touch-packages team mailing list archive

Thread
Date

[Bug 1478716] Re: aa-genprof crashes when analyzing audit log

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Christian Boltz <1478716@xxxxxxxxxxxxxxxxxx>
Date: Mon, 27 Jul 2015 23:39:27 -0000
Reply-to: Bug 1478716 <1478716@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

"Log contains unknown mode senw reaeive aonneat" - that's "send receive
connect" in the log, and is caused by bug 1243932 and bug 1426651. Both
are fixed in 2.9.2, so Ubuntu should provide updated packages. (Actually
they should wait for 2.9.3 because it contains some more fixes.)

Yes, it's easy to say that for me - I'm "only" working on the aa-* tools
and the openSUSE packages, but don't know anything about Ubuntu
packaging ;-)

If you need the working version _now_, do a bzr checkout of the latest upstream code (trunk or 2.9 branch). You can use the tools directly inside the checkout directory without installing them somewhere:
    cd utils
    python3 aa-logprof  # or "python aa-logprof" depending if you have python-libapparmor or python3-libapparmor installed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1478716

Title:
  aa-genprof crashes when analyzing audit log

Status in apparmor package in Ubuntu:
  New

Bug description:
  Package version: 2.9.1-0ubuntu9
  Kernel version: 3.19.0-25-generic
  Ubuntu version: 15.04 64 bit Desktop

  When I try to generate a profile for Thunderbid using the following commands, it crashes:
  aa-autodep /usr/lib/thunderbird/thunderbird
  aa-genprof /usr/lib/thunderbird/thunderbird

  Genprof crashes during even scanning (after typing 's' and hitting Enter for scan) with the following error:
  [(S)can system log for AppArmor events] / (F)inish
  Reading log entries from /var/log/audit/audit.log.
  Traceback (most recent call last):
    File "/usr/sbin/aa-genprof", line 155, in <module>
      lp_ret = apparmor.do_logprof_pass(logmark, passno)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2276, in do_logprof_pass
      log = log_reader.read_log(logmark)
    File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 351, in read_log
      event = self.parse_log_record(line)
    File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 88, in parse_log_record
      record_event = self.parse_event(record)
    File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 127, in parse_event
      raise AppArmorException(_('Log contains unknown mode %s') % rmask)
  apparmor.common.AppArmorException: 'Log contains unknown mode senw reaeive aonneat'

  Note: I'm using auditd because it doesn't seem to find any logs
  without it even though there are events logged in syslog. The
  following bug is related:
  https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1432350

  Here is the full audit log:
  http://demo.ovh.eu/en/0d29353520f9de997f788a72897b8338/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1478716/+subscriptions

References

[Bug 1478716] [NEW] aa-genprof crashes when analyzing audit log
From: Thomas d'Otreppe, 2015-07-27