responding to @intrigeri (sorry this got lost some how).
tldr: yes we are basically on the same page.
AppArmor does not fit into the 1400 range formats, every one of our
messages have some custom fields. Some of them could be
reformated/reworked to share more, but we would still need custom
As far as I know, no one has made an effort to try to improve the
situation lately. There's some discussion at
https://lists.ubuntu.com/archives/apparmor/2024-February/013091.html
that may be enlightening, if not encouraging.
Thanks
--
You received this bug notification because you are a member
Any news on this? It has been open for over ten years now. AppArmor is
on by default on Ubuntu, and if auditd is used, then the events are
logged using it. Isn't it a security bug if the events don't show up
when queried using ausearch?
--
You received this bug notification because you are a
** Tags added: cscc
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1117804
Title:
ausearch doesn't show AppArmor denial messages
Status in AppArmor:
Confirmed
Status in audit package
Meta: I've re-read the discussion from December 2017. If there were
messages later than this on the thread, I missed them due to suboptimal
mailing list archive presentation. Sorry if this leads me to wrong
conclusions!
I lack the skills to do the actual work I think should be done. The only
way
There was an attempt to revive this Dec. 6, 2017
https://lists.ubuntu.com/archives/apparmor/2017-December/011370.html
upstream there is belief in using a generic audit message types. The
problem is that apparmor, selinux and smack messages differ, so they
aren't so common.
This is going to have
IMHO we have to ask John Johansen about this, he's working on kernel
side.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1117804
Title:
ausearch doesn't show AppArmor denial messages
FTR this was raised as a potential blocker for enabling AppArmor by
default on Debian: https://bugs.debian.org/872726. I'm going to
investigate why this is a blocker there.
tl;dr: as the audit maintainers said in 2014
(https://www.redhat.com/archives/linux-audit/2014-May/msg00119.html) and
2016
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1117804
Title:
ausearch doesn't show AppArmor denial messages
9 matches
Mail list logo
