From 9aaf1093833bf812e6d32ee14dc6546e934eed15 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 6 Apr 2025 14:51:00 +0200
Subject: [PATCH] feat(aa-log): improve log to rule conversion.

---
 pkg/aa/profile.go | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go
index 10e5f6c58..5d097cad9 100644
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@@ -140,10 +140,16 @@ func (p *Profile) GetAttachments() string {
 var (
 	newLogMap = map[string]func(log map[string]string) Rule{
 		// class
-		"rlimits":      newRlimitFromLog,
-		"namespace":    newUsernsFromLog,
-		"cap":          newCapabilityFromLog,
-		"net":          newNetworkFromLog,
+		"rlimits":   newRlimitFromLog,
+		"namespace": newUsernsFromLog,
+		"cap":       newCapabilityFromLog,
+		"net": func(log map[string]string) Rule {
+			if log["family"] == "unix" {
+				return newUnixFromLog(log)
+			} else {
+				return newNetworkFromLog(log)
+			}
+		},
 		"posix_mqueue": newMqueueFromLog,
 		"sysv_mqueue":  newMqueueFromLog,
 		"signal":       newSignalFromLog,
@@ -176,6 +182,7 @@ var (
 		"open":        newFileFromLog,
 		"rename_dest": newFileFromLog,
 		"rename_src":  newFileFromLog,
+		"rmdir":       newFileFromLog,
 		"truncate":    newFileFromLog,
 		"unlink":      newFileFromLog,
 	}
@@ -219,7 +226,7 @@ func (p *Profile) AddRule(log map[string]string) {
 		case strings.Contains(log["operation"], "dbus"):
 			p.Rules = append(p.Rules, newDbusFromLog(log))
 		default:
-			fmt.Printf("unknown log type: %s\n", log["operation"])
+			fmt.Printf("unknown log type: %s:%v\n", log["operation"], log)
 		}
 	}
 }