touch-packages team mailing list archive

Thread
Date

[Bug 1478716] Re: aa-genprof crashes when analyzing audit log

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1478716@xxxxxxxxxxxxxxxxxx>
Date: Fri, 02 Oct 2015 21:04:22 -0000
Reply-to: Bug 1478716 <1478716@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1478716

Title:
  aa-genprof crashes when analyzing audit log

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  Package version: 2.9.1-0ubuntu9
  Kernel version: 3.19.0-25-generic
  Ubuntu version: 15.04 64 bit Desktop

  When I try to generate a profile for Thunderbid using the following commands, it crashes:
  aa-autodep /usr/lib/thunderbird/thunderbird
  aa-genprof /usr/lib/thunderbird/thunderbird

  Genprof crashes during even scanning (after typing 's' and hitting Enter for scan) with the following error:
  [(S)can system log for AppArmor events] / (F)inish
  Reading log entries from /var/log/audit/audit.log.
  Traceback (most recent call last):
    File "/usr/sbin/aa-genprof", line 155, in <module>
      lp_ret = apparmor.do_logprof_pass(logmark, passno)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2276, in do_logprof_pass
      log = log_reader.read_log(logmark)
    File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 351, in read_log
      event = self.parse_log_record(line)
    File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 88, in parse_log_record
      record_event = self.parse_event(record)
    File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 127, in parse_event
      raise AppArmorException(_('Log contains unknown mode %s') % rmask)
  apparmor.common.AppArmorException: 'Log contains unknown mode senw reaeive aonneat'

  Note: I'm using auditd because it doesn't seem to find any logs
  without it even though there are events logged in syslog. The
  following bug is related:
  https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1432350

  Here is the full audit log:
  http://demo.ovh.eu/en/0d29353520f9de997f788a72897b8338/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1478716/+subscriptions

References

[Bug 1478716] [NEW] aa-genprof crashes when analyzing audit log
From: Thomas d'Otreppe, 2015-07-27