Re: [Bug 340183] Re: aa-genprof creates empty profiles from /var/log/messages entries (works fine with auditd)

Sat, 14 Mar 2009 13:55:48 -0700 

On Sat, Mar 14, 2009 at 01:37:02PM -0000, Dariusz Suchojad wrote:
>         apparmor                                |    auditd    |   OK?    |
> ---------------------------------------------------------------------------
> 2.3+1289-0ubuntu4.11.7.4-1                      |    n/a       |   no     |
> 2.3+1289-0ubuntu4.11.7.4-1                      |    1.7.4-1   |   yes    |

Can you tell me where the above apparmor version came
from? I don't see it on the list of published packages at
https://launchpad.net/ubuntu/+source/apparmor .

> 2.3+1289-0ubuntu4.2~ppa1                        |    n/a       |   no     |
> 2.3+1289-0ubuntu4.2~ppa1                        |    1.7.4-1   |   yes    |
> 2.3+1289-0ubuntu4.2~ppa1 (-f /var/log/messages) |    n/a       |   no     |

Can you make sure you're updating libapparmor1 at the same time? As
that's where I believe the issue is located. IIRC, the packaging is set
up so that there is not a tight version dependency between the various
packages, and so upgrading the apparmor package won't pull in the
libapparmor1 update by default.

('dpkg -l "*apparmor*" auditd libaudit0' will report versions for all
the apparmor and audit packages installed.)

> What I don't understand is why aa-genprof doesn't mark the logs with a 
> beginning
> marker to know where to start reading messages from? I.e. the first line in 
> logs
> after starting aa-genprof is 
> 
> Mar 14 14:19:03 xerxes kernel: [ 2827.572460] type=1505
> audit(1237036743.070:36316): operation="profile_load"
> name="/home/dsuch/bin/ea.sh" name2="default" pid=11641
> 
> Shouldn't there always be a GenProf marker first?

You should see something like

  Mar 14 11:13:56 jj-amd64 ubuntu: GenProf:
4995bc33fda53c4f5f9b324c2ccff407

in /var/log/messages, at least when auditd is not running.

Ah, I see one additional problem, if /var/log/audit/audit.log exists,
even if auditd is not running, genprof won't write the marker. Hrm.

-- 
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/

-- 
aa-genprof creates empty profiles from /var/log/messages entries (works fine 
with auditd)
https://bugs.launchpad.net/bugs/340183
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to