Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/872446
Due to logging changes for 'exec' events, 'exec' events in aa-logprof were being skipped when a profile is in enforcing mode. This patch addresses the issue. --- utils/Immunix/AppArmor.pm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) Index: b/utils/Immunix/AppArmor.pm =================================================================== --- a/utils/Immunix/AppArmor.pm +++ b/utils/Immunix/AppArmor.pm @@ -2850,7 +2850,21 @@ sub add_event_to_tree ($) { $e->{name}, "" ); - } + } elsif (defined $e->{name}) { + add_to_tree( $e->{pid}, + $e->{parent}, + "exec", + $profile, + $hat, + $prog, + $sdmode, + $e->{denied_mask}, + $e->{name}, + "" + ); + } else { + $DEBUGGING && debug "add_event_to_tree: dropped exec event in $e->{profile}"; + } } elsif ($e->{operation} =~ m/file_/) { add_to_tree( $e->{pid}, $e->{parent}, -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor