← Back to team overview

ac100 team mailing list archive

[Bug 1231778] Re: wifi not working on Saucy Salamander

 

** Description changed:

  [Impact]
  
  On older kernels that are missing certain AppArmor patches related to
  AppArmor D-Bus mediation, the presence of dbus rules in the binary
  AppArmor policy will result in policy load failures and, as a result,
  applications may run unconfined. On newer kernels that are missing the
  same patches mentioned above, the policy load will succeed but the dbus
  rules will be quietly ignored.
  
  [Test Case]
  
  * Install older, unpatched mainline kernel (such as
  3.1.10-030110-generic)
  
- * Install newer, unpatched mainline kernel (such as
- 3.12.0-031200-generic)
- 
  * Bad test results on the mainline 3.1.10 kernel:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  apparmor_parser: Unable to replace "/t".  Profile doesn't conform to protocol
  
- * Good test on the mainline 3.1.10 kernel with a patched apparmor_parser:
+ * Good test results on the mainline 3.1.10 kernel with a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  Warning from stdin (stdin line 2): profile /t dbus rules not enforced
+ 
+ * Install newer, unpatched mainline kernel (such as
+ 3.12.0-031200-generic)
  
  * Bad test results on the mainline 3.12.0 kernel:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  
  * Good test results on the mainline 3.12.0 kernel with a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  Warning from stdin (stdin line 2): profile /t dbus rules not enforced
  
  * Good test results on the Ubuntu 3.11.0-12-generic kernel with or without a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
+ 
+ * Verify that dbus mediation occurs under the Ubuntu 3.11.0-12-generic kernel:
+ $ echo "profile nodbus { file, }" | sudo apparmor_parser -rq
+ $ dbus-send --print-reply --system --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames | head 
+ method return sender=org.freedesktop.DBus -> dest=:1.51 reply_serial=2
+    array [
+       string "org.freedesktop.DBus"
+ 
+ ...
+ $ aa-exec -p nodbus -- dbus-send --print-reply --system --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
+ Failed to open connection to "system" message bus: An AppArmor policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)
  
  [Regression Potential]
  
  * The regression potential is minor because the fix is small and easy to
  test
  
  [Original Bug Report]
  
  Note that apparmor_parser warns that the dbus rule(s) will not be
  enforced and then loads the binary policy without any dbus rules.
  
  Lubuntu 13.10 installed from daily image have wifi not working, even
  with BT disabled.
  
  confirmed by stuw on IRC at Sun Sep 22
  15:40 < stuw> iz1glg, I saw similar problem, but I don't know the reason and solution.

** Description changed:

  [Impact]
  
  On older kernels that are missing certain AppArmor patches related to
  AppArmor D-Bus mediation, the presence of dbus rules in the binary
  AppArmor policy will result in policy load failures and, as a result,
  applications may run unconfined. On newer kernels that are missing the
  same patches mentioned above, the policy load will succeed but the dbus
  rules will be quietly ignored.
  
  [Test Case]
  
- * Install older, unpatched mainline kernel (such as
+ * Install and reboot into older, unpatched mainline kernel (such as
  3.1.10-030110-generic)
  
  * Bad test results on the mainline 3.1.10 kernel:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  apparmor_parser: Unable to replace "/t".  Profile doesn't conform to protocol
  
  * Good test results on the mainline 3.1.10 kernel with a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  Warning from stdin (stdin line 2): profile /t dbus rules not enforced
  
- * Install newer, unpatched mainline kernel (such as
+ * Install and reboot into newer, unpatched mainline kernel (such as
  3.12.0-031200-generic)
  
  * Bad test results on the mainline 3.12.0 kernel:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  
  * Good test results on the mainline 3.12.0 kernel with a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  Warning from stdin (stdin line 2): profile /t dbus rules not enforced
  
+ * Reboot into Ubuntu 3.11.0-12-generic kernel
+ 
  * Good test results on the Ubuntu 3.11.0-12-generic kernel with or without a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  
  * Verify that dbus mediation occurs under the Ubuntu 3.11.0-12-generic kernel:
  $ echo "profile nodbus { file, }" | sudo apparmor_parser -rq
- $ dbus-send --print-reply --system --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames | head 
+ $ dbus-send --print-reply --system --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames | head
  method return sender=org.freedesktop.DBus -> dest=:1.51 reply_serial=2
-    array [
-       string "org.freedesktop.DBus"
- 
+    array [
+       string "org.freedesktop.DBus"
  ...
  $ aa-exec -p nodbus -- dbus-send --print-reply --system --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to "system" message bus: An AppArmor policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)
  
  [Regression Potential]
  
  * The regression potential is minor because the fix is small and easy to
  test
  
  [Original Bug Report]
  
  Note that apparmor_parser warns that the dbus rule(s) will not be
  enforced and then loads the binary policy without any dbus rules.
  
  Lubuntu 13.10 installed from daily image have wifi not working, even
  with BT disabled.
  
  confirmed by stuw on IRC at Sun Sep 22
  15:40 < stuw> iz1glg, I saw similar problem, but I don't know the reason and solution.

-- 
You received this bug notification because you are a member of AC100
Team, which is subscribed to AC100_enablement.
https://bugs.launchpad.net/bugs/1231778

Title:
  wifi not working on Saucy Salamander

Status in Enablement project for the Toshiba AC100 NetBook:
  New
Status in AppArmor Linux application security framework:
  In Progress
Status in “apparmor” package in Ubuntu:
  Triaged
Status in “network-manager” package in Ubuntu:
  Confirmed

Bug description:
  [Impact]

  On older kernels that are missing certain AppArmor patches related to
  AppArmor D-Bus mediation, the presence of dbus rules in the binary
  AppArmor policy will result in policy load failures and, as a result,
  applications may run unconfined. On newer kernels that are missing the
  same patches mentioned above, the policy load will succeed but the
  dbus rules will be quietly ignored.

  [Test Case]

  * Install and reboot into older, unpatched mainline kernel (such as
  3.1.10-030110-generic)

  * Bad test results on the mainline 3.1.10 kernel:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  apparmor_parser: Unable to replace "/t".  Profile doesn't conform to protocol

  * Good test results on the mainline 3.1.10 kernel with a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  Warning from stdin (stdin line 2): profile /t dbus rules not enforced

  * Install and reboot into newer, unpatched mainline kernel (such as
  3.12.0-031200-generic)

  * Bad test results on the mainline 3.12.0 kernel:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin

  * Good test results on the mainline 3.12.0 kernel with a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  Warning from stdin (stdin line 2): profile /t dbus rules not enforced

  * Reboot into Ubuntu 3.11.0-12-generic kernel

  * Good test results on the Ubuntu 3.11.0-12-generic kernel with or without a patched apparmor_parser:
  $ echo "/t { dbus, }" | sudo apparmor_parser -r
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin

  * Verify that dbus mediation occurs under the Ubuntu 3.11.0-12-generic kernel:
  $ echo "profile nodbus { file, }" | sudo apparmor_parser -rq
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames | head
  method return sender=org.freedesktop.DBus -> dest=:1.51 reply_serial=2
     array [
        string "org.freedesktop.DBus"
  ...
  $ aa-exec -p nodbus -- dbus-send --print-reply --system --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to "system" message bus: An AppArmor policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)

  [Regression Potential]

  * The regression potential is minor because the fix is small and easy
  to test

  [Original Bug Report]

  Note that apparmor_parser warns that the dbus rule(s) will not be
  enforced and then loads the binary policy without any dbus rules.

  Lubuntu 13.10 installed from daily image have wifi not working, even
  with BT disabled.

  confirmed by stuw on IRC at Sun Sep 22
  15:40 < stuw> iz1glg, I saw similar problem, but I don't know the reason and solution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ac100/+bug/1231778/+subscriptions


References