Comment 0 for bug 623467

Binary package hint: apparmor

While developing a test profile(s) for sshd on lucid using logprof/genprof, the following rejections in dmesg were never processed by the tools:

  [ 878.662172] type=1503 audit(1282626827.320:411): operation="truncate" pid=1957 parent=1 profile="/etc/update-motd.d/91-release-upgrade" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/var/lib/update-notifier/release-upgrade-available"
  [ 878.663410] type=1502 audit(1282626827.320:412): operation="rename_src" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/var/run/motd.new"
  [ 878.663418] type=1502 audit(1282626827.320:413): operation="rename_dest" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="wc::" denied_mask="wc::" fsuid=0 ouid=0 name="/var/run/motd"

I first looked at the log parsing library under the assumption that it didn't understand these operations. After adding testcases for each message, I confirmed that it does indeed understand them and parses them properly. Looking at SubDomain.pm, however, it does not know about these additional operation types.