[apparmor] [patch] logparser.py parse_event(): always store family, protocol and sock_type
Seth Arnold
seth.arnold at canonical.com
Fri Nov 18 22:09:58 UTC 2016
On Fri, Nov 18, 2016 at 10:39:10PM +0100, Christian Boltz wrote:
> I propose this patch for trunk and 2.10.
> (2.9 logparser.py code is slightly different, and I don't want to risk
> breaking it)
>
>
> [ 01-logparser-always-store-protocol-family-sock_type.diff ]
>
> === modified file ./utils/apparmor/logparser.py
> --- utils/apparmor/logparser.py 2016-10-14 00:35:27.514276563 +0200
> +++ utils/apparmor/logparser.py 2016-11-18 22:14:00.909027936 +0100
> @@ -133,11 +133,11 @@
> ev['denied_mask'] = event.denied_mask
> ev['request_mask'] = event.requested_mask
> ev['magic_token'] = event.magic_token
> - if ev['operation'] and (self.op_type(ev['operation']) == 'net' or event.net_protocol):
> - ev['family'] = event.net_family
> - ev['protocol'] = event.net_protocol
> - ev['sock_type'] = event.net_sock_type
> + ev['family'] = event.net_family
> + ev['protocol'] = event.net_protocol
> + ev['sock_type'] = event.net_sock_type
I haven't yet checked to see if we guarantee that these are intiialized
regardless of type. If you've already checked a reference would help :)
> +
> - elif ev['operation'] and ev['operation'] == 'signal':
> + if ev['operation'] and ev['operation'] == 'signal':
> ev['signal'] = event.signal
> ev['peer'] = event.peer
> elif ev['operation'] and ev['operation'] == 'ptrace':
So, I have to ask.. why are these still special cased? :)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161118/69b24c8e/attachment.pgp>
More information about the AppArmor
mailing list