touch-packages team mailing list archive

Thread
Date

[Bug 1307665] Re: signal entries in audit.log send aa-logprof in infinite loop

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Steve Beattie <sbeattie@xxxxxxxxxx>
Date: Fri, 17 Oct 2014 23:28:49 -0000
Reply-to: Bug 1307665 <1307665@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Apparmor 2.9.0 has been released; closing.

** Changed in: apparmor
       Status: Fix Committed => Fix Released

** Changed in: apparmor (Ubuntu Trusty)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1307665

Title:
  signal entries in audit.log send aa-logprof in infinite loop

Status in AppArmor Linux application security framework:
  Fix Released
Status in “apparmor” package in Ubuntu:
  Fix Released
Status in “apparmor” source package in Trusty:
  Fix Released
Status in “apparmor” source package in Utopic:
  Fix Released

Bug description:
  Trusty with apparmor 2.8.95~2430-0ubuntu5

  Log entries with operation="signal" send aa-logprof into an infinite loop.
  With LOGPROF_DEBUG=3 I get the following in /var/log/apparmor/logprof.log, then aa-logprof is in busy loop.

  [...]
  2014-04-14 21:02:12,315 - ReadLog - read_log: type=AVC msg=audit(1397430151.932:5592): apparmor="DENIED" operation="signal" profile="/usr/lib/postfix/master" pid=23348 comm="master" requested_mask="send" denied_mask="send" signal=term peer="/usr/lib/postfix/smtp"

  2014-04-14 21:02:12,315 - ReadLog - read_log: seenmark = True

  2014-04-14 21:02:12,315 - ReadLog - parse_log_record: type=AVC
  msg=audit(1397430151.932:5592): apparmor="DENIED" operation="signal"
  profile="/usr/lib/postfix/master" pid=23348 comm="master"
  requested_mask="send" denied_mask="send" signal=term
  peer="/usr/lib/postfix/smtp"

  2014-04-14 21:02:12,315 - ReadLog - parse_event: type=AVC
  msg=audit(1397430151.932:5592): apparmor="DENIED" operation="signal"
  profile="/usr/lib/postfix/master" pid=23348 comm="master"
  requested_mask="send" denied_mask="send" signal=term
  peer="/usr/lib/postfix/smtp"

  
  Even if logprof doesn't know how to handle these entries, it shouldn't fail in this way - just ignore those lines...
  (Of course, proper support for those entries would be preferred because it's a PITA to add them manually to profiles).

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1307665/+subscriptions