Merge logparser: add support for change_onexec logs

Add support for change_onexec logs by converting them to change_profile. Fix associated test. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1745 Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Maxime Bélair <maxime.belair@canonical.com>
2025-08-22 01:57:43 +00:00 · 2025-07-30 08:27:43 +00:00 · 2025-07-30 08:27:43 +00:00 · 63ce02c01d
commit 63ce02c01d
parent e82ee9f4f4 2448655188
3 changed files with 3 additions and 2 deletions
--- a/libraries/libapparmor/testsuite/test_multi/change_onexec_lp1648143.profile
+++ b/libraries/libapparmor/testsuite/test_multi/change_onexec_lp1648143.profile
@ -1,2 +1,4 @@
 profile unconfined {
  change_profile -> system_tor,
 }
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@ -362,7 +362,7 @@ class ReadLog:
            self.hashlog[aamode][full_profile]['change_hat'][e['name2']] = True
            return
-        elif e['operation'] == 'change_profile':
+        elif e['operation'] == 'change_profile' or e['operation'] == 'change_onexec':
            ChangeProfileRule.hashlog_from_event(self.hashlog[aamode][full_profile]['change_profile'], e)
            return
--- a/utils/test/test-libapparmor-test_multi.py
+++ b/utils/test/test-libapparmor-test_multi.py
@ -166,7 +166,6 @@ log_to_profile_skip = [
 # tests that cause an empty log
 log_to_profile_known_empty_log = [
    'change_onexec_lp1648143',  # change_onexec not supported in logparser.py yet (and the log is about "no new privs" error)
    'ptrace_garbage_lp1689667_1',  # no denied= in log
    'ptrace_no_denied_mask',  # no denied= in log
    'unconfined-change_hat',  # unconfined trying to change_hat, which isn't allowed