Hello, if the audit.log contains an event for a non-existing profile (this can happen when running with a foreign log or if the user manually deleted a profile or hat), propose_file_rules() crashes because rule_obj is None instead of a profile_storage() struct.
This patch adds a check that skips events for non-existing profiles and
hats.
Note: I'm quite sure this happens only for file events (because the
other rule types don't have something similar to propose_file_rules(),
therefore no backport to older versions is needed.
[ 26-avoid-logprof-crash-on-nonexisting-profiles.diff ]
--- utils/apparmor/aa.py 2016-05-26 20:37:44.768619083 +0200
+++ utils/apparmor/aa.py 2016-05-26 21:59:57.918885644 +0200
@@ -1558,6 +1558,14 @@
hats = [profile] + hats
for hat in hats:
+
+ if not aa[profile].get(hat).get('file'):
+ # Ignore log events for a non-existing profile or child
profile. Such events can occour
+ # after deleting a profile or hat manually, or when
processing a foreign log.
+ # (Checking for 'file' is a simplified way to check if
it's a profile_storage() struct.)
+ debug_logger.debug("Ignoring events for non-existing
profile %s" % combine_name(profile, hat))
+ continue
+
for ruletype in ruletypes:
for rule_obj in
log_dict[aamode][profile][hat][ruletype].rules:
# XXX aa-mergeprof also has this code - if you change
it, keep aa-mergeprof in sync!
Regards,
Christian Boltz
--
Das hätte man auch kürzer sagen können:
| "Please don't use evolution anymore. It's not intended as a
| mailingprogramm, we're just riding around a little bit on our
| C-Compilers to find out how to break the rules."
Yes, sir. Nice outlooks. [Ratti in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
