touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #79508
[Bug 1243932] Re: aa-logprof: Log contains unknown mode senw
I hit this bug after installing auditd to work around bug Bug #1399027.
Only in addition to the changes above I had to use:
line 123:
if rmask and rmask not in [ 'send', 'receive', 'send receive', 'send receive connect','create' ]:
line 129:
if dmask and dmask not in [ 'send connect', ]:
Hopefully a better fix is in the newer branch and will be released to
Ubuntu 15.04 in a timely manner.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1243932
Title:
aa-logprof: Log contains unknown mode senw
Status in AppArmor Linux application security framework:
Fix Released
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
[Impact]
* aa-logprof does not work when dbus rule denials are present in the
logs
[Automated Test Case]
* test_lp1243932_send, test_lp1243932_receive, and test_lp1243932_bind
have been added to QRT's test-apparmor.py test script
[Manual Test Case]
* Load a profile that does not grant D-Bus access and create a D-Bus denial. Then,
test aa-logprof.
$ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
$ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
Failed to open connection to "system" message bus: An AppArmor policy prevents this
sender from sending this message to this recipient, 0 matched rules;
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus"
member="Hello" error name="(unset)" requested_reply="0"
destination="org.freedesktop.DBus" (bus)
$ aa-logprof -f /dev/null
Reading log entries from /dev/null.
Updating AppArmor profiles in /etc/apparmor.d.
An unpatched aa-logprof will print similar output followed by:
Log contains unknown mode senw.
[Regression Potential]
* The regression potential is low since aa-logprof currently refuses to work when D-Bus
denials are present. The fix is minimal and has been reviewed by upstream.
[Original Bug Report]
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/freedesktop/DBus" interface="org.freedesktop.DBus"
member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552
profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined"
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask));
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1243932/+subscriptions