touch-packages team mailing list archive

Thread
Date
[Bug 1317176] Re: aa-logprof attempts to read program binary instead of profile

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1317176@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jun 2015 16:44:24 -0000
Reply-to: Bug 1317176 <1317176@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.2

---------------
apparmor (2.8.95~2430-0ubuntu5.2) trusty-proposed; urgency=medium

  * debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
    abstraction access to Zend opcache files (LP: #1401084)
  * debian/patches/dnsmasq-lxc_networking-lp1403468.patch: update
    profile for lxc support (LP: #1403468)
  * debian/patches/profiles-texlive_font_generation-lp1010909.patch:
    allow generation of texlive fonts by sanitized-helpers
    (LP: #1010909)
  * debian/apport/source_apparmor.py: fix the apparmor apport hook
    so it does not raise an exception if a non-unicode character is
    found in /var/log/kern.log or in /var/log/syslog. This should
    work under python3 or python2.7 (LP: #1304447)
  * debian/patches/profiles-dovecot-updates-lp1296667.patch: update
    dovecot profiles to address several missing permissions.
    (LP: #1296667)
  * debian/patches/profiles-adjust_X_for_lightdm-lp1339727.patch:
    adjust X abstraction for LightDM xauthority location (LP: #1339727)
  * debian/patches/libapparmor-fix_memory_leaks-lp1340927.patch; fix
    memory leaks in log parsing component of libapparmor (LP: #1340927)
  * debian/patches/libapparmor-another_audit_format-lp1399027.patch:
    add support for another log format style (LP: #1399027)
  * debian/patches/tests-workaround_for_unix_socket_change-lp1425398.patch:
    work around apparmor kernel behavioral change in regression tests
    (LP: #1425398)
  * debian/control: add breaks on python3-apparmor against older
    apparmor-utils that used to be where python bits lived
    (LP: #1373259)
  * debian/patches/utils-update_to_2.9.2.patch: update the python
    utilities to the upstream 2.9.2 (LP: #1449769, incorporating a
    large number of fixes and improvements, including:
    - fix aa-genprof traceback with apparmor 2.8.95 (LP: #1294797)
    - fix aa-genprof crashing when selecting scan on Ubuntu 14.04 server
      (LP: #1319829)
    - make aa-logprof read profile instead of program binary
      (LP: #1317176, LP: #1324154)
    - aa-complain: don't traceback when marking multiple profiles
      (LP: #1378095)
    - make python tools able to parse mounts with UTF-8 non-ascii
      characters (LP: #1310598)

 -- Steve Beattie <sbeattie@xxxxxxxxxx>  Thu, 30 Apr 2015 12:18:08 -0700

** Changed in: apparmor (Ubuntu Trusty)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1317176

Title:
  aa-logprof attempts to read program binary instead of profile

Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Trusty:
  Fix Released

Bug description:
  [impact]

  This bug makes it difficult for trusty users to use the apparmor policy
  utilities.

  [steps to reproduce]

  See below

  [regression potential]

  This issue is being addressed by updating the python utilities to the
  version in apparmor 2.9.2 as tracked in bug 1449769. This represents are
  large change which would normally be risky; however, these changes are
  isolated to the python utils (so no changes to the policy parser/loader
  or enforcement), there are a large number of bugs that exist in the
  trusty version that make using the tools difficult, so it would be
  difficult to regress further, and the updated version includes many new
  unit tests to try to prevent from regressions from occurring.

  [additional info]

  The python utils testsuite is run as part of the test-apparmor.py test
  script in lp:qa-regression-testing. The test-apparmor.py also has
  additional basic usage tests to ensure that basic functionality is
  maintained. These tests are run as part of the process fro each kernel
  update.

  [original description]

  $ aa-logprof -f aadenylog
  Reading log entries from aadenylog.
  Updating AppArmor profiles in /etc/apparmor.d.
  reading /usr/lib/chromium-browser/chromium-browser
  Traceback (most recent call last):
    File "/usr/sbin/aa-logprof", line 52, in <module>
      apparmor.do_logprof_pass(logmark)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2261, in do_logprof_pass
      handle_children('', '', root)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1236, in handle_children
      sev_db.load_variables(profile)
    File "/usr/lib/python3/dist-packages/apparmor/severity.py", line 181, in load_variables
      for line in f_in:
    File "/usr/lib/python3.4/codecs.py", line 704, in __next__
      return next(self.reader)
    File "/usr/lib/python3.4/codecs.py", line 635, in __next__
      line = self.readline()
    File "/usr/lib/python3.4/codecs.py", line 548, in readline
      data = self.read(readsize, firstline=True)
    File "/usr/lib/python3.4/codecs.py", line 494, in read
      newchars, decodedbytes = self.decode(data, self.errors)
  UnicodeDecodeError: 'utf-8' codec can't decode byte 0xab in position 25: invalid start byte

  The 'reading' output line is debug output added by me, printing
  prof_path just before line 180 (which is also why the line numbers may
  not match exactly). My assumption is that it is supposed to be reading
  '/etc/apparmor.d/usr.lib.chromium-browser.chromium-browser' instead.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1317176/+subscriptions