[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include
** Changed in: apparmor/2.9 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include Status in AppArmor: Fix Released Status in AppArmor 2.9 series: Fix Released Status in apparmor package in Ubuntu: Fix Released Bug description: aa-logprof crashes on profiles that contain an #include _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File "aa-logprof", line 54, in apparmor.do_logprof_pass(logmark) File "/home/cb/apparmor/2.9-branch/utils/apparmor/aa.py", line 2297, in do_logprof_pass collapse_log() File "/home/cb/apparmor/2.9-branch/utils/apparmor/aa.py", line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File "/home/cb/apparmor/2.9-branch/utils/apparmor/aa.py", line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File "aa-logprof", line 50, in apparmor.do_logprof_pass(logmark) File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 2189, in do_logprof_pass collapse_log() File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f <(echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor="ALLOWED" operation="accept" profile="/usr/sbin/apache2" pid=18852 comm="apache2" lport=443 family="inet6" sock_type="raw" protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
This bug was fixed in the package apparmor - 2.10-0ubuntu2 --- apparmor (2.10-0ubuntu2) wily; urgency=medium * debian/patches/aa-status-dont_require_python3-apparmor.patch: make aa-status(8) work even when python3-apparmor is not installed, otherwise dh_apparmor postinst snippets can fail (LP: #1480492) * debian/control: make apparmor-utils depend on the same package version of python3-apparmor -- Steve Beattie sbeat...@ubuntu.com Fri, 31 Jul 2015 16:35:03 -0700 ** Changed in: apparmor (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor: Fix Released Status in AppArmor 2.9 series: Fix Committed Status in apparmor package in Ubuntu: Fix Released Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
** Branch linked: lp:ubuntu/wily-proposed/apparmor -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor: Fix Released Status in AppArmor 2.9 series: Fix Committed Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
** Also affects: apparmor/2.9 Importance: Undecided Status: New ** Changed in: apparmor/2.9 Status: New = Fix Committed ** Changed in: apparmor Milestone: 2.9.3 = 2.10 ** Changed in: apparmor/2.9 Milestone: None = 2.9.3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor: Fix Committed Status in AppArmor 2.9 series: Fix Committed Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
AppArmor 2.10 has been released: https://launchpad.net/apparmor/2.10/2.10 ** Changed in: apparmor Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor: Fix Released Status in AppArmor 2.9 series: Fix Committed Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
** Branch linked: lp:apparmor/2.9 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor Linux application security framework: In Progress Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
Patches commited to trunk and 2.9. ** Changed in: apparmor Status: In Progress = Fix Committed ** Changed in: apparmor Milestone: None = 2.9.3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor Linux application security framework: Fix Committed Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
** Branch linked: lp:apparmor -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor Linux application security framework: Fix Committed Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
Patch for 2.9 also sent to ML. Note that the trunk patch actually honors the content of the include directory, while the 2.9 patch just avoids the crash. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor Linux application security framework: In Progress Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1471425] Re: aa-logprof crash on #include directory
patches for trunk sent to ML. ** Changed in: apparmor Status: New = In Progress ** Changed in: apparmor Assignee: (unassigned) = Christian Boltz (cboltz) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1471425 Title: aa-logprof crash on #include directory Status in AppArmor Linux application security framework: In Progress Status in apparmor package in Ubuntu: New Bug description: aa-logprof crashes on profiles that contain an #include directory _if_ there are events for this profile. 2.9 crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 54, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2297, in do_logprof_pass collapse_log() File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 2533, in collapse_log if not profile_known_network(aa[profile][hat], family, sock_type): File /home/cb/apparmor/2.9-branch/utils/apparmor/aa.py, line 4394, in profile_known_network if netrules_access_check(include[incname][incname]['deny']['netdomain'], family, sock_type): KeyError: 'apache2.d' trunk crash: # aa-logprof -f /tmp/syslog Lese Logeinträge von /tmp/syslog. Aktualisiere AppArmor-Profile in /etc/apparmor.d. Traceback (most recent call last): File aa-logprof, line 50, in module apparmor.do_logprof_pass(logmark) File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2189, in do_logprof_pass collapse_log() File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 2426, in collapse_log if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): File /home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py, line 4099, in is_known_rule if include[incname][incname].get(rule_type, False): KeyError: 'apache2.d' Reproducer: (slightly faked log event, apache didn't request network raw) aa-logprof -f (echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(1435811994.122:696484): apparmor=ALLOWED operation=accept profile=/usr/sbin/apache2 pid=18852 comm=apache2 lport=443 family=inet6 sock_type=raw protocol=6') Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include. I'm afraid that this affects the profile_known_*() functions for all rule types. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1471425/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
