AppArmor无内核及系统日志的问题及解决

在AppArmor中，正常情况下，一旦违反了规则，是能够在内核及系统日志中看到相关信息的。比如：在Ubuntu下正常产生的日志信息（示例）如下：

kernel: [140321.028000] audit(1191433716.584:1578):  type=1502 operation=”inode_create” requested_mask=”w” denied_mask=”w” name=”/home/n1/Desktop/abc” pid=4864 profile=”/home/n1/Desktop/testapp”
kernel: [140362.236000] audit(1191433758.086:1579):  type=1502 operation=”inode_permission” requested_mask=”r” denied_mask=”r” name=”/home/n1/Desktop/abcd” pid=4877 profile=”/home/n1/Desktop/testapp”

根据以上日志信息，定位到产生此日志的内核代码是security/apparmor/audit.c中的audit_pre函数。audit_pre函数在<linux内核源码根目录>/security/apparmor/audit.c中，代码如下：

/**
 * audit_base - core AppArmor function.
 * @ab: audit buffer to fill (NOT NULL)
 * @ca: audit structure containing data to audit (NOT NULL)
 *
 * Record common AppArmor audit data from @sa
 */
static void audit_pre(struct audit_buffer *ab, void *ca)
{
	struct common_audit_data *sa = ca;

	if (aa_g_audit_header) {
		audit_log_format(ab, "apparmor=\"%s\"",
				 aa_audit_type[aad(sa)->type]);
	}

	if (aad(sa)->op) {
		audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);
	}

	if (aad(sa)->info) {
		audit_log_format(ab, " info=\"%s\"", aad(sa)->info);
		if (aad(sa)->error)
			audit_log_format(ab, " error=%d", aad(sa)->error);
	}

	if (aad(sa)->label) {
		struct aa_label *label = aad(sa)->label;

		if (label_isprofile(label)) {
			struct aa_profile *profile = labels_profile(label);

			if (profile->ns != root_ns) {
				audit_log_format(ab, " namespace=");
				audit_log_untrustedstring(ab,
						       profile->ns->base.hname);
			}
			audit_log_format(ab, " profile=");
			audit_log_untrustedstring(ab, profile->base.hname);
		} else {
			audit_log_format(ab, " label=");
			aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,
					GFP_ATOMIC);
		}
	}

	if (aad(sa)->name) {
		audit_log_format(ab, " name=");
		audit_log_untrustedstring(ab, aad(sa)->name);
	}
}

而audit_pre函数是在同文件中的aa_audit_msg函数中被调用的，该函数代码如下：

/**
 * aa_audit_msg - Log a message to the audit subsystem
 * @sa: audit event structure (NOT NULL)
 * @cb: optional callback fn for type specific fields (MAYBE NULL)
 */
void aa_audit_msg(int type, struct common_audit_data *sa,
		  void (*cb) (struct audit_buffer *, void *))
{
	aad(sa)->type = type;
	common_lsm_audit(sa, audit_pre, cb);
}

common_lsm_audit函数在security/lsm_audit.c中实现，代码如下：

/**
 * common_lsm_audit - generic LSM auditing function
 * @a:  auxiliary audit data
 * @pre_audit: lsm-specific pre-audit callback
 * @post_audit: lsm-specific post-audit callback
 *
 * setup the audit buffer for common security information
 * uses callback to print LSM specific information
 */
void common_lsm_audit(struct common_audit_data *a,
	void (*pre_audit)(struct audit_buffer *, void *),
	void (*post_audit)(struct audit_buffer *, void *))
{
	struct audit_buffer *ab;

	if (a == NULL)
		return;
	/* we use GFP_ATOMIC so we won't sleep */
	ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,
			     AUDIT_AVC);

	if (ab == NULL)
		return;

	if (pre_audit)
		pre_audit(ab, a);

	dump_common_audit_data(ab, a);

	if (post_audit)
		post_audit(ab, a);

	audit_log_end(ab);
}

在此函数开头处加入打印语句，如：printk(KERN_ERR "daozhelilema? phph?");，观察/var/log/kern.log或/var/log/syslog文件，看是否出现此打印信息。

重新编译内核并烧录及重启后，重新通过sudo aa-genprof test_app生成规则文件。然后再次执行./test_app abc，同时通过tail -f /var/log/kern.log看是否有打印。

/var/log/kern.log中最终出现以下打印：

Apr 27 14:45:55 Ding-Perlis-MP260S48 kernel: [  645.816085] daozhelilema? phph?

说明能够到common_lsm_audit函数。

在此函数中继续添加更多打印，观察是否能够进入common_lsm_audit函数中的pre_audit即实际的audit_pre函数。加入更多打印后的comon_lsm_audit函数代码如下：

void common_lsm_audit(struct common_audit_data *a,
	void (*pre_audit)(struct audit_buffer *, void *),
	void (*post_audit)(struct audit_buffer *, void *))
{
	struct audit_buffer *ab;
printk(KERN_ERR "daozhelilema? phph?");
	if (a == NULL)
		return;
	/* we use GFP_ATOMIC so we won't sleep */
	ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,
			     AUDIT_AVC);
printk(KERN_ERR "daozhelilema2? phph?");
	if (ab == NULL)
		return;
printk(KERN_ERR "daozhelilema3? phph?");
	if (pre_audit)
	{
		printk(KERN_ERR "daozhelilema4? phph?");
		pre_audit(ab, a);
	}

	dump_common_audit_data(ab, a);

	if (post_audit)
		post_audit(ab, a);

	audit_log_end(ab);
}

重复前述步骤，最终看到/var/log/kern.log出现如下打印：

Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [  179.266281] daozhelilema? phph?
Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [  179.266288] daozhelilema2? phph?
Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [  179.266290] daozhelilema3? phph?
Apr 27 15:01:43 Ding-Perlis-MP260S48 kernel: [  179.26630] daozhelilema4? phph?

再次深入跟进，这一次连同security/apparmor/audit.c中的audit_pre函数一起加上打印，代码如下所示：

static void audit_pre(struct audit_buffer *ab, void *ca)
{
	struct common_audit_data *sa = ca;
printk(KERN_ERR "daozhelilema11? phph?\n");
	if (aa_g_audit_header) {
		printk(KERN_ERR "daozhelilema22? phph?\n");
		audit_log_format(ab, "apparmor=\"%s\"",
				 aa_audit_type[aad(sa)->type]);
	}
printk(KERN_ERR "daozhelilema33? phph?\n");
	if (aad(sa)->op) {
		printk(KERN_ERR "daozhelilema44? phph?\n");
		audit_log_format(ab, " operation=\"%s\"", aad(sa)->op);
	}
printk(KERN_ERR "daozhelilema55? phph?\n");
	if (aad(sa)->info) {
		printk(KERN_ERR "daozhelilema66? phph?\n");
		audit_log_format(ab, " info=\"%s\"", aad(sa)->info);
		if (aad(sa)->error)
			audit_log_format(ab, " error=%d", aad(sa)->error);
	}
printk(KERN_ERR "daozhelilema77? phph?\n");
	if (aad(sa)->label) {
		struct aa_label *label = aad(sa)->label;

		if (label_isprofile(label)) {
			struct aa_profile *profile = labels_profile(label);

			if (profile->ns != root_ns) {
				audit_log_format(ab, " namespace=");
				audit_log_untrustedstring(ab,
						       profile->ns->base.hname);
			}
			audit_log_format(ab, " profile=");
			audit_log_untrustedstring(ab, profile->base.hname);
		} else {
			audit_log_format(ab, " label=");
			aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,
					GFP_ATOMIC);
		}
	}

	if (aad(sa)->name) {
		audit_log_format(ab, " name=");
		audit_log_untrustedstring(ab, aad(sa)->name);
	}
}

comon_lsm_audit函数中的打印语句也完善一下：

void common_lsm_audit(struct common_audit_data *a,
	void (*pre_audit)(struct audit_buffer *, void *),
	void (*post_audit)(struct audit_buffer *, void *))
{
	struct audit_buffer *ab;
printk(KERN_ERR "daozhelilema? phph?\n");
	if (a == NULL)
		return;
	/* we use GFP_ATOMIC so we won't sleep */
	ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,
			     AUDIT_AVC);
printk(KERN_ERR "daozhelilema2? phph?\n");
	if (ab == NULL)
		return;
printk(KERN_ERR "daozhelilema3? phph?\n");
	if (pre_audit)
	{
		printk(KERN_ERR "daozhelilema4? phph?\n");
		pre_audit(ab, a);
	}
printk(KERN_ERR "daozhelilema5? phph?\n");
	dump_common_audit_data(ab, a);

	if (post_audit)
		post_audit(ab, a);

	audit_log_end(ab);
}

重复前述步骤，最终看到/var/log/kern.log出现如下打印：

Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729542] daozhelilema? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729559] daozhelilema2? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729563] daozhelilema3? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729566] daozhelilema4? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729569] daozhelilema11? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729573] daozhelilema22? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729577] daozhelilema33? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729580] daozhelilema44? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729584] daozhelilema55? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729587] daozhelilema77? phph?
Apr 28 10:16:05 Ding-Perlis-MP260S48 kernel: [ 2254.729591] daozhelilema5? phph?

这样看来是audit_pre函数已经调用到了，但是audit_log_format函数没有起作用。看一下其实现，在kernel/audit.c中，代码如下：

/**
 * audit_log_format - format a message into the audit buffer.
 * @ab: audit_buffer
 * @fmt: format string
 * @...: optional parameters matching @fmt string
 *
 * All the work is done in audit_log_vformat.
 */
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{
	va_list args;

	if (!ab)
		return;
	va_start(args, fmt);
	audit_log_vformat(ab, fmt, args);
	va_end(args);
}

在audie_log_format函数中也加上打印，如下所示：

void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{
	va_list args;
printk(KERN_ERR "daozhelilema   88? phph?\n");
	if (!ab)
		return;
printk(KERN_ERR "daozhelilema   99? phph?\n");
	va_start(args, fmt);
	audit_log_vformat(ab, fmt, args);
	va_end(args);
}

重复前述步骤，最终看到/var/log/kern.log出现如下打印：

Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269097] daozhelilema? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269113] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269117] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269121] daozhelilema2? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269125] daozhelilema3? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269128] daozhelilema4? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269132] daozhelilema11? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269135] daozhelilema22? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269139] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269142] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269146] daozhelilema33? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269150] daozhelilema44? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269153] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269157] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269160] daozhelilema55? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269164] daozhelilema77? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269167] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269171] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269175] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269178] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269182] daozhelilema5? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269185] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269189] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269193] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269197] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269200] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269204] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269207] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269211] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269214] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269218] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269233] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269236] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269240] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269244] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269248] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269251] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269255] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269258] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269265] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269268] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269274] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269277] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269281] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269284] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269295] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269298] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269302] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269305] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269309] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269312] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269321] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269324] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269328] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269331] daozhelilema   99? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269344] daozhelilema   88? phph?
Apr 28 10:55:39 Ding-Perlis-MP260S48 kernel: [  300.269347] daozhelilema   99? phph?

可见，audit_log_format也进入了，并且ab这个指针变量也已经赋值。那么剩下的就只有va_start到va_end这一段代码了，核心函数是audit_log_vformat，其位于同文件（kernel/audit.c）中，就在audit_log_format函数的上边，代码如下：

/*
 * Format an audit message into the audit buffer.  If there isn't enough
 * room in the audit buffer, more room will be allocated and vsnprint
 * will be called a second time.  Currently, we assume that a printk
 * can't format message larger than 1024 bytes, so we don't either.
 */
static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
			      va_list args)
{
	int len, avail;
	struct sk_buff *skb;
	va_list args2;

	if (!ab)
		return;

	BUG_ON(!ab->skb);
	skb = ab->skb;
	avail = skb_tailroom(skb);
	if (avail == 0) {
		avail = audit_expand(ab, AUDIT_BUFSIZ);
		if (!avail)
			goto out;
	}
	va_copy(args2, args);
	len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args);
	if (len >= avail) {
		/* The printk buffer is 1024 bytes long, so if we get
		 * here and AUDIT_BUFSIZ is at least 1024, then we can
		 * log everything that printk could have logged. */
		avail = audit_expand(ab,
			max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
		if (!avail)
			goto out_va_end;
		len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2);
	}
	if (len > 0)
		skb_put(skb, len);
out_va_end:
	va_end(args2);
out:
	return;
}

在此函数中继续添加打印语句，如下所示：

static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
			      va_list args)
{
	int len, avail;
	struct sk_buff *skb;
	va_list args2;

	if (!ab)
		return;

	BUG_ON(!ab->skb);
	skb = ab->skb;
printk(KERN_ERR "daozhelilema101010?    phph?\n");
	avail = skb_tailroom(skb);
	if (avail == 0) {
		avail = audit_expand(ab, AUDIT_BUFSIZ);
		if (!avail)
		{
			printk(KERN_ERR "daozhelilema111111?     phph?\n");
			goto out;
		}
	}
printk(KERN_ERR "daozhelilema222222?    phph?\n");
	va_copy(args2, args);
	len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args);
	if (len >= avail) {
		/* The printk buffer is 1024 bytes long, so if we get
		 * here and AUDIT_BUFSIZ is at least 1024, then we can
		 * log everything that printk could have logged. */
		avail = audit_expand(ab,
			max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
		if (!avail)
		{
			printk(KERN_ERR "daozhelilema333333?    phph?\n");
			goto out_va_end;
		}
		len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2);
	}
	if (len > 0)
	{
		printk(KERN_ERR "daozhelilema444444?      phph?\n");
		skb_put(skb, len);
	}
out_va_end:
	va_end(args2);
out:
	return;
}

重复前述步骤，最终看到/var/log/kern.log出现如下打印：

Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498300] daozhelilema? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498315] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498318] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498323] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498326] daozhelilema2? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498329] daozhelilema3? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498332] daozhelilema4? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498336] daozhelilema11? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498339] daozhelilema22? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498342] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498345] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498349] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498352] daozhelilema33? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498355] daozhelilema44? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498358] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498361] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498365] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498368] daozhelilema55? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498371] daozhelilema77? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498374] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498377] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498380] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498384] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498387] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498390] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498394] daozhelilema5? phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498397] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498400] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498403] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498408] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498411] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498414] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498417] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498420] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498423] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498427] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498430] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498433] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498436] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498439] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498442] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498458] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498462] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498465] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498469] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498471] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498475] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498478] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498481] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498485] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498489] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498492] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498496] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498501] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498504] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498509] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498512] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498515] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498518] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498523] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498526] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498529] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498538] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498541] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498545] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498548] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498552] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498555] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498558] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498561] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498564] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498570] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498574] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498577] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498580] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498583] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498586] daozhelilema444444?      phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498599] daozhelilema101010?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498602] daozhelilema222222?    phph?
Apr 28 11:23:09 Ding-Perlis-MP260S48 kernel: [  615.498606] daozhelilema444444?      phph?

由此可见，自行加入的打印能够正常打印出来即产生在内核日志文件中（不包括if语句中的打印语句），而skb开头的相关语句仍然不能在内核日志中输出信息。

综上情况表明：没有日志的问题根源并不是AppArmor本身的问题，基本上可以断定是skb相关的内核代码及选项的问题。

AppArmor无内核及系统日志的问题及解决

猜你喜欢