[apparmor] [patch 0/3] libapparmor: a few aalogparse fixes

Seth Arnold seth.arnold at canonical.com
Thu Sep 4 00:09:14 UTC 2014 

On Wed, Sep 03, 2014 at 12:40:20AM -0700, Steve Beattie wrote:
> In preparation for adding support for the new af_unix abstract socket
> log messages, the following patch series addresses some currently
> existing bugs in libapprmor's aalogparse functionality.
> 
> I have an un-included patch that adjusts the SO version, but want
> to wait to get closer to a release before submitting/applying it,
> so that we don't gratuitously change the version numbers.
> 
> Discovering log messages that libapparmor does not parse was done via
> the included python script. I intend to submit it for inclusion, but I
> need to modify it to return an error code if it finds messages it can't
> parse, to allow it to be used as one of the last steps of test runs.
> It's also unclear to me where in the source tree to make it available,
> since it's clearly a developer oriented tool. Suggestions welcome.

I like this script, it shows an easy use of the record parsing API. This
deserves wider distribution even if only as an example.

One funny piece is the fileinput.input() used in addition to the
for f in config.logfile:  loop. One or the other could go.

Thanks

> 
> #!/usr/bin/env python
> # ----------------------------------------------------------------------
> #    Copyright (C) 2014 Canonical, Ltd.
> #
> #    This program is free software; you can redistribute it and/or
> #    modify it under the terms of version 2 of the GNU General Public
> #    License as published by the Free Software Foundation.
> #
> #    This program is distributed in the hope that it will be useful,
> #    but WITHOUT ANY WARRANTY; without even the implied warranty of
> #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> #    GNU General Public License for more details.
> #
> # ----------------------------------------------------------------------
> 
> import fileinput
> import os
> import re
> import sys
> 
> import LibAppArmor as libapparmor
> from argparse import ArgumentParser  # requires python 2.7 or newer
> 
> def decode_line(mesg):
>     # print(mesg)
>     event = libapparmor.parse_record(mesg)
>     if event.event == libapparmor.AA_RECORD_INVALID:
>         print(mesg)
>     libapparmor.free_record(event)
> 
> def parse_file(log):
> 
>     aare = re.compile('apparmor=')
> 
>     if not os.path.exists(log):
>         print('ERROR: unable to open \'%s\', skipping.' % log)
>         return
> 
>     with fileinput.input(files=[log], bufsize=(128 * 1024)) as f:
>         for line in f:
>             line = line.strip()
>             result = aare.search(line)
>             if result is None:
>                 continue
> 
>             if sys.version_info < (3, 0):
>                 # parse_record fails with u'foo' style strings hence
>                 # typecasting to string
>                 line = str(line)
>             decode_line(line)
> 
> def main():
>     p = ArgumentParser()
>     p.add_argument('logfile', nargs='*', help='logfiles to parse with libapparmor')
>     config = p.parse_args()
> 
>     for f in config.logfile:
>         parse_file(f)
> 
> if __name__ == '__main__':
>     main()
> 
> -- 
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140903/dad6b05f/attachment.pgp>

More information about the AppArmor mailing list