(1) The fix doesn't work for me. Looking at the code, the fix is incomplete. It only fixes libraries/libapparmor/src/grammar.y, but we also need to fix ReadLog.RE_LOG_v2_6_syslog in utils/apparmor/logparserl.py needs to be updated to accommodate the extra "audit:" text, i.e. should be
I don't see how the fix in 2.9.1 would have worked for anyone without this extra change.
(2) At this point, there are so many different syslog/audit formats that it might make sense to include some test cases, if not automated regression tests.
(1) The fix doesn't work for me. Looking at the code, the fix is incomplete. It only fixes libraries/ libapparmor/ src/grammar. y, but we also need to fix ReadLog. RE_LOG_ v2_6_syslog in utils/apparmor/ logparserl. py needs to be updated to accommodate the extra "audit:" text, i.e. should be
RE_ LOG_v2_ 6_syslog = re.compile( 'kernel: \s+(\[[ \d\.\s] +\]\s+) ?audit: \stype= \d+\s+audit\ ([\d\.\ :]+\):\ s+apparmor= ')
I don't see how the fix in 2.9.1 would have worked for anyone without this extra change.
(2) At this point, there are so many different syslog/audit formats that it might make sense to include some test cases, if not automated regression tests.