touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

** Tags added: aa-parser

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1045081

Title:
  child Cx transition to grandchild transition silently fails, and child
  Px to sibling transition silently fails

Status in “apparmor” package in Ubuntu:
  Triaged

Bug description:
  I noticed that apparmor does not transition from a child to a
  grandchild. Eg:

  /tmp/foo {
    /tmp/bar Cx -> bar, # works

    profile bar {
      /tmp/baz Cx -> baz, # does not work

      profile baz {
      }
    }
  }

  The following child to a sibling also fails:
  /tmp/foo {
    /tmp/bar Cx -> bar, # works

    profile bar {
      /tmp/baz Px -> baz, # does not work
    }
    profile baz {
    }
  }

  Attached is a tarball that shows how transitions work for ix, px, px to an uncle, px to a sibling, and cx to a grandchild. Run it with:
  $ tar -zxf ./apparmor.tar.gz
  $ cd ./apparmor
  $ ./poc.sh
  = profile-ix =
  start
  foo
  bar
  baz
  pass

  = profile-px =
  start
  foo
  bar
  baz
  pass

  = profile-px-sibling =
  start
  foo
  /tmp/bug/bar: /tmp/bug/baz: /bin/sh: bad interpreter: No such file or directory
  FAIL

  = profile-px-uncle =
  start
  foo
  bar
  baz
  pass

  = profile-cx-grandchild =
  apparmor_parser: Unable to replace "baz".  Profile doesn't exist
  start
  foo
  /tmp/bug/bar: /tmp/bug/baz: /bin/sh: bad interpreter: No such file or directory
  FAIL

  Cleaning up
    removing profile-cx-grandchild
    removing profile-ix
    removing profile-px
    removing profile-px-sibling
    removing profile-px-uncle
  [1]
  $

  Also, these transitions fail silently (both at compile and runtime),
  which might be related to bug #1045074

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1045081/+subscriptions