Merge logparser: adding support for comm in capability events

In order to act on capability denials, we need to parse comm. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1294 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
2025-08-30 13:58:22 +00:00 · 2024-08-12 22:43:55 +00:00
parent 8f7da77142 76b399310c
commit 055d0f80b5
2 changed files with 3 additions and 0 deletions
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -238,6 +238,8 @@ class ReadLog:

            case 'io_uring':
                ev['peer_profile'] = event.peer_profile
+            case 'capability':
+                ev['comm'] = event.comm

        if not ev['time']:
            ev['time'] = int(time.time())
--- a/utils/test/test-capability.py
+++ b/utils/test/test-capability.py
@@ -138,6 +138,7 @@ class CapabilityTest(AATest):
            'active_hat': None,
            'pid': 15454,
            'task': 0,
+            'comm': 'ping',
            'attr': None,
            'name2': None,
            'name': 'net_raw',