utils: Properly identify empty ouid/fsuid fields in logs

libaalogparse uses (unsigned long) -1 to indicate that a log entry does not contain ouid and/or fsuid fields. The utils logparser was incorrectly using 2^64 - 1 to detect such a condition but that wasn't sufficient for 32 bit environments. Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
2025-08-31 06:16:03 +00:00 · 2018-03-07 14:25:22 +00:00
parent f8c535801e
commit 46f88f5f0d
1 changed files with 2 additions and 1 deletions
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -12,6 +12,7 @@
 #    GNU General Public License for more details.
 #
 # ----------------------------------------------------------------------
+import ctypes
 import os
 import re
 import sys
@@ -118,7 +119,7 @@ class ReadLog:
        ev['protocol'] = event.net_protocol
        ev['sock_type'] = event.net_sock_type

-        if event.ouid != 18446744073709551615:  # 2^64 - 1
+        if event.ouid != ctypes.c_ulong(-1).value:  # ULONG_MAX
            ev['fsuid'] = event.fsuid
            ev['ouid'] = event.ouid