mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 22:05:27 +00:00
Some STATUS log events trigger a crash in aa-notify because the log line doesn't have operation=. Examples are: type=AVC msg=audit(1630913351.586:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0" type=AVC msg=audit(1630913352.610:6): apparmor="STATUS" info="AppArmor sha1 policy hashing enabled" pid=1 comm="swapper/0" Fix this by not looking at log events without operation= Also add one of the example events as libapparmor testcase. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/194
2 lines
124 B
Plaintext
2 lines
124 B
Plaintext
audit.log:type=AVC msg=audit(1630913351.586:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0"
|