touch-packages team mailing list archive

Thread
Date
[Bug 1243932] Re: aa-logprof: Log contains unknown mode senw

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
Date: Thu, 09 Apr 2015 19:50:33 -0000
Reply-to: Bug 1243932 <1243932@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
The fix I implemented in my system was to add the following check to
/usr/lib/python2.7/dist-packages/apparmor/logparser.py, in lines 124:

if rmask and rmask not in [ 'send', 'receive', 'send receive' ]:

Originally it was:

if rmask:

The same in line 130 for dmask. This file comes from python-apparmor
package 2.9.2~2886-0ubuntu0.14.04.41 installed from the PPA.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1243932

Title:
  aa-logprof:  Log contains unknown mode senw

Status in AppArmor Linux application security framework:
  Confirmed
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  [Impact]

  * aa-logprof does not work when dbus rule denials are present in the
  logs

  [Automated Test Case]

  * test_lp1243932_send, test_lp1243932_receive, and test_lp1243932_bind
  have been added to QRT's test-apparmor.py test script

  [Manual Test Case]

  * Load a profile that does not grant D-Bus access and create a D-Bus denial. Then,
    test aa-logprof.

    $ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
    $ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
    --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
    Failed to open connection to "system" message bus: An AppArmor policy prevents this
    sender from sending this message to this recipient, 0 matched rules;
    type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus"
    member="Hello" error name="(unset)" requested_reply="0"
    destination="org.freedesktop.DBus" (bus)
    $ aa-logprof -f /dev/null
    Reading log entries from /dev/null.
    Updating AppArmor profiles in /etc/apparmor.d.

  An unpatched aa-logprof will print similar output followed by:

    Log contains unknown mode senw.

  [Regression Potential]

  * The regression potential is low since aa-logprof currently refuses to work when D-Bus
    denials are present. The fix is minimal and has been reviewed by upstream.

  [Original Bug Report]

  since saucy aa-logprof does not work anymore:

  $ aa-logprof
  Reading log entries from /var/log/syslog.
  Updating AppArmor profiles in /etc/apparmor.d.

  Log contains unknown mode senw.

  the issues seem to be caused by dbus send denies:

  Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED"
  operation="dbus_method_call"  bus="session"
  path="/org/freedesktop/DBus" interface="org.freedesktop.DBus"
  member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552
  profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined"

  23:16 <tyhicks> my guess is the denial of a dbus send
  23:16 <tyhicks> senw is awful close to send
  23:17 <tyhicks> parse_event() in AppArmor.pm does this:
  23:18 <tyhicks> $rmask =~ s/d/w/g;
  23:18 <tyhicks> followed by:
  23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask));

  ubuntu 13.10 amd64.

  apparmor-utils:
    Installed: 2.8.0-0ubuntu31
    Candidate: 2.8.0-0ubuntu31
    Version table:
   *** 2.8.0-0ubuntu31 0
          500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1243932/+subscriptions