Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
libapparmor1
libapparmor1-2.3-new-log-format-fix
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libapparmor1-2.3-new-log-format-fix of Package libapparmor1
From: Marc Deslauriers <marc.deslauriers@ubuntu.com> Acked-By: Steve Beattie <steve@ubuntu.com> Ref: https://bugs.launchpad.net/bugs/431929 SVN: r1444 References: bnc#546618 Parse log entries containing an ouid. (I added a testcase to Marc's fix.) --- src/aalogparse.h | 1 + src/grammar.y | 3 +++ src/libaalogparse.c | 1 + src/scanner.l | 2 ++ testsuite/test_multi.c | 4 ++++ testsuite/test_multi/testcase_ouid.in | 1 + testsuite/test_multi/testcase_ouid.out | 15 +++++++++++++++ 7 files changed, 27 insertions(+) --- a/src/aalogparse.h +++ b/src/aalogparse.h @@ -127,6 +127,7 @@ typedef struct char *denied_mask; /* "r", "w", etc. */ char *requested_mask; unsigned long fsuid; /* fsuid of task - if logged */ + unsigned long ouid; /* ouid of task - if logged */ char *profile; /* The name of the profile */ char *name; char *name2; --- a/src/grammar.y +++ b/src/grammar.y @@ -143,6 +143,7 @@ aa_record_event_type lookup_aa_event(uns %token TOK_KEY_NAMESPACE %token TOK_KEY_ERROR %token TOK_KEY_FSUID +%token TOK_KEY_OUID %token TOK_SYSLOG_KERNEL @@ -415,6 +416,8 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QU { ret_record->error_code = $3;} | TOK_KEY_FSUID TOK_EQUALS TOK_DIGITS { ret_record->fsuid = $3;} + | TOK_KEY_OUID TOK_EQUALS TOK_DIGITS + { ret_record->ouid = $3;} ; key_pid: TOK_KEY_PID TOK_EQUALS TOK_DIGITS { ret_record->pid = $3; } --- a/src/libaalogparse.c +++ b/src/libaalogparse.c @@ -93,6 +93,7 @@ void _init_log_record(aa_log_record *rec record->version = AA_RECORD_SYNTAX_UNKNOWN; record->event = AA_RECORD_INVALID; record->fsuid = (unsigned long) -1; + record->ouid = (unsigned long) -1; return; } --- a/src/scanner.l +++ b/src/scanner.l @@ -107,6 +107,7 @@ key_sock_type "sock_type" key_protocol "protocol" key_error "error" key_fsuid "fsuid" +key_ouid "ouid" audit "audit" /* syslog tokens */ @@ -289,6 +290,7 @@ char *string_buf_ptr = string_buf; /* as {key_protocol} { return(TOK_KEY_PROTOCOL); } {key_error} { return(TOK_KEY_ERROR); } {key_fsuid} { return(TOK_KEY_FSUID); } +{key_ouid} { return(TOK_KEY_OUID); } {syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); } {syslog_month} { yylval->t_str = strdup(yytext); return(TOK_DATE_MONTH); } --- a/testsuite/test_multi.c +++ b/testsuite/test_multi.c @@ -117,6 +117,10 @@ int print_results(aa_log_record *record) { printf("fsuid: %ld\n", record->fsuid); } + if (record->ouid != (unsigned long) -1) + { + printf("ouid: %ld\n", record->ouid); + } if (record->profile != NULL) { printf("Profile: %s\n", record->profile); --- /dev/null +++ b/testsuite/test_multi/testcase_ouid.in @@ -0,0 +1 @@ +type=APPARMOR_DENIED msg=audit(1253311255.027:200): operation="open" pid=25588 parent=25587 profile="/home/ubuntu/tmp/aashell" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/ubuntu/" --- /dev/null +++ b/testsuite/test_multi/testcase_ouid.out @@ -0,0 +1,15 @@ +START +File: test_multi/testcase_ouid.in +Event type: AA_RECORD_DENIED +Audit ID: 1253311255.027:200 +Operation: open +Mask: r:: +Denied Mask: r:: +fsuid: 1000 +ouid: 1000 +Profile: /home/ubuntu/tmp/aashell +Name: /home/ubuntu/ +Parent: 25587 +PID: 25588 +Epoch: 1253311255 +Audit subid: 200
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor