From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor-utils: Add support for creds and path operations
References: bnc#564316

 2.6.29 introduced the path security_operations and credentials

 This patch adds support for those operations to the log parser.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 SubDomain.pm |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/SubDomain.pm
+++ b/SubDomain.pm
@@ -2759,7 +2759,9 @@ sub add_event_to_tree ($) {
                          $e->{name2}
                        );
         }
-    } elsif ($e->{operation} =~ m/file_/) {
+    } elsif ($e->{operation} =~ m/file_/ or
+	    # These are the path operations introduced in 2.6.29
+             $e->{operation} =~ m/^(open|unlink|mkdir|rmdir|mknod|truncate|symlink_create|link|rename_src|rename_dest)$/) {
         add_to_tree( $e->{pid},
 		     $e->{parent},
                      "path",
@@ -2794,7 +2796,9 @@ sub add_event_to_tree ($) {
                      $e->{name},
 		     ""
                     );
-    } elsif ($e->{operation} =~ m/inode_/) {
+    } elsif ($e->{operation} =~ m/inode_/ or
+	    # 2.6.29 introduced creds and we see the "exec" operation instead
+	     $e->{operation} eq "exec") {
         my $is_domain_change = 0;
 
         if ($e->{operation}   eq "inode_permission" &&