Well, maybe things are even more interesting: - the log message doesn't specify the len, so a socket name ending with \0 _will_ cause trouble - for some reason, the log line above gets parsed as AA_RECORD_INVALID:
START File: testcase_syslog_unix_01.in Event type: AA_RECORD_INVALID Audit ID: 1450687759.549:3582 Operation: connect Mask: send receive connect Denied Mask: send connect Profile: /usr/sbin/cupsd Command: cupsd PID: 6049 Network family: unix Socket type: stream Protocol: ip Epoch: 1450687759 Audit subid: 3582 - the peer address isn't included in the parsed log - but that might be a side effect and/or reason for AA_RECORD_INVALID -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528778/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
