>> 2.3+1289-0ubuntu4.11.7.4-1 | 1.7.4-1 | yes | > Can you tell me where the above apparmor version came > from? I don't see it on the list of published packages at > https://launchpad.net/ubuntu/+source/apparmor .
Err.. it's my fault, should've been 2.3+1289-0ubuntu4.1, 1.7.4-1 came from the auditd version. > Can you make sure you're updating libapparmor1 at the same time? Here's the dpkg -l output ds...@xerxes:~$ dpkg -l "*apparmor*" auditd libaudit0 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-=================================-=================================-================================================================================== ii apparmor 2.3+1289-0ubuntu4.2~ppa1 User-space parser utility for AppArmor un apparmor-docs <none> (no description available) un apparmor-parser <none> (no description available) un apparmor-profiles <none> (no description available) ii apparmor-utils 2.3+1289-0ubuntu4.2~ppa1 Utilities for controlling AppArmor rc auditd 1.7.4-1 User space tools for security auditing ii libapparmor-perl 2.3+1289-0ubuntu4.2~ppa1 AppArmor library Perl bindings ii libapparmor1 2.3+1289-0ubuntu4.2~ppa1 changehat AppArmor library rc libaudit0 1.7.4-1 Dynamic library for security auditing ds...@xerxes:~$ > You should see something like > Mar 14 11:13:56 jj-amd64 ubuntu: GenProf: > 4995bc33fda53c4f5f9b324c2ccff407 > in /var/log/messages, at least when auditd is not running. Yes, I can see it now. See the attached 2.3+1289-0ubuntu4.2~ppa1_var_log_messages.txt file with events from /var/log/messages. > Ah, I see one additional problem, if /var/log/audit/audit.log exists, > even if auditd is not running, genprof won't write the marker. And > of course, /var/log/audit/audit.log is not removed when the auditd > package is uninstalled. Hrm. The precedence is defined in /etc/apparmor/logprof.conf, right? Anyway, after removing the /var/log/audit/audit.log it still doesn't work, sorry to say it but seems like nothing has changed. Can you attach a sample of /var/log/messages where it does work? Perhaps there's still something different elsewhere? ** Attachment added: "2.3+1289-0ubuntu4.2~ppa1_var_log_messages.txt" http://launchpadlibrarian.net/23865926/2.3%2B1289-0ubuntu4.2%7Eppa1_var_log_messages.txt -- aa-genprof creates empty profiles from /var/log/messages entries (works fine with auditd) https://bugs.launchpad.net/bugs/340183 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
