Avoid aa-notify crash on log events without operation=
Some STATUS log events trigger a crash in aa-notify because the log line doesn't have operation=. Examples are:
type=AVC msg=audit(1630913351.586:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0"
type=AVC msg=audit(1630913352.610:6): apparmor="STATUS" info="AppArmor sha1 policy hashing enabled" pid=1 comm="swapper/0"
Fix this by not looking at log events without operation=
Also add one of the example events as libapparmor testcase.
Fixes: #194 (closed)
I propose this patch for 3.0 and master. (In 2.13 and older, we still have the perl version of aa-notify.)