After this is fixed, I can reproduce the problem with the python tools too.
However it looks like aa-logprof is the broken part - it seems to assign events for the null-xx subprofiles to the main profile instead of a) assigning them to the right subprofile or at least b) dropping them as "unknown null-xx subprofile" :-(
# python3 aa-logprof
Reading log entries from /var/log/audit/audit.log.
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:
Profile: /home/cb/linuxtag/apparmor/scripts/hello
Path: /home/sys-tmp/hello.txt
Old Mode: w
New Mode: rw (owner permissions off)
Severity: 6
Patch for comment #5 / #6 commited to bzr r2526.
After this is fixed, I can reproduce the problem with the python tools too.
However it looks like aa-logprof is the broken part - it seems to assign events for the null-xx subprofiles to the main profile instead of a) assigning them to the right subprofile or at least b) dropping them as "unknown null-xx subprofile" :-(
# python3 aa-logprof audit/audit. log.
Reading log entries from /var/log/
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:
Profile: /home/cb/ linuxtag/ apparmor/ scripts/ hello tmp/hello. txt
Path: /home/sys-
Old Mode: w
New Mode: rw (owner permissions off)
Severity: 6
1 - /home/sys- tmp/hello. txt
[2 - /home/*/hello.txt]
[(A)llow] / (D)eny / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Abo(r)t / (F)inish / (M)ore
# grep hello.txt /var/log/ audit/audit. log 1402352804. 785:2172) : apparmor="ALLOWED" operation="mknod" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello" name="/ home/sys- tmp/hello. txt" pid=20095 comm="hello" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 1402352804. 785:2172) : apparmor="ALLOWED" operation="open" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello" name="/ home/sys- tmp/hello. txt" pid=20095 comm="hello" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 1402352804. 787:2210) : apparmor="ALLOWED" operation="open" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-15" name="/ home/sys- tmp/hello. txt" pid=20096 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 1402352804. 787:2211) : apparmor="ALLOWED" operation="getattr" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-15" name="/ home/sys- tmp/hello. txt" pid=20096 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 1402352804. 789:2248) : apparmor="ALLOWED" operation="getattr" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-16" name="/ home/sys- tmp/hello. txt" pid=20097 comm="rm" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 1402352804. 789:2249) : apparmor="ALLOWED" operation="getattr" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-16" name="/ home/sys- tmp/hello. txt" pid=20097 comm="rm" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 1402352804. 789:2250) : apparmor="ALLOWED" operation="unlink" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-16" name="/ home/sys- tmp/hello. txt" pid=20097 comm="rm" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000
type=AVC msg=audit(
type=AVC msg=audit(
type=AVC msg=audit(
type=AVC msg=audit(
type=AVC msg=audit(
type=AVC msg=audit(
type=AVC msg=audit(