touch-packages team mailing list archive

Thread
Date
[Bug 1378095] Re: aa-complain traceback when marking multiple profiles

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1378095@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jun 2015 16:44:24 -0000
Reply-to: Bug 1378095 <1378095@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.2

---------------
apparmor (2.8.95~2430-0ubuntu5.2) trusty-proposed; urgency=medium

  * debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
    abstraction access to Zend opcache files (LP: #1401084)
  * debian/patches/dnsmasq-lxc_networking-lp1403468.patch: update
    profile for lxc support (LP: #1403468)
  * debian/patches/profiles-texlive_font_generation-lp1010909.patch:
    allow generation of texlive fonts by sanitized-helpers
    (LP: #1010909)
  * debian/apport/source_apparmor.py: fix the apparmor apport hook
    so it does not raise an exception if a non-unicode character is
    found in /var/log/kern.log or in /var/log/syslog. This should
    work under python3 or python2.7 (LP: #1304447)
  * debian/patches/profiles-dovecot-updates-lp1296667.patch: update
    dovecot profiles to address several missing permissions.
    (LP: #1296667)
  * debian/patches/profiles-adjust_X_for_lightdm-lp1339727.patch:
    adjust X abstraction for LightDM xauthority location (LP: #1339727)
  * debian/patches/libapparmor-fix_memory_leaks-lp1340927.patch; fix
    memory leaks in log parsing component of libapparmor (LP: #1340927)
  * debian/patches/libapparmor-another_audit_format-lp1399027.patch:
    add support for another log format style (LP: #1399027)
  * debian/patches/tests-workaround_for_unix_socket_change-lp1425398.patch:
    work around apparmor kernel behavioral change in regression tests
    (LP: #1425398)
  * debian/control: add breaks on python3-apparmor against older
    apparmor-utils that used to be where python bits lived
    (LP: #1373259)
  * debian/patches/utils-update_to_2.9.2.patch: update the python
    utilities to the upstream 2.9.2 (LP: #1449769, incorporating a
    large number of fixes and improvements, including:
    - fix aa-genprof traceback with apparmor 2.8.95 (LP: #1294797)
    - fix aa-genprof crashing when selecting scan on Ubuntu 14.04 server
      (LP: #1319829)
    - make aa-logprof read profile instead of program binary
      (LP: #1317176, LP: #1324154)
    - aa-complain: don't traceback when marking multiple profiles
      (LP: #1378095)
    - make python tools able to parse mounts with UTF-8 non-ascii
      characters (LP: #1310598)

 -- Steve Beattie <sbeattie@xxxxxxxxxx>  Thu, 30 Apr 2015 12:18:08 -0700

** Changed in: apparmor (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1378095

Title:
  aa-complain traceback when marking multiple profiles

Status in AppArmor Linux application security framework:
  Fix Released
Status in AppArmor 2.9 series:
  Fix Released
Status in AppArmor master series:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Trusty:
  Fix Released

Bug description:
  [SRU justification]

  [Impact]

  $ sudo aa-complain /etc/apparmor.d/usr.lib.postfix.*
  Setting /etc/apparmor.d/usr.lib.postfix.anvil to complain mode.
  Traceback (most recent call last):
    File "/usr/sbin/aa-complain", line 30, in <module>
      tool.cmd_complain()
    File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 171, in cmd_complain
      apparmor.read_profiles()
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2573, in read_profiles
      read_profile(profile_dir + '/' + file, True)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2599, in read_profile
      profile_data = parse_profile_data(data, file, 0)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2853, in parse_profile_data
      store_list_var(filelist[file]['lvar'], list_var, value, var_operation, file)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3277, in store_list_var
      raise AppArmorException(_('Redefining existing variable %s: %s in %s') % (list_var, value, filename))
  apparmor.common.AppArmorException: 'Redefining existing variable @{TFTP_DIR}: /var/tftp /srv/tftpboot in /etc/apparmor.d/usr.sbin.dnsmasq'

  $ sudo grep -R TFTP_DIR /etc/apparmor.d/
  /etc/apparmor.d/usr.sbin.dnsmasq:@{TFTP_DIR}=/var/tftp /srv/tftpboot
  /etc/apparmor.d/usr.sbin.dnsmasq:  @{TFTP_DIR}/ r,
  /etc/apparmor.d/usr.sbin.dnsmasq:  @{TFTP_DIR}/** r,

  Looks like the tools are re-parsing everything, but not resetting
  whatever is storing the variable declarations.

  [Test Case]

  sudo aa-enforce /etc/apparmor.d/*

  got error

  [Regression Potential]

  [Other Info]

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1378095/+subscriptions