[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
It should be fixed as of the AppArmor 3.0 release. With 3.0 the handling
of jobs doesn't stop with an error unless --abort-on-error is specified.
Instead the parser will keep track of the last error and return that
there was an error, but it will keep processing the rest of the jobs.
We did not close this for 3.0 as we wanted more time, to make sure we
have it fixed. But we are considering it fixed on the dev branch. Though
christian did turn up another corner case the other day
https://gitlab.com/apparmor/apparmor/-/issues/215 that we need to finish
fixing.
** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #215
https://gitlab.com/apparmor/apparmor/-/issues/215
** Changed in: apparmor
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in AppArmor:
Fix Committed
Status in apparmor package in Ubuntu:
Fix Released
Status in click-apparmor package in Ubuntu:
Fix Released
Status in apparmor package in Ubuntu RTM:
Fix Released
Status in click-apparmor package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo >
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u > /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u > /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
I'm a bit confused:
* On the one hand, this bug is *not* marked is fixed in AppArmor
upstream; the only reason it was marked as "Fix Released" for Ubuntu is
the pile of kludges added in /lib/apparmor/functions, that I migrated to
rc.apparmor.functions upstream a few years back.
* On the other hand, the aforementioned pile of kludges was removed by
https://gitlab.com/apparmor/apparmor/-/commit/0b8ea047e88b250862da73a968b1cd1f8b7f6b91
because "LP:1377338 has been fixed for quite awhile".
So, it seems to me that:
* Either the parser bug was actually fixed upstream, and then the status this
bug is incorrect: it should be "Fix Released".
* Or the parser bug is still there, and then
0b8ea047e88b250862da73a968b1cd1f8b7f6b91 was done based on a misunderstanding.
Which is it?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in AppArmor:
Triaged
Status in apparmor package in Ubuntu:
Fix Released
Status in click-apparmor package in Ubuntu:
Fix Released
Status in apparmor package in Ubuntu RTM:
Fix Released
Status in click-apparmor package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo >
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u > /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u > /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
Along with LP: #1488179, this is one source of ugliness in current
Debian/Ubuntu initscript, that makes it harder than needed to port it to
systemd.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in AppArmor:
Triaged
Status in apparmor package in Ubuntu:
Fix Released
Status in click-apparmor package in Ubuntu:
Fix Released
Status in apparmor package in Ubuntu RTM:
Fix Released
Status in click-apparmor package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
** Tags added: aa-parser
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
Triaged
Status in “click-apparmor” package in Ubuntu:
Fix Released
Status in “apparmor” package in Ubuntu RTM:
Fix Released
Status in “click-apparmor” package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
14.10 had workaround in place in 2.8.98-0ubuntu2
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor
Status: New = Triaged
** Changed in: apparmor
Importance: Undecided = Medium
** Changed in: apparmor (Ubuntu)
Status: Triaged = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in AppArmor Linux application security framework:
Triaged
Status in “apparmor” package in Ubuntu:
Fix Released
Status in “click-apparmor” package in Ubuntu:
Fix Released
Status in “apparmor” package in Ubuntu RTM:
Fix Released
Status in “click-apparmor” package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
The cause of the corruption is believed to be an interaction between the
click-system-hooks and the apparmor upstart jobs. click-apparmor will be
adjusted to use a blocking lockfile to avoid the corruption. As such,
the apparmor task priority can be reduced.
After discussing with the apparmor team, fixing the parser bug can (and
should be done) but it more involved that the cache bug and we can't fix
it in time for rtm. If the lockfile doesn't fully address this issue, we
can go back to using '-n1' with xargs unconditionally in
/lib/apparmor/functions.
** Also affects: click-apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: click-apparmor (Ubuntu)
Status: New = In Progress
** Changed in: click-apparmor (Ubuntu)
Importance: Undecided = Critical
** Changed in: click-apparmor (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
** Also affects: click-apparmor (Ubuntu RTM)
Importance: Undecided
Status: New
** Changed in: click-apparmor (Ubuntu RTM)
Status: New = In Progress
** Changed in: click-apparmor (Ubuntu RTM)
Importance: Undecided = Critical
** Changed in: click-apparmor (Ubuntu RTM)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu RTM)
Importance: Critical = Medium
** Changed in: apparmor (Ubuntu)
Importance: Critical = Medium
** Changed in: apparmor (Ubuntu RTM)
Status: In Progress = Triaged
** Changed in: apparmor (Ubuntu)
Status: In Progress = Triaged
** No longer affects: apparmor (Ubuntu RTM)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
Triaged
Status in “click-apparmor” package in Ubuntu:
In Progress
Status in “click-apparmor” package in Ubuntu RTM:
In Progress
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
Upon further investigation, python3-apparmor-click and python3-apparmor-
easyprof both use shutil.move() to put a temp file into place.
shutil.move() will use os.rename() if the files reside on the same file,
but will use shutil.copy2() followed by an unlink otherwise. Since the
tempfile.mkstemp() in both cases does not specify to use a different
temp directory (ie, dir=None), these files will be created in /tmp,
which is a tmpfs on devices (verified on mako), therefore the
shutil.move() is not atomic. This confirms that utilizing a blocking
lock file will prevent at least some forms of races and corruption. We
could adjust the mkstemp() call to use the same filesystem, however,
that would result in unexpected behavior when two aa-clickhooks are run
at the same time (ie, both would think they did everything correctly but
each could have missed something).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
Triaged
Status in “click-apparmor” package in Ubuntu:
In Progress
Status in “click-apparmor” package in Ubuntu RTM:
In Progress
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
For rtm I can add a workaround to /lib/apparmor/functions to fallback to
using -n1 if tha parser fails on the profile set. This is a minimal
change and retains the performance improvements of not using -n1 in the
normal case of things being ok. However, we want to remove this and rely
on the parser handling this correctly going forward.
** Also affects: apparmor (Ubuntu RTM)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu RTM)
Importance: Undecided = High
** Changed in: apparmor (Ubuntu RTM)
Status: New = In Progress
** Changed in: apparmor (Ubuntu RTM)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
Triaged
Status in “click-apparmor” package in Ubuntu:
In Progress
Status in “apparmor” package in Ubuntu RTM:
In Progress
Status in “click-apparmor” package in Ubuntu RTM:
In Progress
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
This bug was fixed in the package click-apparmor - 0.2.11.1
---
click-apparmor (0.2.11.1) utopic; urgency=medium
* aa-clickhook: don't remove the lock file so we can properly handle 3 or
more processes contending for the lock
click-apparmor (0.2.11) utopic; urgency=medium
* apparmor/click.py: be more careful with out_fn assignment in
output_policy()
* aa-clickhook: implement blocking lockfile to make sure this script does
not run concurrently with itself (LP: #1377338)
-- Jamie Strandboge ja...@ubuntu.com Tue, 07 Oct 2014 09:32:53 -0500
** Changed in: click-apparmor (Ubuntu RTM)
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
Triaged
Status in “click-apparmor” package in Ubuntu:
In Progress
Status in “apparmor” package in Ubuntu RTM:
In Progress
Status in “click-apparmor” package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
This bug was fixed in the package click-apparmor - 0.2.11.1
---
click-apparmor (0.2.11.1) utopic; urgency=medium
* aa-clickhook: don't remove the lock file so we can properly handle 3 or
more processes contending for the lock
click-apparmor (0.2.11) utopic; urgency=medium
* apparmor/click.py: be more careful with out_fn assignment in
output_policy()
* aa-clickhook: implement blocking lockfile to make sure this script does
not run concurrently with itself (LP: #1377338)
-- Jamie Strandboge ja...@ubuntu.com Tue, 07 Oct 2014 09:32:53 -0500
** Changed in: click-apparmor (Ubuntu)
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
Triaged
Status in “click-apparmor” package in Ubuntu:
Fix Released
Status in “apparmor” package in Ubuntu RTM:
In Progress
Status in “click-apparmor” package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
This bug was fixed in the package apparmor - 2.8.96~2652-0ubuntu5.1
---
apparmor (2.8.96~2652-0ubuntu5.1) 14.09; urgency=medium
* debian/apparmor.{upstart,init}: check if click-apparmor md5sums changed so
we regenerate the policy if it changes too (LP: #1371574)
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
to load a profile set. This should be removed when the parser properly
handles profile sets with corrupted profiles (LP: #1377338).
-- Jamie Strandboge ja...@ubuntu.com Tue, 07 Oct 2014 09:24:45 -0500
** Changed in: apparmor (Ubuntu RTM)
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
Triaged
Status in “click-apparmor” package in Ubuntu:
Fix Released
Status in “apparmor” package in Ubuntu RTM:
Fix Released
Status in “click-apparmor” package in Ubuntu RTM:
Fix Released
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
** Changed in: apparmor (Ubuntu)
Status: New = In Progress
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Tags added: rtm14 touch-2014-10-09
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
In Progress
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1377338] Re: apparmor may fail to load some profiles if one is corrupted
** Also affects: apparmor (Ubuntu RTM)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu RTM)
Status: New = In Progress
** Changed in: apparmor (Ubuntu RTM)
Importance: Undecided = Critical
** Changed in: apparmor (Ubuntu RTM)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor” package in Ubuntu:
In Progress
Status in “apparmor” package in Ubuntu RTM:
In Progress
Bug description:
Steps to reproduce (on the emulator):
1. sudo sh -c 'echo foo
/var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638'
2. sudo start apparmor ACTION=teardown
3. sudo start apparmor
start: Job failed to start
4. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_bad
5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638
6. sudo aa-clickhook # regenerates the missing profile to had a good one
7. sudo start apparmor ACTION=teardown
8. sudo start apparmor
9. sudo aa-status|egrep '^ '|grep -v '('| sort -u /tmp/aa-status.music_good
10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good
--- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +
+++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +
@@ -13,6 +13,10 @@
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper
com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18
com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66
+ com.ubuntu.music_music_1.3.638
+ com.ubuntu.shorts_shorts_0.2.330
+ com.ubuntu.sudoku_sudoku_1.1.292
+ com.ubuntu.weather_weather_1.1.374
lxc-container-default
lxc-container-default-with-mounting
lxc-container-default-with-nesting
Expected results: only com.ubuntu.music_music_1.3.638 should be
missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
