Comment 4 for bug 1358705

Cool, happy I could help!

On 20 Aug 2014, at 12:34, Christian Boltz <email address hidden> wrote:

> Actually AUDIT events need to be skipped by aa-logprof - they are
> already known to the profile, so there's no reason to ask about them.
>
> Thanks for the log lines - I'm able to reproduce the problem with them.
>
> The real problem was a typo - the code uses "AUDIT" everywhere, except
> at one place that accidently contained "AUDITING".
>
> The following patch fixes it:
>
> === modified file 'utils/apparmor/logparser.py'
> --- utils/apparmor/logparser.py 2014-08-18 19:01:38 +0000
> +++ utils/apparmor/logparser.py 2014-08-20 11:26:09 +0000
> @@ -151,7 +151,7 @@
> # Convert aamode values to their counter-parts
> mode_convertor = {0: 'UNKNOWN',
> 1: 'ERROR',
> - 2: 'AUDITING',
> + 2: 'AUDIT',
> 3: 'PERMITTING',
> 4: 'REJECTING',
> 5: 'HINT',
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1358705
>
> Title:
> Invalid mode found: AUDITING
>
> Status in AppArmor Linux application security framework:
> New
>
> Bug description:
> aa-logprof crashes with the following error:
>
> Invalid mode found: AUDITING
> File "/usr/sbin/aa-genprof", line 150, in <module>
> lp_ret = apparmor.do_logprof_pass(logmark, passno)
> File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2270, in do_logprof_pass
> ask_the_questions()
> File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1518, in ask_the_questions
> fatal_error(_('Invalid mode found: %s') % aamode)
> File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 133, in fatal_error
> tb_stack = traceback.format_list(traceback.extract_stack())
>
> when I have some processes running in AUDIT mode.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/apparmor/+bug/1358705/+subscriptions
>

--
Pawel Krawczyk
<email address hidden> +44 7879 180015
CISSP, OWASP