add ability to parser dmesg output as a log file

Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2025-08-29 05:17:59 +00:00 · 2015-06-02 01:00:29 -07:00 · 2015-06-02 01:00:29 -07:00 · 2d31e2c113
commit 2d31e2c113
parent 7cc75c44fa
29 changed files with 137 additions and 0 deletions
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@ -169,6 +169,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
 %%
 log_message: audit_type
 	| dmesg_type
 	| syslog_type
 	| audit_dispatch
 	;
@ -199,6 +200,10 @@ other_audit: TOK_TYPE_OTHER audit_msg TOK_MSG_REST
 	}
 	;
 dmesg_type: TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
 	{ ret_record->version = AA_RECORD_SYNTAX_V2; }
 	;
 syslog_type:
 	  syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
 	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@ -355,6 +355,7 @@ yy_flex_debug = 0;
 {syslog_time}		{ yylval->t_str = strdup(yytext); BEGIN(hostname); return(TOK_TIME); }
 {audit}			{ yy_push_state(audit_id, yyscanner); return(TOK_AUDIT); }
 {dmesg_timestamp}	{ yylval->t_str = strdup(yytext); return(TOK_DMESG_STAMP); }
 .			{ /* ignore any non-matched input */ BEGIN(unknown_message); yyless(0); }
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.in
@ -0,0 +1 @@
 [ 1612.746129] audit: type=1400 audit(1284061910.975:672): apparmor="DENIED" operation="capable" parent=2663 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/syscall_setpriority" pid=7292 comm="syscall_setprio" capability=23  capname="sys_nice"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_capability.out
@ -0,0 +1,12 @@
 START
 File: testcase_dmesg_capability.in
 Event type: AA_RECORD_DENIED
 Audit ID: 1284061910.975:672
 Operation: capable
 Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/syscall_setpriority
 Name: sys_nice
 Command: syscall_setprio
 Parent: 2663
 PID: 7292
 Epoch: 1284061910
 Audit subid: 672
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.in
@ -0,0 +1 @@
 [ 1597.774866] audit: type=1400 audit(1284061896.005:28): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=2698 comm="syscall_ptrace"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changehat_negative_error.out
@ -0,0 +1,11 @@
 START
 File: testcase_dmesg_changehat_negative_error.in
 Event type: AA_RECORD_DENIED
 Audit ID: 1284061896.005:28
 Operation: change_hat
 Command: syscall_ptrace
 Info: unconfined
 ErrorCode: 1
 PID: 2698
 Epoch: 1284061896
 Audit subid: 28
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.in
@ -0,0 +1 @@
 [   97.492562] audit: type=1400 audit(1431116353.523:77): apparmor="DENIED" operation="change_profile" profile="/tests/regression/apparmor/changeprofile" pid=3459 comm="changeprofile" target="/tests/regression/apparmor/rename"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_changeprofile_01.out
@ -0,0 +1,11 @@
 START
 File: testcase_dmesg_changeprofile_01.in
 Event type: AA_RECORD_DENIED
 Audit ID: 1431116353.523:77
 Operation: change_profile
 Profile: /tests/regression/apparmor/changeprofile
 Command: changeprofile
 Name2: /tests/regression/apparmor/rename
 PID: 3459
 Epoch: 1431116353
 Audit subid: 77
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.in
@ -0,0 +1 @@
 [ 2010.738449] audit: type=1400 audit(1284062308.965:276251): apparmor="DENIED" operation="link" parent=19088 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/link" name="/tmp/sdtest.19088-12382-HWH57d/linkfile" pid=19142 comm="link" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/tmp/sdtest.19088-12382-HWH57d/target"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_link_01.out
@ -0,0 +1,17 @@
 START
 File: testcase_dmesg_link_01.in
 Event type: AA_RECORD_DENIED
 Audit ID: 1284062308.965:276251
 Operation: link
 Mask: l
 Denied Mask: l
 fsuid: 0
 ouid: 0
 Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/link
 Name: /tmp/sdtest.19088-12382-HWH57d/linkfile
 Command: link
 Name2: /tmp/sdtest.19088-12382-HWH57d/target
 Parent: 19088
 PID: 19142
 Epoch: 1284062308
 Audit subid: 276251
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.in
@ -0,0 +1 @@
 [45334.755142] audit: type=1503 audit(1282671283.411:2199):  operation="mkdir" pid=4786 parent=4708 profile="/usr/sbin/sshd//ubuntu" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/tmp/ssh-gRozJw4786/"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_mkdir.out
@ -0,0 +1,15 @@
 START
 File: testcase_dmesg_mkdir.in
 Event type: AA_RECORD_DENIED
 Audit ID: 1282671283.411:2199
 Operation: mkdir
 Mask: c::
 Denied Mask: c::
 fsuid: 1000
 ouid: 1000
 Profile: /usr/sbin/sshd//ubuntu
 Name: /tmp/ssh-gRozJw4786/
 Parent: 4708
 PID: 4786
 Epoch: 1282671283
 Audit subid: 2199
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.in
@ -0,0 +1 @@
 [  878.663418] audit: type=1502 audit(1282626827.320:413): operation="rename_dest" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="wc::" denied_mask="wc::" fsuid=0 ouid=0 name="/var/run/motd"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_dest.out
@ -0,0 +1,15 @@
 START
 File: testcase_dmesg_rename_dest.in
 Event type: AA_RECORD_ALLOWED
 Audit ID: 1282626827.320:413
 Operation: rename_dest
 Mask: wc::
 Denied Mask: wc::
 fsuid: 0
 ouid: 0
 Profile: /usr/sbin/sshd
 Name: /var/run/motd
 Parent: 650
 PID: 1881
 Epoch: 1282626827
 Audit subid: 413
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.in
@ -0,0 +1 @@
 [  878.663410] audit: type=1502 audit(1282626827.320:412): operation="rename_src" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/var/run/motd.new"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_rename_src.out
@ -0,0 +1,15 @@
 START
 File: testcase_dmesg_rename_src.in
 Event type: AA_RECORD_ALLOWED
 Audit ID: 1282626827.320:412
 Operation: rename_src
 Mask: r::
 Denied Mask: r::
 fsuid: 0
 ouid: 0
 Profile: /usr/sbin/sshd
 Name: /var/run/motd.new
 Parent: 650
 PID: 1881
 Epoch: 1282626827
 Audit subid: 412
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.in
@ -0,0 +1 @@
 [ 2143.902340] audit: type=1400 audit(1283989336.064:272335): apparmor="STATUS" info="failed to unpack profile" error=-71 pid=4958 comm="apparmor_parser" name="/home/jj/master/tests/regression/apparmor/net_raw" offset=159
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_status_offset.out
@ -0,0 +1,11 @@
 START
 File: testcase_dmesg_status_offset.in
 Event type: AA_RECORD_STATUS
 Audit ID: 1283989336.064:272335
 Name: /home/jj/master/tests/regression/apparmor/net_raw
 Command: apparmor_parser
 Info: failed to unpack profile
 ErrorCode: 71
 PID: 4958
 Epoch: 1283989336
 Audit subid: 272335
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.err
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.err
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.in
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.in
@ -0,0 +1 @@
 [  878.662172] audit: type=1503 audit(1282626827.320:411): operation="truncate" pid=1957 parent=1 profile="/etc/update-motd.d/91-release-upgrade" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/var/lib/update-notifier/release-upgrade-available"
--- a/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.out
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_dmesg_truncate.out
@ -0,0 +1,15 @@
 START
 File: testcase_dmesg_truncate.in
 Event type: AA_RECORD_DENIED
 Audit ID: 1282626827.320:411
 Operation: truncate
 Mask: w::
 Denied Mask: w::
 fsuid: 0
 ouid: 0
 Profile: /etc/update-motd.d/91-release-upgrade
 Name: /var/lib/update-notifier/release-upgrade-available
 Parent: 1
 PID: 1957
 Epoch: 1282626827
 Audit subid: 411
		`@ -0,0 +1 @@`
							`[ 1612.746129] audit: type=1400 audit(1284061910.975:672): apparmor="DENIED" operation="capable" parent=2663 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/syscall_setpriority" pid=7292 comm="syscall_setprio" capability=23 capname="sys_nice"`
		`@ -0,0 +1 @@`
							`[ 1597.774866] audit: type=1400 audit(1284061896.005:28): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=2698 comm="syscall_ptrace"`
		`@ -0,0 +1 @@`
							`[ 97.492562] audit: type=1400 audit(1431116353.523:77): apparmor="DENIED" operation="change_profile" profile="/tests/regression/apparmor/changeprofile" pid=3459 comm="changeprofile" target="/tests/regression/apparmor/rename"`
		`@ -0,0 +1 @@`
							`[ 2010.738449] audit: type=1400 audit(1284062308.965:276251): apparmor="DENIED" operation="link" parent=19088 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/link" name="/tmp/sdtest.19088-12382-HWH57d/linkfile" pid=19142 comm="link" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/tmp/sdtest.19088-12382-HWH57d/target"`
		`@ -0,0 +1 @@`
							`[45334.755142] audit: type=1503 audit(1282671283.411:2199): operation="mkdir" pid=4786 parent=4708 profile="/usr/sbin/sshd//ubuntu" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/tmp/ssh-gRozJw4786/"`
		`@ -0,0 +1 @@`
							`[ 878.663418] audit: type=1502 audit(1282626827.320:413): operation="rename_dest" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="wc::" denied_mask="wc::" fsuid=0 ouid=0 name="/var/run/motd"`
		`@ -0,0 +1 @@`
							`[ 878.663410] audit: type=1502 audit(1282626827.320:412): operation="rename_src" pid=1881 parent=650 profile="/usr/sbin/sshd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/var/run/motd.new"`
		`@ -0,0 +1 @@`
							`[ 2143.902340] audit: type=1400 audit(1283989336.064:272335): apparmor="STATUS" info="failed to unpack profile" error=-71 pid=4958 comm="apparmor_parser" name="/home/jj/master/tests/regression/apparmor/net_raw" offset=159`
		`@ -0,0 +1 @@`
							`[ 878.662172] audit: type=1503 audit(1282626827.320:411): operation="truncate" pid=1957 parent=1 profile="/etc/update-motd.d/91-release-upgrade" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/var/lib/update-notifier/release-upgrade-available"`