Hello, some people have the full hostname in their syslog messages, so libapparmor needs to accept hostnames that contain dots.
References: https://bugs.launchpad.net/apparmor/+bug/1453300 comments #1 and #2 (the log samples reported by scrx in #apparmor) I propose this patch for trunk, 2.10 and 2.9. BTW: are there other special chars that are valid in a hostname and not covered by the regex? [ accept-hostname-with-dot.diff ] === modified file 'libraries/libapparmor/src/scanner.l' --- libraries/libapparmor/src/scanner.l 2015-06-02 08:00:29 +0000 +++ libraries/libapparmor/src/scanner.l 2016-05-04 22:23:48 +0000 @@ -178,7 +178,7 @@ hhmmss {digit}{2}{colon}{digit}{2}{colon}{digit}{2} timezone ({plus}|{minus}){digit}{2}{colon}{digit}{2} syslog_time {hhmmss}({period}{digits})?{timezone}? -syslog_hostname [[:alnum:]_-]+ +syslog_hostname [[:alnum:]._-]+ dmesg_timestamp \[[[:digit:] ]{5,}\.[[:digit:]]{6,}\] %x single_quoted_string === added file 'libraries/libapparmor/testsuite/test_multi/syslog_hostname_with_dot.err' === added file 'libraries/libapparmor/testsuite/test_multi/syslog_hostname_with_dot.in' --- libraries/libapparmor/testsuite/test_multi/syslog_hostname_with_dot.in 1970-01-01 00:00:00 +0000 +++ libraries/libapparmor/testsuite/test_multi/syslog_hostname_with_dot.in 2016-05-04 22:52:42 +0000 @@ -0,0 +1,1 @@ +Sep 14 18:49:13 mfa-mia-74-app-rabbitmq-1.mia.ix.int kernel: [964718.247816] type=1400 audit(1442256553.643:40143): apparmor="ALLOWED" operation="open" profile="/opt/evoke/venv/bin/gunicorn" name="/opt/evoke/venv/lib/python2.7/warnings.pyc" pid=28943 comm="gunicorn" requested_mask="r" denied_mask="r" fsuid=1000 ouid=110 === added file 'libraries/libapparmor/testsuite/test_multi/syslog_hostname_with_dot.out' --- libraries/libapparmor/testsuite/test_multi/syslog_hostname_with_dot.out 1970-01-01 00:00:00 +0000 +++ libraries/libapparmor/testsuite/test_multi/syslog_hostname_with_dot.out 2016-05-04 22:54:55 +0000 @@ -0,0 +1,15 @@ +START +File: syslog_hostname_with_dot.in +Event type: AA_RECORD_ALLOWED +Audit ID: 1442256553.643:40143 +Operation: open +Mask: r +Denied Mask: r +fsuid: 1000 +ouid: 110 +Profile: /opt/evoke/venv/bin/gunicorn +Name: /opt/evoke/venv/lib/python2.7/warnings.pyc +Command: gunicorn +PID: 28943 +Epoch: 1442256553 +Audit subid: 40143 Regards, Christian Boltz -- Böse Zungen behaupten, ein unterschriebenes Zertifikat bescheinigt dem Client, daß ein unbekannter Serverbetreiber einem unbekannten CA-Betreiber Geld bezahlt hat. Das ist natürlich für eine Kommunikation eine eher nutzlose Garantie. [http://blog.koehntopp.de/archives/3166-Not-Fixing-SSL.html]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
