Marcus Rueckert
f270973a6c
Accepted submit request 57745 from user jeff_mahoney OBS-URL: https://build.opensuse.org/request/show/57745 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=1
25 lines
773 B
Plaintext
25 lines
773 B
Plaintext
From: Steve Beattie <sbeattie@ubuntu.com>
|
|
Subject: apparmor-utils: Support newer auditd formatted messages.
|
|
|
|
Patch from mancha on irc.
|
|
|
|
This is lp:apparmor/2.5 commit r1444.
|
|
|
|
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
|
|
Acked-by: Jeff Mahoney <jeffm@suse.com>
|
|
---
|
|
utils/SubDomain.pm | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
--- a/utils/SubDomain.pm
|
|
+++ b/utils/SubDomain.pm
|
|
@@ -2420,7 +2420,7 @@
|
|
my $RE_LOG_v2_1_audit =
|
|
qr/type=(UNKNOWN\[150[1-6]\]|APPARMOR_(AUDIT|ALLOWED|DENIED|HINT|STATUS|ERROR))/;
|
|
my $RE_LOG_v2_6_audit =
|
|
- qr/type=AVC\s+audit\([\d\.\:]+\):\s+apparmor=/;
|
|
+ qr/type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=/;
|
|
|
|
sub prefetch_next_log_entry {
|
|
# if we already have an existing cache entry, something's broken
|