operation="connect" can be file socket or network - logparser.py only handles network
Bug #1472368 reported by
Christian Boltz
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Invalid
|
Undecided
|
Unassigned |
Bug Description
From bug 1466812 comment 14
audit: type=1400 audit(143625848
aa-logprof ignores this log entry because it assumes "connect" always means a network operation.
Some discussion on #apparmor brought up that "connect" can be a) network and b) file socket, so the tools are 50% correct ;-)
To post a comment you must log in.
I just re-tested - test_multi.multi says AA_RECORD_INVALID, so this is most probably a problem with libapparmor not recognizing the log format.