This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.2
---------------
apparmor (2.8.95~2430-0ubuntu5.2) trusty-proposed; urgency=medium
* debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
abstraction access to Zend opcache files (LP: #1401084)
* debian/patches/dnsmasq-lxc_networking-lp1403468.patch: update
profile for lxc support (LP: #1403468)
* debian/patches/profiles-texlive_font_generation-lp1010909.patch:
allow generation of texlive fonts by sanitized-helpers
(LP: #1010909)
* debian/apport/source_apparmor.py: fix the apparmor apport hook
so it does not raise an exception if a non-unicode character is
found in /var/log/kern.log or in /var/log/syslog. This should
work under python3 or python2.7 (LP: #1304447)
* debian/patches/profiles-dovecot-updates-lp1296667.patch: update
dovecot profiles to address several missing permissions.
(LP: #1296667)
* debian/patches/profiles-adjust_X_for_lightdm-lp1339727.patch:
adjust X abstraction for LightDM xauthority location (LP: #1339727)
* debian/patches/libapparmor-fix_memory_leaks-lp1340927.patch; fix
memory leaks in log parsing component of libapparmor (LP: #1340927)
* debian/patches/libapparmor-another_audit_format-lp1399027.patch:
add support for another log format style (LP: #1399027)
* debian/patches/tests-workaround_for_unix_socket_change-lp1425398.patch:
work around apparmor kernel behavioral change in regression tests
(LP: #1425398)
* debian/control: add breaks on python3-apparmor against older
apparmor-utils that used to be where python bits lived
(LP: #1373259)
* debian/patches/utils-update_to_2.9.2.patch: update the python
utilities to the upstream 2.9.2 (LP: #1449769, incorporating a
large number of fixes and improvements, including:
- fix aa-genprof traceback with apparmor 2.8.95 (LP: #1294797)
- fix aa-genprof crashing when selecting scan on Ubuntu 14.04 server
(LP: #1319829)
- make aa-logprof read profile instead of program binary
(LP: #1317176, LP: #1324154)
- aa-complain: don't traceback when marking multiple profiles
(LP: #1378095)
- make python tools able to parse mounts with UTF-8 non-ascii
characters (LP: #1310598)
-- Steve Beattie <[email protected]> Thu, 30 Apr 2015 12:18:08 -0700
** Tags added: aa-tools trusty utopic
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Importance: Undecided => High
** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1399027
Title:
logparser doesn't understand /var/log/messages format
Status in AppArmor:
Fix Released
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
[impact]
This bug causes tools that use libapparmor to parse syslog and other
logs for apparmor rejections to fail to recognize apparmor events.
[steps to reproduce]
[regression potential]
The patch for this issue is confined to the log parsing portion of
the libapparmor library. Breakages occurring here would most likely
prevent tools that help assist the management of apparmor policy
from working; apparmor mediation would not be impacted. libapparmor
does provide other functionality, mostly around the aa_change_hat(3)
and aa_change_profile(3) calls; an entirely broken library could cause
issues for applications that make use of these from working correctly;
however, there are tests available in the upstream package that get
invoked by the lp:qa-regression-testing test-apparmor.py script that
ensure these continue to function.
[original description]
log parsing (part of libapparmor, used by aa-logprof and aa-genprof) doesn't
understand the format in /var/log/messages, which means it doesn't find any
events in it.
IIRC I've seen a similar report for the ubuntu syslog format on IRC.
Example log line from openSUSE:
2014-06-09T20:37:28.975070+02:00 geeko kernel: [21028.143765]
type=1400 audit(1402339048.973:1421): apparmor="ALLOWED"
operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello"
name="/dev/tty" pid=14335 comm="hello" requested_mask="rw"
denied_mask="rw" fsuid=1000 ouid=0
(Workaround: use auditd / audit.log)
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1399027/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
