touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #84404
[Bug 1294797] Re: aa-genprof traceback with apparmor 2.8.95
This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.2
---------------
apparmor (2.8.95~2430-0ubuntu5.2) trusty-proposed; urgency=medium
* debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
abstraction access to Zend opcache files (LP: #1401084)
* debian/patches/dnsmasq-lxc_networking-lp1403468.patch: update
profile for lxc support (LP: #1403468)
* debian/patches/profiles-texlive_font_generation-lp1010909.patch:
allow generation of texlive fonts by sanitized-helpers
(LP: #1010909)
* debian/apport/source_apparmor.py: fix the apparmor apport hook
so it does not raise an exception if a non-unicode character is
found in /var/log/kern.log or in /var/log/syslog. This should
work under python3 or python2.7 (LP: #1304447)
* debian/patches/profiles-dovecot-updates-lp1296667.patch: update
dovecot profiles to address several missing permissions.
(LP: #1296667)
* debian/patches/profiles-adjust_X_for_lightdm-lp1339727.patch:
adjust X abstraction for LightDM xauthority location (LP: #1339727)
* debian/patches/libapparmor-fix_memory_leaks-lp1340927.patch; fix
memory leaks in log parsing component of libapparmor (LP: #1340927)
* debian/patches/libapparmor-another_audit_format-lp1399027.patch:
add support for another log format style (LP: #1399027)
* debian/patches/tests-workaround_for_unix_socket_change-lp1425398.patch:
work around apparmor kernel behavioral change in regression tests
(LP: #1425398)
* debian/control: add breaks on python3-apparmor against older
apparmor-utils that used to be where python bits lived
(LP: #1373259)
* debian/patches/utils-update_to_2.9.2.patch: update the python
utilities to the upstream 2.9.2 (LP: #1449769, incorporating a
large number of fixes and improvements, including:
- fix aa-genprof traceback with apparmor 2.8.95 (LP: #1294797)
- fix aa-genprof crashing when selecting scan on Ubuntu 14.04 server
(LP: #1319829)
- make aa-logprof read profile instead of program binary
(LP: #1317176, LP: #1324154)
- aa-complain: don't traceback when marking multiple profiles
(LP: #1378095)
- make python tools able to parse mounts with UTF-8 non-ascii
characters (LP: #1310598)
-- Steve Beattie <sbeattie@xxxxxxxxxx> Thu, 30 Apr 2015 12:18:08 -0700
** Changed in: apparmor (Ubuntu Trusty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1294797
Title:
aa-genprof traceback with apparmor 2.8.95
Status in AppArmor Linux application security framework:
Fix Released
Status in apparmor package in Ubuntu:
Fix Released
Status in apparmor source package in Trusty:
Fix Released
Bug description:
[impact]
This bug makes it difficult for trusty users to use the apparmor
policy utilities.
[steps to reproduce]
See below
[regression potential]
This issue is being addressed by updating the python utilities to the
version in apparmor 2.9.2 as tracked in bug 1449769. This represents
are large change which would normally be risky; however, these changes
are isolated to the python utils (so no changes to the policy
parser/loader or enforcement), there are a large number of bugs that
exist in the trusty version that make using the tools difficult, so it
would be difficult to regress further, and the updated version
includes many new unit tests to try to prevent from regressions from
occurring.
[additional info]
The python utils testsuite is run as part of the test-apparmor.py test
script in lp:qa-regression-testing. The test-apparmor.py also has
additional basic usage tests to ensure that basic functionality is
maintained. These tests are run as part of the process fro each kernel
update.
[original description]
In a terminal, I run:
$ sudo aa-genprof /usr/bin/empathy
...
[(S)can system log for AppArmor events] / (F)inish
At this point, I start empathy, then stop it.
Now I go back to the terminal:
<press S>
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "/usr/sbin/aa-genprof", line 150, in <module>
lp_ret = apparmor.do_logprof_pass(logmark, passno)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2240, in do_logprof_pass
read_profiles()
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2558, in read_profiles
read_profile(profile_dir + '/' + file, True)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2584, in read_profile
profile_data = parse_profile_data(data, file, 0)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2689, in parse_profile_data
filelist[file]['profiles'][profile][hat] = True
TypeError: 'bool' object does not support item assignment
If I run it again, I get a different traceback:
Traceback (most recent call last):
File "/usr/sbin/aa-genprof", line 150, in <module>
lp_ret = apparmor.do_logprof_pass(logmark, passno)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2240, in do_logprof_pass
read_profiles()
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2558, in read_profiles
read_profile(profile_dir + '/' + file, True)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2584, in read_profile
profile_data = parse_profile_data(data, file, 0)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3031, in parse_profile_data
raise AppArmorException(_('Syntax Error: Unknown line found in file: %s line: %s') % (file, lineno + 1))
apparmor.common.AppArmorException: 'Syntax Error: Unknown line found in file: /etc/apparmor.d/zz-unconfined line: 3'
/etc/apparmor.d/zz-unconfined contains:
# v2 compatible wildly permissive profile
profile "zz_unconfined" {
capability,
network,
/** rwlkm,
/** pix,
# TODO: when dbus hits:
dbus,
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1294797/+subscriptions