Hi, This issue should be addressed by upstream apparmor commit 2830 (http://bazaar.launchpad.net/~apparmor-dev/apparmor/2.9/revision/2830), included in the recent apparmor 2.9.1 release. I was able to reproduce the issue in jessie after switching to syslog-ng as the syslog daemon.
Attached is the cherry-picked patch (minus the test case, as getting quilt to create an empty stderr file is problematic), if its preferred for jessie to just take the individual patch rather than the whole 2.9.1 release. Thanks for your patience in solving this issue and your interest in apparmor. -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
------------------------------------------------------------ revno: 2830 fixes bug: https://launchpad.net/bugs/1399027 committer: Steve Beattie <sbeat...@ubuntu.com> branch nick: apparmor timestamp: Fri 2014-12-12 16:43:35 -0800 message: library: fix parsing for yet another format This patch fixes the libapparmor log parsing library to take into account yet another log format style, as well as incorporating a testcase for it. Bugs: https://bugs.launchpad.net/apparmor/+bug/1399027 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771400 https://bugzilla.opensuse.org/show_bug.cgi?id=905368 Signed-off-by: Steve Beattie <st...@nxnw.org> Acked-by: John Johansen <john.johan...@canonical.com> === modified file 'libraries/libapparmor/src/grammar.y' --- a/libraries/libapparmor/src/grammar.y 2014-09-04 18:37:33 +0000 +++ b/libraries/libapparmor/src/grammar.y 2014-12-13 00:43:35 +0000 @@ -210,6 +210,8 @@ { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); } | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); } + | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_AUDIT TOK_COLON key_type audit_id key_list + { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); } | syslog_date TOK_ID TOK_SYSLOG_USER key_list { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); } ;
signature.asc
Description: Digital signature
