mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 01:57:43 +00:00
98bf187323
Nobody told the tools that log events with operation="symlink" exist. Add this keyword to the list of file or network operations (I don't expect network symlinks ;-) but keeping everything in that list makes things easier than special-casing it.) Also add the log sample and expected result to the libapparmor tests. Fixes https://gitlab.com/apparmor/apparmor/-/issues/107
16 lines
236 B
Plaintext
16 lines
236 B
Plaintext
START
|
|
File: symlink.in
|
|
Event type: AA_RECORD_DENIED
|
|
Audit ID: 1596384041.705:290
|
|
Operation: symlink
|
|
Mask: c
|
|
Denied Mask: c
|
|
fsuid: 0
|
|
ouid: 0
|
|
Profile: /home/test.sh
|
|
Name: /home/b.c
|
|
Command: ln
|
|
PID: 8016
|
|
Epoch: 1596384041
|
|
Audit subid: 290
|