touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #78784
[Bug 1317176] Re: aa-logprof attempts to read program binary instead of profile
** Description changed:
- $ aa-logprof -f aadenylog
+ [impact]
+
+ This bug makes it difficult for trusty users to use the apparmor policy
+ utilities.
+
+ [steps to reproduce]
+
+ See below
+
+ [regression potential]
+
+ This issue is being addressed by updating the python utilities to the
+ version in apparmor 2.9.2 as tracked in bug 1449769. This represents are
+ large change which would normally be risky; however, these changes are
+ isolated to the python utils (so no changes to the policy parser/loader
+ or enforcement), there are a large number of bugs that exist in the
+ trusty version that make using the tools difficult, so it would be
+ difficult to regress further, and the updated version includes many new
+ unit tests to try to prevent from regressions from occurring.
+
+ [additional info]
+
+ The python utils testsuite is run as part of the test-apparmor.py test
+ script in lp:qa-regression-testing. The test-apparmor.py also has
+ additional basic usage tests to ensure that basic functionality is
+ maintained. These tests are run as part of the process fro each kernel
+ update.
+
+ [original description]
+
+ $ aa-logprof -f aadenylog
Reading log entries from aadenylog.
Updating AppArmor profiles in /etc/apparmor.d.
reading /usr/lib/chromium-browser/chromium-browser
Traceback (most recent call last):
- File "/usr/sbin/aa-logprof", line 52, in <module>
- apparmor.do_logprof_pass(logmark)
- File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2261, in do_logprof_pass
- handle_children('', '', root)
- File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1236, in handle_children
- sev_db.load_variables(profile)
- File "/usr/lib/python3/dist-packages/apparmor/severity.py", line 181, in load_variables
- for line in f_in:
- File "/usr/lib/python3.4/codecs.py", line 704, in __next__
- return next(self.reader)
- File "/usr/lib/python3.4/codecs.py", line 635, in __next__
- line = self.readline()
- File "/usr/lib/python3.4/codecs.py", line 548, in readline
- data = self.read(readsize, firstline=True)
- File "/usr/lib/python3.4/codecs.py", line 494, in read
- newchars, decodedbytes = self.decode(data, self.errors)
+ File "/usr/sbin/aa-logprof", line 52, in <module>
+ apparmor.do_logprof_pass(logmark)
+ File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2261, in do_logprof_pass
+ handle_children('', '', root)
+ File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1236, in handle_children
+ sev_db.load_variables(profile)
+ File "/usr/lib/python3/dist-packages/apparmor/severity.py", line 181, in load_variables
+ for line in f_in:
+ File "/usr/lib/python3.4/codecs.py", line 704, in __next__
+ return next(self.reader)
+ File "/usr/lib/python3.4/codecs.py", line 635, in __next__
+ line = self.readline()
+ File "/usr/lib/python3.4/codecs.py", line 548, in readline
+ data = self.read(readsize, firstline=True)
+ File "/usr/lib/python3.4/codecs.py", line 494, in read
+ newchars, decodedbytes = self.decode(data, self.errors)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xab in position 25: invalid start byte
The 'reading' output line is debug output added by me, printing
prof_path just before line 180 (which is also why the line numbers may
not match exactly). My assumption is that it is supposed to be reading
'/etc/apparmor.d/usr.lib.chromium-browser.chromium-browser' instead.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1317176
Title:
aa-logprof attempts to read program binary instead of profile
Status in apparmor package in Ubuntu:
Fix Released
Status in apparmor source package in Trusty:
Triaged
Bug description:
[impact]
This bug makes it difficult for trusty users to use the apparmor policy
utilities.
[steps to reproduce]
See below
[regression potential]
This issue is being addressed by updating the python utilities to the
version in apparmor 2.9.2 as tracked in bug 1449769. This represents are
large change which would normally be risky; however, these changes are
isolated to the python utils (so no changes to the policy parser/loader
or enforcement), there are a large number of bugs that exist in the
trusty version that make using the tools difficult, so it would be
difficult to regress further, and the updated version includes many new
unit tests to try to prevent from regressions from occurring.
[additional info]
The python utils testsuite is run as part of the test-apparmor.py test
script in lp:qa-regression-testing. The test-apparmor.py also has
additional basic usage tests to ensure that basic functionality is
maintained. These tests are run as part of the process fro each kernel
update.
[original description]
$ aa-logprof -f aadenylog
Reading log entries from aadenylog.
Updating AppArmor profiles in /etc/apparmor.d.
reading /usr/lib/chromium-browser/chromium-browser
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 52, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2261, in do_logprof_pass
handle_children('', '', root)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1236, in handle_children
sev_db.load_variables(profile)
File "/usr/lib/python3/dist-packages/apparmor/severity.py", line 181, in load_variables
for line in f_in:
File "/usr/lib/python3.4/codecs.py", line 704, in __next__
return next(self.reader)
File "/usr/lib/python3.4/codecs.py", line 635, in __next__
line = self.readline()
File "/usr/lib/python3.4/codecs.py", line 548, in readline
data = self.read(readsize, firstline=True)
File "/usr/lib/python3.4/codecs.py", line 494, in read
newchars, decodedbytes = self.decode(data, self.errors)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xab in position 25: invalid start byte
The 'reading' output line is debug output added by me, printing
prof_path just before line 180 (which is also why the line numbers may
not match exactly). My assumption is that it is supposed to be reading
'/etc/apparmor.d/usr.lib.chromium-browser.chromium-browser' instead.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1317176/+subscriptions