[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
> There is also a python parser (in aa.py) which only seems to understand the > 'include ' > syntax and it is this which throws errors when running the utility commands. Exactly, that's the cause of this bug. I'll change the title to make it obvious. Interestingly, it has been this way for years (I checked 2.9, but it probably also affects even older versions) without someone noticing it. Therefore this bug doesn't qualify as regression IMHO ;-) ** Summary changed: - Potential regression found with apparmor test on Xenial/Zesty + utils don't understand «include "/where/ever"» (was: Potential regression found with apparmor test on Xenial/Zesty) ** Also affects: apparmor Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: utils don't understand «include "/where/ever"» (was: Potential regression found with apparmor test on Xenial/Zesty) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
This appears to be being triggered because there are actually two independent profile parsers in apparmor. There is a C version used by the apparmor_parse which correctly interprets the 'include "xxx"' syntax and then loads the profile. There is also a python parser (in aa.py) which only seems to understand the 'include ' syntax and it is this which throws errors when running the utility commands. ** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Changed in: snapd (Ubuntu) Status: New => Invalid ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
These errors are throwing the qrt-apparmor test suite out. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
Ok this seems to be an issue with some of the basic apparmor commands not preprocessing the profiles when working on them. If we ask apparmor to parse the file in question it is happy to do so: apparmor_parser -p -Q /etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine [...] # Those are discussed on https://forum.snapcraft.io/t/snapd-vs-upstream-kernel-vs-apparmor # and https://forum.snapcraft.io/t/snaps-and-nfs-home/ ##included "/var/lib/snapd/apparmor/snap-confine.d" # We run privileged, so be fanatical about what we include and don't use # any abstractions /etc/ld.so.cache r, [...] However, it does not seem to handle this well when we use some of the associated utilities: $ sudo aa-complain foo ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, $ sudo aa-disable foo ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
** Description changed: Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41, across different architectures Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error message: ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, (BTW the include and this ld.so.cache are not in the same line, please refer to comment #3 for attachment) This issue will gone if you downgrade the snapd and ubuntu-core-launcher package: sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 Debug information: ubuntu@kernel01:~$ snap version snap2.29.3 snapd 2.29.3 series 16 ubuntu 16.04 kernel 4.4.0-102-generic ubuntu@kernel01:~$ apt list snapd Listing... Done snapd/xenial-proposed,now 2.29.3 s390x [installed] N: There are 2 additional versions. Please use the '-a' switch to see them. ubuntu@kernel01:~$ apt list apparmor -a Listing... Done apparmor/xenial-updates,now 2.10.95-0ubuntu2.7 s390x [installed] apparmor/xenial-security 2.10.95-0ubuntu2.6 s390x apparmor/xenial 2.10.95-0ubuntu2 s390x + Steps to run the Apparmor test from QA Regression testing suite: + 1. git clone --depth 1 https://git.launchpad.net/qa-regression-testing + 2. sudo ./qa-regression-testing/scripts/test-apparmor.py ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-102-generic 4.4.0-102.125 ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98 Uname: Linux 4.4.0-102-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.13 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: Date: Thu Nov 23 01:36:31 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C SHELL=/bin/bash ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85 crashkernel=196M BOOT_IMAGE=0 RelatedPackageVersions: linux-restricted-modules-4.4.0-102-generic N/A linux-backports-modules-4.4.0-102-generic N/A linux-firmware 1.157.13 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
** Description changed: Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41, across different architectures Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error message: ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, (BTW the include and this ld.so.cache are not in the same line, please refer to comment #3 for attachment) This issue will gone if you downgrade the snapd and ubuntu-core-launcher package: sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 + + Debug information: + ubuntu@kernel01:~$ snap version + snap2.29.3 + snapd 2.29.3 + series 16 + ubuntu 16.04 + kernel 4.4.0-102-generic + + ubuntu@kernel01:~$ apt list snapd + Listing... Done + snapd/xenial-proposed,now 2.29.3 s390x [installed] + N: There are 2 additional versions. Please use the '-a' switch to see them. + ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-102-generic 4.4.0-102.125 ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98 Uname: Linux 4.4.0-102-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.13 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: Date: Thu Nov 23 01:36:31 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C SHELL=/bin/bash ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85 crashkernel=196M BOOT_IMAGE=0 RelatedPackageVersions: linux-restricted-modules-4.4.0-102-generic N/A linux-backports-modules-4.4.0-102-generic N/A linux-firmware 1.157.13 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) ** Description changed: Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41, across different architectures Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error message: ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, (BTW the include and this ld.so.cache are not in the same line, please refer to comment #3 for attachment) This issue will gone if you downgrade the snapd and ubuntu-core-launcher package: sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 Debug information: ubuntu@kernel01:~$ snap version snap2.29.3 snapd 2.29.3 series 16 ubuntu 16.04 kernel 4.4.0-102-generic ubuntu@kernel01:~$ apt list snapd Listing... Done snapd/xenial-proposed,now 2.29.3 s390x [installed] N: There are 2 additional versions. Please use the '-a' switch to see them. + + ubuntu@kernel01:~$ apt list apparmor -a + Listing... Done + apparmor/xenial-updates,now 2.10.95-0ubuntu2.7 s390x [installed] + apparmor/xenial-security 2.10.95-0ubuntu2.6 s390x + apparmor/xenial 2.10.95-0ubuntu2 s390x ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-102-generic 4.4.0-102.125 ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98 Uname: Linux 4.4.0-102-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.13 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: Date: Thu Nov 23 01:36:31 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C SHELL=/bin/bash ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85 crashkernel=196M BOOT_IMAGE=0 RelatedPackageVersions:
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
Could you please also include the output of "snap version" and "apt list snapd" ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
Tested with snapd 2.29.3+17.10 on Artful with kernel 4.13.0-17 (the proposed one will be 4.13.0-18), this issue can be reproduced. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
** Description changed: Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41, across different architectures Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error message: ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, + (BTW the include and this ld.so.cache are not in the same line, please + refer to comment #3 for attachment) + This issue will gone if you downgrade the snapd and ubuntu-core-launcher package: - sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 - + sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-102-generic 4.4.0-102.125 ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98 Uname: Linux 4.4.0-102-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.13 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: Date: Thu Nov 23 01:36:31 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C SHELL=/bin/bash ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85 crashkernel=196M BOOT_IMAGE=0 RelatedPackageVersions: linux-restricted-modules-4.4.0-102-generic N/A linux-backports-modules-4.4.0-102-generic N/A linux-firmware 1.157.13 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
We believe this is a kernel/apparmor issue. The apparmor documentation (http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Include_statements) lists "include" as a valid include. We are happy to fix snapd but I'm sure there a many existing profiles (beside snapd from other packages or user written ones) that will break if this change lands. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
The /etc/apparmor.d/usr.lib.snapd.snap-confine.real file from affected system. ** Attachment added: "usr.lib.snapd.snap-confine.real" https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1734038/+attachment/5013303/+files/usr.lib.snapd.snap-confine.real -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
** Description changed: Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41, across different architectures Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error message: - ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: - include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, + ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: + include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, + + This issue will gone if you downgrade the snapd and ubuntu-core-launcher package: + sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 + ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-102-generic 4.4.0-102.125 ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98 Uname: Linux 4.4.0-102-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.13 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: - + Date: Thu Nov 23 01:36:31 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: - + Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: - + ProcEnviron: - TERM=xterm-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR= - LANG=C - SHELL=/bin/bash + TERM=xterm-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR= + LANG=C + SHELL=/bin/bash ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85 crashkernel=196M BOOT_IMAGE=0 RelatedPackageVersions: - linux-restricted-modules-4.4.0-102-generic N/A - linux-backports-modules-4.4.0-102-generic N/A - linux-firmware 1.157.13 + linux-restricted-modules-4.4.0-102-generic N/A + linux-backports-modules-4.4.0-102-generic N/A + linux-firmware 1.157.13 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) ** Tags added: regression-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1734038] Re: Potential regression found with apparmor test on Xenial/Zesty
** Also affects: snapd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: Potential regression found with apparmor test on Xenial/Zesty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
