[apparmor] Fwd: [Patch] Fix date time log parsing for 2.8.1
Aaron Lewis
the.warl0ck.1989 at gmail.com
Tue Jan 8 13:01:19 UTC 2013
---------- Forwarded message ----------
From: Aaron Lewis <the.warl0ck.1989 at gmail.com>
Date: Tue, Jan 8, 2013 at 9:01 PM
Subject: Re: [apparmor] [Patch] Fix date time log parsing for 2.8.1
To: John Johansen <john.johansen at canonical.com>
Cool, just tested on Arch Linux, apparmor-2.8.0 from AUR
Works! I'll give more tests tomorrow, thanks John!
On Tue, Jan 8, 2013 at 8:18 PM, John Johansen
<john.johansen at canonical.com> wrote:
> The following patch extends the libraries log parsing to support more date
> time formats.
>
> currently the only supported format is
> <Month> ## hh:mm:ss
>
> extend this to
> <Month> ## hh:mm:ss(.ms)?((+|-)timezone)?
>
> yyyy-mm-dd hh:mm:ss(.ms)?((+|-)timezone)?
>
> yyyy-mm-ddThh:mm:ss(.ms)?((+|-)timezone)?
>
> ---
> === modified file 'libraries/libapparmor/src/grammar.y'
> --- libraries/libapparmor/src/grammar.y 2012-04-06 22:59:04 +0000
> +++ libraries/libapparmor/src/grammar.y 2013-01-08 11:44:18 +0000
> @@ -81,7 +81,7 @@
> %type <t_str> safe_string protocol
> %token <t_long> TOK_DIGITS TOK_TYPE_UNKNOWN
> %token <t_str> TOK_QUOTED_STRING TOK_ID TOK_MODE TOK_DMESG_STAMP
> -%token <t_str> TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE_TIME
> +%token <t_str> TOK_AUDIT_DIGITS TOK_DATE_MONTH TOK_DATE TOK_TIME
> %token <t_str> TOK_HEXSTRING TOK_TYPE_OTHER TOK_MSG_REST
> %token <t_str> TOK_IP_ADDR
>
> @@ -203,7 +203,8 @@
> free($7);
> } ;
>
> -syslog_date: TOK_DATE_MONTH TOK_DIGITS TOK_DATE_TIME { /* do nothing? */ }
> +syslog_date: TOK_DATE_MONTH TOK_DIGITS TOK_TIME { /* do nothing? */ }
> + | TOK_DATE TOK_TIME { /* do nothing */ }
> ;
>
> key_list: key
>
> === modified file 'libraries/libapparmor/src/scanner.l'
> --- libraries/libapparmor/src/scanner.l 2012-04-06 22:59:04 +0000
> +++ libraries/libapparmor/src/scanner.l 2013-01-08 11:42:08 +0000
> @@ -75,10 +75,12 @@
> ws [ \t\r\n]
>
> equals "="
> -digits [0-9]+
> +digit [[:digit:]]
> +digits {digit}+
> hex [A-F0-9]
> colon ":"
> minus "-"
> +plus "+"
> open_paren "("
> close_paren ")"
> ID [^ \t\n\(\)="'!]
> @@ -144,8 +146,12 @@
>
> /* syslog tokens */
> syslog_kernel kernel{colon}
> +syslog_yyyymmdd {digit}{4}{minus}{digit}{2}{minus}{digit}{2}
> +syslog_date {syslog_yyyymmdd}
> syslog_month Jan(uary)?|Feb(ruary)?|Mar(ch)?|Apr(il)?|May|Jun(e)?|Jul(y)?|Aug(ust)?|Sep(tember)?|Oct(ober)?|Nov(ember)?|Dec(ember)?
> -syslog_time {digits}{digits}{colon}{digits}{digits}{colon}{digits}{digits}
> +hhmmss {digit}{2}{colon}{digit}{2}{colon}{digit}{2}
> +timezone ({plus}|{minus}){digit}{2}{colon}{digit}{2}
> +syslog_time {hhmmss}({period}{digits})?{timezone}?
> syslog_hostname [[:alnum:]_-]+
> dmesg_timestamp \[[[:digit:] ]{5,}\.[[:digit:]]{6,}\]
>
> @@ -291,7 +297,9 @@
>
> {syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
> {syslog_month} { yylval->t_str = strdup(yytext); return(TOK_DATE_MONTH); }
> -{syslog_time} { yylval->t_str = strdup(yytext); BEGIN(hostname); return(TOK_DATE_TIME); }
> +{syslog_date} { yylval->t_str = strdup(yytext); return(TOK_DATE); }
> +{syslog_date}T/{syslog_time} { yylval->t_str = strndup(yytext, strlen(yytext)-1); return(TOK_DATE); }
> +{syslog_time} { yylval->t_str = strdup(yytext); BEGIN(hostname); return(TOK_TIME); }
>
> {audit} { yy_push_state(audit_id, yyscanner); return(TOK_AUDIT); }
>
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_01.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_01.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_01.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_01.in 2013-01-08 11:50:39 +0000
> @@ -0,0 +1,1 @@
> +Jan 1 15:09:04 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_01.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_01.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_01.out 2013-01-08 12:10:48 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_01.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_02.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_02.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_02.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_02.in 2013-01-08 11:51:02 +0000
> @@ -0,0 +1,1 @@
> +Jan 1 15:09:04+08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_02.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_02.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_02.out 2013-01-08 12:10:52 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_02.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_03.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_03.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_03.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_03.in 2013-01-08 11:51:32 +0000
> @@ -0,0 +1,1 @@
> +Jan 1 15:09:04.562575 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_03.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_03.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_03.out 2013-01-08 12:10:57 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_03.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_04.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_04.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_04.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_04.in 2013-01-08 11:50:16 +0000
> @@ -0,0 +1,1 @@
> +Jan 1 15:09:04.562575+08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_04.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_04.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_04.out 2013-01-08 12:11:00 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_04.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_05.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_05.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_05.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_05.in 2013-01-08 11:53:54 +0000
> @@ -0,0 +1,1 @@
> +Jan 1 15:09:04-08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_05.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_05.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_05.out 2013-01-08 12:11:04 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_05.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_06.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_06.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_06.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_06.in 2013-01-08 11:54:08 +0000
> @@ -0,0 +1,1 @@
> +Jan 1 15:09:04.562575-08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_06.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_06.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_06.out 2013-01-08 12:11:08 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_06.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_07.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_07.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_07.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_07.in 2013-01-08 11:56:09 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01 15:09:04 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_07.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_07.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_07.out 2013-01-08 12:11:11 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_07.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_08.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_08.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_08.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_08.in 2013-01-08 11:56:22 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01 15:09:04+08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_08.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_08.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_08.out 2013-01-08 12:11:15 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_08.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_09.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_09.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_09.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_09.in 2013-01-08 11:56:33 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01 15:09:04.562575 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_09.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_09.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_09.out 2013-01-08 12:11:18 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_09.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.in 2013-01-08 11:56:45 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01 15:09:04.562575+08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.out 2013-01-08 12:11:22 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_10.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_11.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_11.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_11.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_11.in 2013-01-08 11:56:54 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01 15:09:04-08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_11.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_11.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_11.out 2013-01-08 12:11:25 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_11.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_12.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_12.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_12.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_12.in 2013-01-08 11:57:05 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01 15:09:04.562575-08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_12.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_12.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_12.out 2013-01-08 12:11:30 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_12.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_13.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_13.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_13.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_13.in 2013-01-08 11:58:21 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01T15:09:04 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_13.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_13.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_13.out 2013-01-08 12:11:32 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_13.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_14.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_14.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_14.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_14.in 2013-01-08 11:58:32 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01T15:09:04+08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_14.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_14.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_14.out 2013-01-08 12:11:35 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_14.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_15.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_15.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_15.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_15.in 2013-01-08 11:58:45 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01T15:09:04.562575 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_15.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_15.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_15.out 2013-01-08 12:11:38 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_15.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_16.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_16.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_16.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_16.in 2013-01-08 11:58:58 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01T15:09:04.562575+08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_16.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_16.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_16.out 2013-01-08 12:11:42 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_16.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_17.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_17.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_17.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_17.in 2013-01-08 11:59:08 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01T15:09:04-08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_17.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_17.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_17.out 2013-01-08 12:11:45 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_17.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_18.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_18.in'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_18.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_18.in 2013-01-08 11:59:17 +0000
> @@ -0,0 +1,1 @@
> +2013-01-01T15:09:04.562575-08:00 localhost kernel: [ 1911.569682] type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" operation="open" parent=5390 profile="/usr/lib/virtualbox/VBoxSVC//null-2d" name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
>
> === added file 'libraries/libapparmor/testsuite/test_multi/syslog_datetime_18.out'
> --- libraries/libapparmor/testsuite/test_multi/syslog_datetime_18.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/syslog_datetime_18.out 2013-01-08 12:11:48 +0000
> @@ -0,0 +1,16 @@
> +START
> +File: test_multi/syslog_datetime_18.in
> +Event type: AA_RECORD_ALLOWED
> +Audit ID: 1357024144.556:6368
> +Operation: open
> +Mask: r
> +Denied Mask: r
> +fsuid: 1000
> +ouid: 0
> +Profile: /usr/lib/virtualbox/VBoxSVC//null-2d
> +Name: /sys/class/power_supply/
> +Command: ACPI Poller
> +Parent: 5390
> +PID: 5457
> +Epoch: 1357024144
> +Audit subid: 6368
>
>
>
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
More information about the AppArmor
mailing list