FS#76424 - [apparmor] 3.1.1 aa-genprof and aa-logprof fail to parse audit.log
Attached to Project:
Arch Linux
Opened by Jess (ratherforky) - Friday, 04 November 2022, 23:41 GMT
Last edited by David Runge (dvzrv) - Tuesday, 22 November 2022, 11:46 GMT
Opened by Jess (ratherforky) - Friday, 04 November 2022, 23:41 GMT
Last edited by David Runge (dvzrv) - Tuesday, 22 November 2022, 11:46 GMT
|
Details
`aa-genprof` and `aa-logprof` fail to find AppArmor log
entries in `/var/log/audit/audit.log`, even if many
exist.
Upstream bug report: https://gitlab.com/apparmor/apparmor/-/issues/271 It's still broken in the latest release (3.1.1), but it's now fixed upstream with this commit: https://gitlab.com/apparmor/apparmor/-/commit/87e4d302cdbdcad98eb466d6d2c9340ac6109111 It can be worked around by removing the irrelevant text that's tripping up the parser, eg. with `aa-logprof -f <(sed 's/\x1d.*//' < /var/log/audit/audit.log)`, or by installing apparmor-git from the AUR. Noting it here in case it saves anyone some time and frustration. |
This task depends upon
Closed by David Runge (dvzrv)
Tuesday, 22 November 2022, 11:46 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 3.1.2-1
Tuesday, 22 November 2022, 11:46 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 3.1.2-1
Seems upstream has still not cut a new release after fixing this rather large issue a week ago. Have pinged them about this and if nothing is done by tomorrow will apply the patch in a pkgrel bump.