touch-packages team mailing list archive

Thread
Date
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Christian Boltz <1528139@xxxxxxxxxxxxxxxxxx>
Date: Mon, 21 Dec 2015 23:12:28 -0000
Reply-to: Bug 1528139 <1528139@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
So I have good and bad news.

Let me start with the bad news:

profile_data / write_prof_data (in serialize_profile_from_old_profile())
contain only one profile with its hats. This will explode if a file
contains multiple profiles, as reported in this bug.

Fixing this needs lots of write_prof_data[hat] ->
write_prof_data[profile][hat] changes (and of course also a change in
the calling code) or, better option, a full rewrite of
serialize_profile_from_old_profile().

Unfortunately I don't have the time to do the rewrite at the moment (I
have other things on my TODO list), and doing the write_prof_data[hat]
-> write_prof_data[profile][hat] is something that might introduce more
breakage, so I'm not too keen to do that.


The good news - at least I have a way to avoid the crash ;-)

I'll wrap the serialize_profile_from_old_profile() in try/except. If it
fails, the diff will include an error message and recommend to use 'View
Changes b/w (C)lean profiles' instead, which is known to work even with
the testcase in this bug.

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-12-21 00:13:57.215799543 +0100
+++ utils/apparmor/aa.py        2015-12-21 23:55:01.858211661 +0100
@@ -2368,7 +2368,12 @@
                         oldprofile = aa[which][which]['filename']
                     else:
                         oldprofile = get_profile_filename(which)
-                    newprofile = serialize_profile_from_old_profile(aa[which], which, '')
+
+                    try:
+                        newprofile = serialize_profile_from_old_profile(aa[which], which, '')
+                    except AttributeError:  
+                        # see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528139
+                        newprofile = "###\n###\n### Internal error while generating diff, please use '%s' instead\n###\n###\n" % _('View Changes b/w (C)lean profiles')
 
                     display_changes_with_comments(oldprofile, newprofile)
 

Sorry that this isn't a perfect solution, but I'm not too keen to spent
lots of time on a function that needs to be rewritten anyway.


For the records: this bug causes a crash in 2.10 and bzr trunk. 2.9.x "only" displays a wrong diff.

** Also affects: apparmor
   Importance: Undecided
       Status: New

** Also affects: apparmor/2.10
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1528139

Title:
  serialize_profile_from_old_profile() crash if file contains multiple
  profiles

Status in AppArmor:
  New
Status in AppArmor 2.10 series:
  New
Status in apparmor package in Ubuntu:
  New

Bug description:
  = Changed Local Profiles =

  The following local profiles were changed. Would you like to save
  them?

   [1 - /sbin/dhclient]
    2 - /usr/sbin/nmbd 
    3 - /usr/bin/snx 
    4 - /usr/sbin/dnsmasq 
    5 - /{usr/,}bin/ping 
    6 - /usr/sbin/smbd 
    7 - /usr/lib/telepathy/mission-control-5 
  (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t
  Traceback (most recent call last):
    File "/usr/sbin/aa-logprof", line 50, in <module>
      apparmor.do_logprof_pass(logmark)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2197, in do_logprof_pass
      save_profiles()
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2277, in save_profiles
      newprofile = serialize_profile_from_old_profile(aa[which], which, '')
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3961, in serialize_profile_from_old_profile
      if write_prof_data[hat]['network'].is_covered(network_obj, True, True):
  AttributeError: 'collections.defaultdict' object has no attribute 'is_covered'

  
  An unexpected error occoured!

  For details, see /tmp/apparmor-bugreport-v7wx9fu9.txt
  Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
  and attach this file.

  When I pressed V button aa-logprof exits with error.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: apparmor 2.10-0ubuntu6
  ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6
  Uname: Linux 4.2.0-21-generic x86_64
  ApportVersion: 2.19.1-0ubuntu5
  Architecture: amd64
  Date: Mon Dec 21 09:54:51 2015
  InstallationDate: Installed on 2014-04-19 (611 days ago)
  InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M
  SourcePackage: apparmor
  Syslog:
   
  UpgradeStatus: Upgraded to wily on 2015-11-14 (36 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions
References

[Bug 1528139] [NEW] aa-logprof crash again
From: QkiZ, 2015-12-21