[apparmor] [PATCH] prefer syslog over messages

[John Johansen]

On 08/18/2011 03:01 PM, Kees Cook wrote:
> As /var/log/messages has been phased out, start preferring syslog
> instead.
> 
> (I needed this on upgraded Ubuntu machines that went from messages to
> syslog recently. It's not clear to me if this is needed in the general
> case, though, so I thought I'd bring it up here.)
> 
I honestly don't know if its needed in the general case either, but I
say we run with it for now.  If needed we can revert or revise.

> === modified file 'utils/Immunix/AppArmor.pm'
> --- utils/Immunix/AppArmor.pm	2011-08-17 23:26:41 +0000
> +++ utils/Immunix/AppArmor.pm	2011-08-18 21:33:06 +0000
> @@ -6755,7 +6755,7 @@
>  $parser = find_first_file($cfg->{settings}{parser}) || "/sbin/apparmor_parser";
>  unless (-x $parser) { fatal_error "Can't find apparmor_parser."; }
>  
> -$filename = find_first_file($cfg->{settings}{logfiles}) || "/var/log/messages";
> +$filename = find_first_file($cfg->{settings}{logfiles}) || "/var/log/syslog";
>  unless (-f $filename) { fatal_error "Can't find system log."; }
>  
>  $ldd = find_first_file($cfg->{settings}{ldd}) || "/usr/bin/ldd";
> 
> === modified file 'utils/logprof.conf'
> --- utils/logprof.conf	2010-12-20 20:29:10 +0000
> +++ utils/logprof.conf	2011-08-18 21:33:46 +0000
> @@ -11,7 +11,7 @@
>  [settings]
>    profiledir = /etc/apparmor.d /etc/subdomain.d
>    inactive_profiledir = /usr/share/doc/apparmor-profiles/extras 
> -  logfiles = /var/log/audit/audit.log /var/log/messages /var/log/syslog
> +  logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
>  
>    parser = /sbin/apparmor_parser /sbin/subdomain_parser
>    ldd = /usr/bin/ldd
> 
> 

Acked-by: John Johansen <john.johansen at canonical.com>