touch-packages team mailing list archive

Thread
Date
[Bug 1319829] Re: aa-genprof will crash when select scan on Ubuntu 14.04 server

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: markling <1319829@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jun 2015 10:34:01 -0000
Reply-to: Bug 1319829 <1319829@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Bravo.

This is an issue for new users, btw, because the rather well written
"Introduction to Apparmor" by Bodhi.Zazen on Ubuntu Forums
(http://ubuntuforums.org/showthread.php?t=1008906) uses Genprof at the
crucial point where its tutorial teaches you how to build a profile. And
it makes a special point of doing this for Firefox, which is arguably
the main reason why any desktop user would seek to configure Apparmor
when they learned of its existence. So Bodhi.Zazen's tutorial goes kaput
just at the point where you are beginning to feel you are making real
progress toward securing your machine. (It's seven year's old anyway,
yet prominent in the search engines and a big draw because it's a
reasonably good tutorial - a rare thing).

If users understood that Apparmor's out-of-the-box profiles should give
reasonable-enough protection (they should, shouldn't they? they do,
don't they?), they might get a night's sleep. Or perhaps after a user
learns from Bodhi.Zazen that they need to install Apparmor's package of
pre-baked profiles separately (this is necessary, isn't it?), it might
dawn on them that this really is protection enough to give them a
night's sleep (it is, isn't it?). But the case is not clear. And the
Firefox profile is disabled by default. So that brings you back to
Bodhi.Zazen's kaput tutorial and the Apparmor bug. Aggh!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1319829

Title:
  aa-genprof will crash when select scan on Ubuntu 14.04 server

Status in AppArmor Linux application security framework:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Trusty:
  Confirmed

Bug description:
  [impact]

  This bug makes it difficult for trusty users to use the apparmor policy
  utilities.

  [steps to reproduce]

  See below

  [regression potential]

  This issue is being addressed by updating the python utilities to the
  version in apparmor 2.9.2 as tracked in bug 1449769. This represents are
  large change which would normally be risky; however, these changes are
  isolated to the python utils (so no changes to the policy parser/loader
  or enforcement), there are a large number of bugs that exist in the
  trusty version that make using the tools difficult, so it would be
  difficult to regress further, and the updated version includes many new
  unit tests to try to prevent from regressions from occurring.

  [additional info]

  The python utils testsuite is run as part of the test-apparmor.py test
  script in lp:qa-regression-testing. The test-apparmor.py also has
  additional basic usage tests to ensure that basic functionality is
  maintained. These tests are run as part of the process fro each kernel
  update.

  [original description]

  Operating system : Ubuntu 14.04 LTS x86_64 server

  Command used :

  sudo aa-genprof suricata

  I will be asked to scan or finish, I selected "scan".  Then it
  crashes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1319829/+subscriptions