← Back to team overview

touch-packages team mailing list archive

[Bug 1310598] Re: AppArmor python tools fail to parse mounts with UTF-8 non-ascii characters

 

** Description changed:

+ [impact]
+ 
+ This bug prevents users with mount points that contain non-ascii UTF_8 characters in their names from easily seeing the status of their apparmor policy.
+  
+ [steps to reproduce]
+ 
+ 1) create mount point with non-ascii characters in it
+ 2) run aa-status; if fixed it should not crash
+ 
+ [regression potential]
+ 
+ This issue is being addressed by updating the python utilities to the
+ version in apparmor 2.9.2 as tracked in bug 1449769. This represents are
+ large change which would normally be risky; however, these changes are
+ isolated to the python utils (so no changes to the policy parser/loader
+ or enforcement), there are a large number of bugs that exist in the
+ trusty version that make using the tools difficult, so it would be
+ difficult to regress further, and the updated version includes many new
+ unit tests to try to prevent from regressions from occurring.
+ 
+ [additional info]
+ 
+ The python utils testsuite is run as part of the test-apparmor.py test
+ script in lp:qa-regression-testing. The test-apparmor.py also has
+ additional basic usage tests to ensure that basic functionality is
+ maintained. These tests are run as part of the process fro each kernel
+ update.
+ 
+ [original description]
+ 
  Version:
  14.04 Fresh Install.
  
  $ uname -a
  Linux alain-Desktop 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
  
- 
  AppArmor crashes with this stack trace:
  
  PythonArgs: ['/usr/sbin/aa-status']
  Traceback:
-  Traceback (most recent call last):
-    File "/usr/sbin/aa-status", line 194, in <module>
-      commands[cmd]()
-    File "/usr/sbin/aa-status", line 17, in cmd_enabled
-      if get_profiles() == {}:
-    File "/usr/sbin/aa-status", line 82, in get_profiles
-      apparmorfs = find_apparmorfs()
-    File "/usr/sbin/aa-status", line 137, in find_apparmorfs
-      for p in open("/proc/mounts").readlines():
-    File "/usr/lib/python3.4/encodings/ascii.py", line 26, in decode
-      return codecs.ascii_decode(input, self.errors)[0]
-  UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1200: ordinal not in range(128)
- 
+  Traceback (most recent call last):
+    File "/usr/sbin/aa-status", line 194, in <module>
+      commands[cmd]()
+    File "/usr/sbin/aa-status", line 17, in cmd_enabled
+      if get_profiles() == {}:
+    File "/usr/sbin/aa-status", line 82, in get_profiles
+      apparmorfs = find_apparmorfs()
+    File "/usr/sbin/aa-status", line 137, in find_apparmorfs
+      for p in open("/proc/mounts").readlines():
+    File "/usr/lib/python3.4/encodings/ascii.py", line 26, in decode
+      return codecs.ascii_decode(input, self.errors)[0]
+  UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1200: ordinal not in range(128)
  
  That is because I have a UTF-8 non-Ascii character in one of my mounts:
  $ mount
  /dev/sdb1 on / type ext4 (rw,errors=remount-ro)
  proc on /proc type proc (rw,noexec,nosuid,nodev)
  sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
  
  (...)
  /dev/sda6 on /home/alain/Vidéos type ext4 (rw,relatime,errors=remount-ro)
  (...)
  
- 
- 
  The Python code of aastatus near line 135 shows:
  
  def find_apparmorfs():
-     '''Finds AppArmor mount point'''
-     for p in open("/proc/mounts").readlines():
-         if p.split()[2] == "securityfs" and \
-            os.path.exists(os.path.join(p.split()[1], "apparmor")):
-             return os.path.join(p.split()[1], "apparmor")
-     return False
- 
+     '''Finds AppArmor mount point'''
+     for p in open("/proc/mounts").readlines():
+         if p.split()[2] == "securityfs" and \
+            os.path.exists(os.path.join(p.split()[1], "apparmor")):
+             return os.path.join(p.split()[1], "apparmor")
+     return False
  
  So if I do:
  $ cat /proc/mounts
  rootfs / rootfs rw 0 0
  sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
  
- (...) 
- /dev/sda6 /home/alain/Vidéos ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
+ (...)
+ /dev/sda6 /home/alain/ ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
  (...)
  
  There is indeed a line with a 'é'
  
  UTF-8 code of the 'é' is 0xC3 0xA9
  
  But apparently the call to .readlines() is set as ASCII and hence does
  NOT support the 0xC3 (first byte of the 'é' in UTF-8) and then it
  crashes.
  
  I assume the solution could be to correctly read as UTF-8 as there are
  some non-Americans/English out there!
  
  Sorry my knowledge of Python is just enough to understand the bug, and
  not enough to submit a patch.
  
  Regards.
  Alain

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1310598

Title:
  AppArmor python tools fail to parse mounts with UTF-8 non-ascii
  characters

Status in AppArmor Linux application security framework:
  Fix Committed
Status in AppArmor 2.9 series:
  Fix Released
Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  [impact]

  This bug prevents users with mount points that contain non-ascii UTF_8 characters in their names from easily seeing the status of their apparmor policy.
   
  [steps to reproduce]

  1) create mount point with non-ascii characters in it
  2) run aa-status; if fixed it should not crash

  [regression potential]

  This issue is being addressed by updating the python utilities to the
  version in apparmor 2.9.2 as tracked in bug 1449769. This represents are
  large change which would normally be risky; however, these changes are
  isolated to the python utils (so no changes to the policy parser/loader
  or enforcement), there are a large number of bugs that exist in the
  trusty version that make using the tools difficult, so it would be
  difficult to regress further, and the updated version includes many new
  unit tests to try to prevent from regressions from occurring.

  [additional info]

  The python utils testsuite is run as part of the test-apparmor.py test
  script in lp:qa-regression-testing. The test-apparmor.py also has
  additional basic usage tests to ensure that basic functionality is
  maintained. These tests are run as part of the process fro each kernel
  update.

  [original description]

  Version:
  14.04 Fresh Install.

  $ uname -a
  Linux alain-Desktop 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

  AppArmor crashes with this stack trace:

  PythonArgs: ['/usr/sbin/aa-status']
  Traceback:
   Traceback (most recent call last):
     File "/usr/sbin/aa-status", line 194, in <module>
       commands[cmd]()
     File "/usr/sbin/aa-status", line 17, in cmd_enabled
       if get_profiles() == {}:
     File "/usr/sbin/aa-status", line 82, in get_profiles
       apparmorfs = find_apparmorfs()
     File "/usr/sbin/aa-status", line 137, in find_apparmorfs
       for p in open("/proc/mounts").readlines():
     File "/usr/lib/python3.4/encodings/ascii.py", line 26, in decode
       return codecs.ascii_decode(input, self.errors)[0]
   UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1200: ordinal not in range(128)

  That is because I have a UTF-8 non-Ascii character in one of my mounts:
  $ mount
  /dev/sdb1 on / type ext4 (rw,errors=remount-ro)
  proc on /proc type proc (rw,noexec,nosuid,nodev)
  sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)

  (...)
  /dev/sda6 on /home/alain/Vidéos type ext4 (rw,relatime,errors=remount-ro)
  (...)

  The Python code of aastatus near line 135 shows:

  def find_apparmorfs():
      '''Finds AppArmor mount point'''
      for p in open("/proc/mounts").readlines():
          if p.split()[2] == "securityfs" and \
             os.path.exists(os.path.join(p.split()[1], "apparmor")):
              return os.path.join(p.split()[1], "apparmor")
      return False

  So if I do:
  $ cat /proc/mounts
  rootfs / rootfs rw 0 0
  sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0

  (...)
  /dev/sda6 /home/alain/ ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
  (...)

  There is indeed a line with a 'é'

  UTF-8 code of the 'é' is 0xC3 0xA9

  But apparently the call to .readlines() is set as ASCII and hence does
  NOT support the 0xC3 (first byte of the 'é' in UTF-8) and then it
  crashes.

  I assume the solution could be to correctly read as UTF-8 as there are
  some non-Americans/English out there!

  Sorry my knowledge of Python is just enough to understand the bug, and
  not enough to submit a patch.

  Regards.
  Alain

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1310598/+subscriptions