Comment 19 for bug 271252

Regression possibilities: given that in the default configuration (audit messages going to syslog rather than auditd), none of the messages are parsed properly by the library and thus are not being handed off to the tools, rendering them useless for updating profiles; it would be hard to regress from that. However, the changes do touch the core lexer and grammar of the parsing library, so it's possible that this fix could cause regressions for situations that currently work (namely, configurations where auditd is enabled). I'll test that configuration later today (assuming the packages got built finally).

The change is in a library that is entirely separate from the tool that loads apparmor policy into the kernel for enforcement (or the kernel enforcement code itself) and as such should not be able to cause any regressions around apparmor's ability to enforce policy; the library is only used for tools that need to handle apparmor events, like aa-logprof, which assists users in modifying policy based on rejections that occur.

Thanks.