Bugzilla – Bug 1216660
apparmor: aa-notify broken after removal of /var/log/wtmp
Last modified: 2024-03-12 23:40:39 UTC
aa-notify is broken after the removal of /var/log/wtpm . This was provided by systemd and it has been removed, see https://build.opensuse.org/request/show/1120043 You can see the problem in this test that runs aa-notify: https://openqa.opensuse.org/tests/3679963#step/aa_notify/14 Ideally aa-notify should use the information provided by https://build.opensuse.org/package/show/Linux-PAM/wtmpdb instead of querying directly /var/log/wtpm
When it says wtpm you should read wtmp ;)
I won't complain if I can get rid of parsing the binary wtmp file (even if I'll have to keep it for quite a while, as long as some distros still use it). However, I'm not sure what a good replacement would be. Basically, aa-notify -l needs to know when a given user last logged in. What's the most easy and machine-readable replacement to answer the question "when did user xyz login the last time?"? I could start parsing the output of "wtmpdb last -F -w", but that would replace parsing a binary file with parsing some text (with variable field width, thanks to -w) that is not really machine readable :-/ Is there something better available on the commandline or as a python module?
(In reply to Christian Boltz from comment #2) > Basically, aa-notify -l needs to know when a given user last logged in. > > What's the most easy and machine-readable replacement to answer the question > "when did user xyz login the last time?"? Since /var/log/wtmp could be rotated at any time, it does not even need to contain the last login time of the currently logged in user nor any other user. lastlog (or in our case lastlog2, which did replace lastlog in openSUSE and will replace lastlog in util-linux upstream with the next release) is the command to get the last login time of a specified user, and it does not suffer from the rotation problem. lastlog -u <user> will give you the entry for the user, but it's again not really machine readable. I'm not aware of a good solution for lastlog or wtmp. lastlog2 has a library, maybe somebody can write a python interface?
(In reply to Thorsten Kukuk from comment #3) > lastlog -u <user> will give you the entry for the user, but it's again not > really machine readable. > I'm not aware of a good solution for lastlog or wtmp. > lastlog2 has a library, maybe somebody can write a python interface? May I propose a different (and maybe easier) solution? Could you add a --json option that provides the output in JSON format? (Ideally it should honor the other options like -u and filter the output accordingly.)
clearing NEEDINFO on RelMgr - why would RelMgr have a say in this? This comes down to engineering - so in fact Thorsten would be better in deciding if a json output would be feasible
On request of other distributions we are currently merging lastlog2 with util-linux. As long as this is not completed (my guess is this will need a longer time), we will not make any changes to the lastlog2 code. And afterwards this needs to be discussed with the util-linux maintainers. util-linux contains already a python interface for libmount, so the chances, that they would accept python bindings for liblastlog, are high. But nothing I can help with.
Boring solution: ``` import sqlite3 db = sqlite3.connect('file:/var/lib/lastlog/lastlog2.db?mode=ro', uri=True) cur = db.cursor() cur.execute('SELECT Time FROM Lastlog2 WHERE Name == "georg"').fetchone()[0] 1710286008 ```