Unfortunately, it still doesn't work with 2.3+1289-0ubuntu4.2~ppa1, even if I
explicitly tell aa-genprof to read the events from /var/log/messages (-f
switch).
Is there any way to run it in a I_MEAN_REALLY_VERBOSE_DEBUG_MODE
perhaps? :-)
I have completely removed each of the packages before testing the configurations
below, including manually rm -rf /etc/apparmor*
apparmor | auditd | OK? |
---------------------------------------------------------------------------
2.3+1289-0ubuntu4.11.7.4-1 | n/a | no |
2.3+1289-0ubuntu4.11.7.4-1 | 1.7.4-1 | yes |
2.3+1289-0ubuntu4.2~ppa1 | n/a | no |
2.3+1289-0ubuntu4.2~ppa1 | 1.7.4-1 | yes |
2.3+1289-0ubuntu4.2~ppa1 (-f /var/log/messages) | n/a | no |
What I don't understand is why aa-genprof doesn't mark the logs with a beginning
marker to know where to start reading messages from? I.e. the first line in logs
after starting aa-genprof is
Mar 14 14:19:03 xerxes kernel: [ 2827.572460] type=1505
audit(1237036743.070:36316): operation="profile_load"
name="/home/dsuch/bin/ea.sh" name2="default" pid=11641
Shouldn't there always be a GenProf marker first?
--
aa-genprof creates empty profiles from /var/log/messages entries (works fine
with auditd)
https://bugs.launchpad.net/bugs/340183
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
