touch-packages team mailing list archive

Thread
Date

[Bug 1511791] Re: dbus rule regression with wpa supplicant profile

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Tue, 17 Nov 2015 00:06:07 -0000
Reply-to: Bug 1511791 <1511791@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

After working with James over IRC, we determined that this is not a
dbus-daemon mediation bug.

After comparing the in-kernel sha1 measurements of the wpa_supplicant
policy he linked to in the bug description, we discovered that his
kernel reported a different measurement than my kernel.

He then reloaded his profile, while instructing the parser to skip the
policy cache, and his kernel then reported the same measurement as mine.

The mtime of his policy cache file was much newer (~5 months) than the
mtime of his profile.

We can only assume that he hit one of the ctime/mtime bugs present in
the version 2.10 parser and we will be considering a parser ABI bump, in
a 2.10 point release and the upcoming 2.11 release,  to force
recompilation of all profiles.

** Changed in: apparmor (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1511791

Title:
  dbus rule regression with wpa supplicant profile

Status in apparmor package in Ubuntu:
  Invalid

Bug description:
  I'm running wpa-supplicant with the following profile in complain
  mode:

   http://paste.ubuntu.com/13011146/

  After upgrading from vivid to wiley I get lots of notifications like
  this in syslog:

  [256841.262100] audit: type=1107 audit(1446223151.195:18142): pid=822
  uid=103 auid=4294967295 ses=4294967295 msg='apparmor="ALLOWED"
  operation="dbus_method_call"  bus="system"
  path="/fi/w1/wpa_supplicant1/Interfaces/19/BSSs/3103"
  interface="org.freedesktop.DBus.Properties" member="GetAll"
  name=":1.259" mask="receive" pid=1287 label="/sbin/wpa_supplicant"
  peer_pid=10013 peer_label="unconfined" exe="/usr/bin/dbus-daemon"
  sauid=103 hostname=? addr=? terminal=?'

  However, AFAICS, this should (and was in vivid) match lines 32-34 of
  the profile and shouldn't cause a log entry.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1511791/+subscriptions

References

[Bug 1511791] [NEW] dbus rule regression with wpa supplicant profile
From: James Troup, 2015-10-30