packages: apparmor-parser/apparmor-parser-bzr.patch, apparmor-parser/apparm...

Wed Aug 4 15:11:05 CEST 2010

Author: arekm                        Date: Wed Aug  4 13:11:06 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 6; more bzr fixes

---- Files affected:
packages/apparmor-parser:
   apparmor-parser-bzr.patch (1.2 -> 1.3) , apparmor-parser.spec (1.31 -> 1.32) 

---- Diffs:

================================================================
Index: packages/apparmor-parser/apparmor-parser-bzr.patch
diff -u packages/apparmor-parser/apparmor-parser-bzr.patch:1.2 packages/apparmor-parser/apparmor-parser-bzr.patch:1.3

--- packages/apparmor-parser/apparmor-parser-bzr.patch:1.2	Sat Jun  5 08:16:43 2010
+++ packages/apparmor-parser/apparmor-parser-bzr.patch	Wed Aug  4 15:10:58 2010
@@ -1,7 +1,7 @@
 === added file '.bzrignore'
 --- .bzrignore	1970-01-01 00:00:00 +0000
-+++ .bzrignore	2010-06-05 01:39:20 +0000
-@@ -0,0 +1,25 @@
++++ .bzrignore	2010-08-03 17:27:13 +0000
+@@ -0,0 +1,165 @@
 +parser/po/*.mo
 +parser/af_names.h
 +parser/cap_names.h
@@ -27,10 +27,589 @@
 +parser/techdoc.log
 +parser/techdoc.pdf
 +parser/techdoc.toc
++libraries/libapparmor/Makefile
++libraries/libapparmor/Makefile.in
++libraries/libapparmor/aclocal.m4
++libraries/libapparmor/audit.log
++libraries/libapparmor/autom4te.cache
++libraries/libapparmor/compile
++libraries/libapparmor/config.guess
++libraries/libapparmor/config.log
++libraries/libapparmor/config.status
++libraries/libapparmor/config.sub
++libraries/libapparmor/configure
++libraries/libapparmor/depcomp
++libraries/libapparmor/install-sh
++libraries/libapparmor/libtool
++libraries/libapparmor/ltmain.sh
++libraries/libapparmor/missing
++libraries/libapparmor/ylwrap
++libraries/libapparmor/doc/Makefile
++libraries/libapparmor/doc/Makefile.in
++libraries/libapparmor/doc/aa_change_hat.2
++libraries/libapparmor/src/.deps
++libraries/libapparmor/src/.libs
++libraries/libapparmor/src/Makefile
++libraries/libapparmor/src/Makefile.in
++libraries/libapparmor/src/af_protos.h
++libraries/libapparmor/src/change_hat.lo
++libraries/libapparmor/src/grammar.lo
++libraries/libapparmor/src/libaalogparse.lo
++libraries/libapparmor/src/libimmunix_warning.lo
++libraries/libapparmor/src/scanner.lo
++libraries/libapparmor/src/libapparmor.la
++libraries/libapparmor/src/libimmunix.la
++libraries/libapparmor/src/grammar.c
++libraries/libapparmor/src/grammar.h
++libraries/libapparmor/src/scanner.c
++libraries/libapparmor/src/scanner.h
++libraries/libapparmor/src/tst_aalogmisc
++libraries/libapparmor/swig/Makefile
++libraries/libapparmor/swig/Makefile.in
++libraries/libapparmor/swig/perl/LibAppArmor.bs
++libraries/libapparmor/swig/perl/LibAppArmor.pm
++libraries/libapparmor/swig/perl/Makefile
++libraries/libapparmor/swig/perl/Makefile.PL
++libraries/libapparmor/swig/perl/Makefile.in
++libraries/libapparmor/swig/perl/Makefile.perl
++libraries/libapparmor/swig/perl/blib
++libraries/libapparmor/swig/perl/libapparmor_wrap.c
++libraries/libapparmor/swig/perl/pm_to_blib
++libraries/libapparmor/swig/python/Makefile
++libraries/libapparmor/swig/python/Makefile.in
++libraries/libapparmor/swig/python/setup.py
++libraries/libapparmor/swig/ruby/Makefile
++libraries/libapparmor/swig/ruby/Makefile.in
++libraries/libapparmor/testsuite/.deps
++libraries/libapparmor/testsuite/.libs
++libraries/libapparmor/testsuite/Makefile
++libraries/libapparmor/testsuite/Makefile.in
++libraries/libapparmor/testsuite/libaalogparse.log
++libraries/libapparmor/testsuite/libaalogparse.sum
++libraries/libapparmor/testsuite/site.exp
++libraries/libapparmor/testsuite/test_multi.multi
++libraries/libapparmor/testsuite/config/Makefile
++libraries/libapparmor/testsuite/config/Makefile.in
++libraries/libapparmor/testsuite/lib/Makefile
++libraries/libapparmor/testsuite/lib/Makefile.in
++libraries/libapparmor/testsuite/libaalogparse.test/Makefile
++libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
++libraries/libapparmor/testsuite/test_multi/out
++changehat/mod_apparmor/.libs
++changehat/mod_apparmor/common
++changehat/pam_apparmor/common
++changehat/tomcat_apparmor/common
++utils/common
++utils/*.8
++utils/*.8.html
++utils/*.5
++utils/*.5.html
++utils/*.tmp
++utils/po/*.mo
++tests/regression/apparmor/access
++tests/regression/apparmor/changehat
++tests/regression/apparmor/changehat_fail
++tests/regression/apparmor/changehat_fork
++tests/regression/apparmor/changehat_misc
++tests/regression/apparmor/changehat_misc2
++tests/regression/apparmor/changehat_pthread
++tests/regression/apparmor/changehat_twice
++tests/regression/apparmor/changehat_wrapper
++tests/regression/apparmor/changeprofile
++tests/regression/apparmor/chdir
++tests/regression/apparmor/chgrp
++tests/regression/apparmor/chmod
++tests/regression/apparmor/chown
++tests/regression/apparmor/clone
++tests/regression/apparmor/deleted
++tests/regression/apparmor/env_check
++tests/regression/apparmor/environ
++tests/regression/apparmor/exec
++tests/regression/apparmor/exec_qual
++tests/regression/apparmor/exec_qual2
++tests/regression/apparmor/fchdir
++tests/regression/apparmor/fchgrp
++tests/regression/apparmor/fchmod
++tests/regression/apparmor/fchown
++tests/regression/apparmor/fork
++tests/regression/apparmor/link
++tests/regression/apparmor/link_subset
++tests/regression/apparmor/mkdir
++tests/regression/apparmor/mmap
++tests/regression/apparmor/mount
++tests/regression/apparmor/named_pipe
++tests/regression/apparmor/net_raw
++tests/regression/apparmor/open
++tests/regression/apparmor/openat
++tests/regression/apparmor/pipe
++tests/regression/apparmor/ptrace
++tests/regression/apparmor/ptrace_helper
++tests/regression/apparmor/pwrite
++tests/regression/apparmor/readdir
++tests/regression/apparmor/rename
++tests/regression/apparmor/rw
++tests/regression/apparmor/swap
++tests/regression/apparmor/symlink
++tests/regression/apparmor/syscall_chroot
++tests/regression/apparmor/syscall_mknod
++tests/regression/apparmor/syscall_mlockall
++tests/regression/apparmor/syscall_ptrace
++tests/regression/apparmor/syscall_reboot
++tests/regression/apparmor/syscall_setdomainname
++tests/regression/apparmor/syscall_sethostname
++tests/regression/apparmor/syscall_setpriority
++tests/regression/apparmor/syscall_setscheduler
++tests/regression/apparmor/syscall_sysctl
++tests/regression/apparmor/sysctl_proc
++tests/regression/apparmor/tcp
++tests/regression/apparmor/unix_fd_client
++tests/regression/apparmor/unix_fd_server
++tests/regression/apparmor/unlink
++tests/regression/apparmor/xattrs
++tests/regression/apparmor/coredump
+
+=== added file 'README'
+--- README	1970-01-01 00:00:00 +0000
++++ README	2010-08-03 17:27:13 +0000
+@@ -0,0 +1,155 @@
++------------
++Introduction
++------------
++AppArmor protects systems from insecure or untrusted processes by
++running them in restricted confinement, while still allowing processes
++to share files, exercise privilege and communicate with other processes.
++AppArmor is a Mandatory Access Control (MAC) mechanism which uses the
++Linux Security Module (LSM) framework. The confinement's restrictions
++are mandatory and are not bound to identity, group membership, or object
++ownership. The protections provided are in addition to the kernel's
++regular access control mechanisms (including DAC) and can be used to
++restrict the superuser.
++
++The AppArmor kernel module and accompanying user-space tools are
++available under the GPL license (the exception is the libapparmor
++library, available under the LGPL license, which allows change_hat(2)
++and change_profile(2) to be used by non-GPL binaries).
++
++For more information, you can read the techdoc.pdf (available after
++building the parser) and http://apparmor.wiki.kernel.org.
++
++
++-------------
++Source Layout
++-------------
++
++AppArmor consists of several different parts:
++
++changehat/	source for using changehat with Apache, PAM and Tomcat
++common/		common makefile rules
++desktop/	empty
++kernel-patches/	patches for various kernel versions
++libraries/	libapparmor source and language bindings
++parser/		source for parser/loader and corresponding documentation
++profiles/	configuration files, reference profiles and abstractions
++tests/		regression and stress testsuites
++utils/		high-level utilities for working with AppArmor
++
++
++------------------------------------------
++Building and Installing AppArmor Userspace
++------------------------------------------
++
++To build and install AppArmor userspace on your system, build and install in
++the following order.
++
++
++libapparmor:
++$ cd ./libraries/libapparmor
++$ sh ./autogen.sh
++$ sh ./configure --prefix=/usr --with-perl
++$ make
++$ make check
++
++
++Utilities:
++$ cd utils
++$ make
++$ make install
++
++
++parser:
++$ cd parser
++$ make
++$ make tests	# not strictly necessary as they are run during the
++		# build by default
++$ make install
++
++
++Apache mod_apparmor:
++$ cd changehat/mod_apparmor
++$ LIBS="-lapparmor" make
++$ make install
++
++
++PAM AppArmor:
++$ cd changehat/pam_apparmor
++$ LIBS="-lapparmor -lpam" make
++$ make install
++
++
++Profiles:
++$ cd profiles
++$ make
++$ make install
++
++
++
++-------------------
++AppArmor Testsuites
++-------------------
++
++A number of testsuites are in the AppArmor sources. Most have documentation on
++usage and how to update and add tests. Below is a quick overview of their
++location and how to run them.
++
++
++Regression tests
++----------------
++For details on structure and adding tests, see
++tests/regression/apparmor/README.
++
++To run:
++$ cd tests/regression/apparmor (requires root)
++$ make
++$ sudo make tests
++$ sudo bash open.sh -r	 # runs and saves the last testcase from open.sh
++
++
++Parser tests
++------------
++For details on structure and adding tests, see parser/tst/README.
++
++To run:
++$ cd parser/tst
++$ make
++$ make tests
++
++
++Libapparmor
++-----------
++For details on structure and adding tests, see libraries/libapparmor/README.
++$ cd libraries/libapparmor
++$ make check
++
++
++Stress Tests
++------------
++To run AppArmor stress tests:
++$ make all
++
++Use these:
++$ ./change_hat
++$ ./child
++$ ./kill.sh
++$ ./open
++$ ./s.sh
++
++Or run all at once:
++$ ./stress.sh
++
++Please note that the above will stress the system so much it may end up
++invoking the OOM killer.
++
++To run parser stress tests (requires /usr/bin/ruby):
++$ ./stress.sh
++
++(see stress.sh -h for options)
++
++-----------------------------------------------
++Building and Installing AppArmor Kernel Patches
++-----------------------------------------------
++
++TODO
++
+
+=== modified file 'common/Make.rules'
+--- common/Make.rules	2010-03-11 07:07:29 +0000
++++ common/Make.rules	2010-08-03 17:27:13 +0000
+@@ -48,7 +48,7 @@
+ 		    echo "/tmp/${NAME}"  ; \
+ 		  fi ;)
+ endif
+-RPMHOSTVENDOR=$(shell rpm --eval "%{_host_vendor}")
++RPMHOSTVENDOR=$(shell which rpm && rpm --eval "%{_host_vendor}")
+ ifndef DISTRO
+ DISTRO=$(shell if [ -f /etc/slackware-version ] ; then \
+ 		  echo slackware ; \
+@@ -92,30 +92,16 @@
+ ifndef SPECFILE
+ SPECFILE        = $(NAME).spec
+ endif
+-RELEASE = $(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} --qf "%{RELEASE}" ${SPECFILE})
++RELEASE		= $(shell lsb_release -is) $(shell lsb_release -rs)
+ RELEASE_DIR	= $(NAME)-$(VERSION)
+ TARBALL		= $(NAME)-$(VERSION)-${REPO_VERSION}.tar.gz
+-TAR		= /bin/tar czvp -h --exclude .svn --exclude CVS --exclude .cvsignore --exclude ${TARBALL} --exclude ${RELEASE_DIR}/${RELEASE_DIR}  $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
++TAR		= /bin/tar czvp -h --exclude .svn --exclude .bzr --exclude .bzrignore --exclude ${TARBALL} --exclude ${RELEASE_DIR}/${RELEASE_DIR}  $(shell test -f ${NAME}.exclude && echo "-X ${NAME}.exclude")
+ LDCONFIG	= /sbin/ldconfig
+ 
+-CVSPKG_VERSION=$(shell rpm -q --specfile --define "_sourcedir ." ${RPMARG} ${SPECFILE} | head -1 | tr "." "_")
+-
+ RPMSUBDIRS=SOURCES SPECS BUILD BUILDROOT SRPMS RPMS/i386 RPMS/i586 \
+         RPMS/i686 RPMS/athlon RPMS/noarch RPMS/x86_64
+ BUILDRPMSUBDIRS=$(foreach subdir, $(RPMSUBDIRS), $(BUILDDIR:/=)/$(subdir))
+ 
+-.PHONY: cvs_tag
+-cvs_tag:
+-	cvs tag IMMUNIX-${CVSPKG_VERSION}
+-
+-.PHONY: checkin
+-checkin:
+-	if cvs -q up -d | grep -q "^\?" ; then echo "Hey! You have" \
+-		"files in the directory you have not added into cvs."; exit 1; \
+-	fi
+-	cvs ci
+-	make cvs_tag
+-
+ ifdef EXTERNAL_PACKAGE
+ .PHONY: rpm
+ rpm: clean $(BUILDRPMSUBDIRS)
+
+=== modified file 'libraries/libapparmor/src/aalogparse.h'
+--- libraries/libapparmor/src/aalogparse.h	2009-09-18 21:13:04 +0000
++++ libraries/libapparmor/src/aalogparse.h	2010-08-03 17:27:13 +0000
+@@ -129,6 +129,7 @@
+ 	unsigned long fsuid;		/* fsuid of task - if logged */
+ 	unsigned long ouid;		/* ouid of task - if logged */
+ 	char *profile;			/* The name of the profile */
++	char *comm;			/* Command that triggered msg */
+ 	char *name;
+ 	char *name2;
+ 	char *namespace;
+
+=== modified file 'libraries/libapparmor/src/change_hat.c'
+--- libraries/libapparmor/src/change_hat.c	2010-02-11 23:38:24 +0000
++++ libraries/libapparmor/src/change_hat.c	2010-08-03 17:27:13 +0000
+@@ -194,7 +194,7 @@
+ 	/* setup command string which is of the form
+ 	 * changehat <token>^hat1\0hat2\0hat3\0..\0
+ 	 */
+-	sprintf(buf, "%s %016x^", cmd, token);
++	sprintf(buf, "%s %016lx^", cmd, token);
+ 	pos = buf + strlen(buf);
+ 	if (subprofiles) {
+ 		for (hats = subprofiles; *hats; hats++) {
+
+=== modified file 'libraries/libapparmor/src/grammar.y'
+--- libraries/libapparmor/src/grammar.y	2009-09-18 21:13:04 +0000
++++ libraries/libapparmor/src/grammar.y	2010-08-03 17:27:13 +0000
+@@ -1,6 +1,7 @@
+ /*
+  *   Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
+  *   NOVELL (All rights reserved)
++ *   Copyright (c) 2010, Canonical, Ltd.
+  *
+  *   This program is free software; you can redistribute it and/or
+  *   modify it under the terms of version 2 of the GNU General Public
+@@ -96,6 +97,13 @@
+ %token TOK_TYPE_HINT
+ %token TOK_TYPE_STATUS
+ %token TOK_TYPE_ERROR
++%token TOK_TYPE_AA_REJECT
++%token TOK_TYPE_AA_AUDIT
++%token TOK_TYPE_AA_COMPLAIN
++%token TOK_TYPE_AA_HINT
++%token TOK_TYPE_AA_STATUS
++%token TOK_TYPE_AA_ERROR
++%token TOK_TYPE_LSM_AVC
+ %token TOK_OLD_TYPE_APPARMOR
+ %token TOK_OLD_APPARMOR_REJECT
+ %token TOK_OLD_APPARMOR_PERMIT
+@@ -123,6 +131,7 @@
+ %token TOK_OLD_FORK
+ %token TOK_OLD_CHILD
+ 
++%token TOK_KEY_APPARMOR
+ %token TOK_KEY_TYPE
+ %token TOK_KEY_MSG
+ %token TOK_KEY_OPERATION
+@@ -146,6 +155,7 @@
+ %token TOK_KEY_ERROR
+ %token TOK_KEY_FSUID
+ %token TOK_KEY_OUID
++%token TOK_KEY_COMM
+ 
+ %token TOK_SYSLOG_KERNEL
+ 
+@@ -168,13 +178,14 @@
+ 	;
+ 
+ new_syntax:
+-	  TOK_TYPE_REJECT audit_msg key_list { ret_record->event = AA_RECORD_DENIED; }
+-	| TOK_TYPE_AUDIT audit_msg key_list { ret_record->event = AA_RECORD_AUDIT; }
+-	| TOK_TYPE_COMPLAIN audit_msg key_list { ret_record->event = AA_RECORD_ALLOWED; }
+-	| TOK_TYPE_HINT audit_msg key_list { ret_record->event = AA_RECORD_HINT; }
+-	| TOK_TYPE_STATUS audit_msg key_list { ret_record->event = AA_RECORD_STATUS; }
+-	| TOK_TYPE_ERROR audit_msg key_list { ret_record->event = AA_RECORD_ERROR; }
++	  TOK_TYPE_AA_REJECT audit_msg key_list { ret_record->event = AA_RECORD_DENIED; }
++	| TOK_TYPE_AA_AUDIT audit_msg key_list { ret_record->event = AA_RECORD_AUDIT; }
++	| TOK_TYPE_AA_COMPLAIN audit_msg key_list { ret_record->event = AA_RECORD_ALLOWED; }
++	| TOK_TYPE_AA_HINT audit_msg key_list { ret_record->event = AA_RECORD_HINT; }
++	| TOK_TYPE_AA_STATUS audit_msg key_list { ret_record->event = AA_RECORD_STATUS; }
++	| TOK_TYPE_AA_ERROR audit_msg key_list { ret_record->event = AA_RECORD_ERROR; }
+ 	| TOK_TYPE_UNKNOWN audit_msg key_list { ret_record->event = lookup_aa_event($1); }
++	| TOK_TYPE_LSM_AVC audit_msg key_list
+ 	;
+ 
+ other_audit: TOK_TYPE_OTHER audit_msg TOK_MSG_REST
+@@ -366,7 +377,8 @@
+ 
+ audit_id: TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
+ 	{
+-		asprintf(&ret_record->audit_id, "%s.%s:%s", $3, $5, $7);
++		if (!asprintf(&ret_record->audit_id, "%s.%s:%s", $3, $5, $7))
++			yyerror(scanner, YY_("Out of memory"));
+ 		ret_record->epoch = atol($3);
+ 		ret_record->audit_sub_id = atoi($7);
+ 		free($3);
+@@ -420,6 +432,18 @@
+ 	{ ret_record->fsuid = $3;}
+ 	| TOK_KEY_OUID TOK_EQUALS TOK_DIGITS
+ 	{ ret_record->ouid = $3;}
++	| TOK_KEY_COMM TOK_EQUALS TOK_QUOTED_STRING
++	{ ret_record->comm = $3;}
++	| TOK_KEY_APPARMOR TOK_EQUALS apparmor_event
++	;
++
++apparmor_event:
++	  TOK_TYPE_REJECT	{ ret_record->event = AA_RECORD_DENIED; }
++	| TOK_TYPE_AUDIT	{ ret_record->event = AA_RECORD_AUDIT; }
++	| TOK_TYPE_COMPLAIN	{ ret_record->event = AA_RECORD_ALLOWED; }
++	| TOK_TYPE_HINT		{ ret_record->event = AA_RECORD_HINT; }
++	| TOK_TYPE_STATUS	{ ret_record->event = AA_RECORD_STATUS; }
++	| TOK_TYPE_ERROR	{ ret_record->event = AA_RECORD_ERROR; }
+ 	;
+ 
+ key_pid: TOK_KEY_PID TOK_EQUALS TOK_DIGITS { ret_record->pid = $3; }
+
+=== modified file 'libraries/libapparmor/src/libaalogparse.c'
+--- libraries/libapparmor/src/libaalogparse.c	2009-09-18 21:13:04 +0000
++++ libraries/libapparmor/src/libaalogparse.c	2010-08-03 17:27:13 +0000
+@@ -56,6 +56,8 @@
+ 			free(record->denied_mask);
+ 		if (record->profile != NULL)
+ 			free(record->profile);
++		if (record->comm != NULL)
++			free(record->comm);
+ 		if (record->name != NULL)
+ 			free(record->name);
+ 		if (record->name2 != NULL)
+@@ -151,7 +153,8 @@
+ 	if (current->protocol_name) {
+ 		ret = strdup(current->protocol_name);
+ 	} else {
+-		asprintf(&ret, "unknown(%u)", proto);
++		if (!asprintf(&ret, "unknown(%u)", proto))
++			ret = NULL;
+ 	}
+ 
+ 	return ret;
+
+=== modified file 'libraries/libapparmor/src/scanner.l'
+--- libraries/libapparmor/src/scanner.l	2010-02-10 23:13:55 +0000
++++ libraries/libapparmor/src/scanner.l	2010-08-03 17:27:13 +0000
+@@ -1,6 +1,7 @@
+ /*
+  *   Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
+  *   NOVELL (All rights reserved)
++ *   Copyright (c) 2010, Canonical, Ltd.
+  *
+  *   This program is free software; you can redistribute it and/or
+  *   modify it under the terms of version 2 of the GNU General Public
+@@ -30,6 +31,8 @@
+ 
+ #include <assert.h>
+ 
++#define YY_NO_INPUT
++
+ unsigned int string_buf_alloc = 0;
+ unsigned int string_buf_len = 0;
+ char *string_buf = NULL;
+@@ -84,12 +87,19 @@
+ modes		({mode_chars}+)|({mode_chars}+::{mode_chars}*)|(::{mode_chars}*)
+ /* New message types */
+ 
+-reject_type		"APPARMOR_DENIED"
+-audit_type		"APPARMOR_AUDIT"
+-complain_type		"APPARMOR_ALLOWED"
+-hint_type		"APPARMOR_HINT"
+-status_type		"APPARMOR_STATUS"
+-error_type		"APPARMOR_ERROR"
++aa_reject_type		"APPARMOR_DENIED"
++aa_audit_type		"APPARMOR_AUDIT"
++aa_complain_type	"APPARMOR_ALLOWED"
++aa_hint_type		"APPARMOR_HINT"
++aa_status_type		"APPARMOR_STATUS"
++aa_error_type		"APPARMOR_ERROR"
++reject_type		"\"DENIED\""
++audit_type		"\"AUDIT\""
++complain_type		"\"ALLOWED\""
++hint_type		"\"HINT\""
++status_type		"\"STATUS\""
++error_type		"\"ERROR\""
++lsm_avc_type		"AVC"
+ unknown_type		UNKNOWN\[{digits}+\]
+ other_audit_type	[[:alnum:]\[\]_-]+
+ 
+@@ -125,6 +135,7 @@
+ 
+ /* Key tokens */
+ 
++key_apparmor		"apparmor"
+ key_type		"type"
+ key_msg			"msg"
+ key_operation		"operation"
+@@ -147,6 +158,7 @@
+ key_error		"error"
+ key_fsuid		"fsuid"
+ key_ouid		"ouid"
++key_comm		"comm"
+ audit			"audit"
+ 
+ /* syslog tokens */
+@@ -240,6 +252,13 @@
+ 	{hint_type}	{ BEGIN(INITIAL); return(TOK_TYPE_HINT); }
+ 	{status_type}	{ BEGIN(INITIAL); return(TOK_TYPE_STATUS); }
+ 	{error_type}	{ BEGIN(INITIAL); return(TOK_TYPE_ERROR); }
++	{aa_reject_type}	{ BEGIN(INITIAL); return(TOK_TYPE_AA_REJECT); }
++	{aa_audit_type}	{ BEGIN(INITIAL); return(TOK_TYPE_AA_AUDIT); }
++	{aa_complain_type}	{ BEGIN(INITIAL); return(TOK_TYPE_AA_COMPLAIN); }
++	{aa_hint_type}	{ BEGIN(INITIAL); return(TOK_TYPE_AA_HINT); }
++	{aa_status_type}	{ BEGIN(INITIAL); return(TOK_TYPE_AA_STATUS); }
++	{aa_error_type}	{ BEGIN(INITIAL); return(TOK_TYPE_AA_ERROR); }
++	{lsm_avc_type}	{ BEGIN(INITIAL); return(TOK_TYPE_LSM_AVC); }
+ 	{unknown_type}	{ char *yptr = yytext;
+ 			  while (*yptr && *yptr != '[')
+ 			  	yptr++;
+@@ -300,6 +319,7 @@
+ 	{key_attribute}	{ BEGIN(sub_id); return(TOK_KEY_ATTRIBUTE); }
+ }
+ 
++{key_apparmor}		{ BEGIN(audit_types); return(TOK_KEY_APPARMOR); }
+ {key_type}		{ BEGIN(audit_types); return(TOK_KEY_TYPE); }
+ {key_msg}		{ return(TOK_KEY_MSG); }
+ {key_operation}		{ return(TOK_KEY_OPERATION); }
+@@ -321,6 +341,7 @@
+ {key_error}		{ return(TOK_KEY_ERROR); }
+ {key_fsuid}		{ return(TOK_KEY_FSUID); }
+ {key_ouid}		{ return(TOK_KEY_OUID); }
++{key_comm}		{ return(TOK_KEY_COMM); }
+ 
+ {syslog_kernel}		{ BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/apparmor-parser/apparmor-parser-bzr.patch?r1=1.2&r2=1.3&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/apparmor-parser/apparmor-parser.spec?r1=1.31&r2=1.32&f=u

