net' or event.net_protocol): - ev['family'] = > > > event.net_family > > > - ev['protocol'] = event.net_protocol > > > - ev['sock_type'] = event.net_sock_type > > > + ev['family'] = event.net_family > > > + ev['protocol'] = event.net_protocol > > > + ev['sock_type'] = event.net_sock_type > > > > I haven't yet checked to see if we guarantee that these are > > intiialized regardless of type. If you've already checked a reference > > would help :) > > According to my tests (and test-libapparmor-test_multi.py ;-) which > also tests the log to profile "translations") libapparmor seems to always > set them to None (except for network events, where they obviously > contain more useful values). > > Also, logparser.py only uses those values when they make sense for the > event type. For most event types, they get stored and ignored. > > Note that I did not check the libapparmor code or the swig bindings ;-)
Okay, I did check the library sources (src/grammar.y calls _init_log_record() which performs a memset() on the object) and I'm now content with these changes. Acked-by: Seth Arnold <[email protected]> > Because they are not related to file or network events ;-) and I don't > (yet?) see a need to always have them available. > > > Actually this patch is part one. The second part will bring some changes > that are still small enough to be nearly risk-free, and that will finally > fix some bugs (currently, we simply ignore the affected log events - > better than a crash, but it still results in an incomplete profile). > > I can foresee some more rewrites and cleanups in logparser.py - but > let's first get 2.11 out, and do the big (and possibly risky) changes > afterwards ;-) Sounds like a good plan. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
