Also backported to the 2.12 and 2.13 branch, will be in 2.12.2 and
2.13.2.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains mu
Done - https://gitlab.com/apparmor/apparmor/merge_requests/131 will be
part of AppArmor 3.0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if
For the records - I'm just working on a different implementation of
"(V)iew Changes", which will also replace the workaround with a real fix
:-) This will probably be in AppArmor 3.0, and will appear as merge
request on gitlab this weekend.
--
You received this bug notification because you are a
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains multiple
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains mul
This bug was fixed in the package apparmor - 2.10.95-0ubuntu1
---
apparmor (2.10.95-0ubuntu1) xenial; urgency=medium
* Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
- Allow Apache prefork profile to chown(2) files (LP: #1210514)
- Allow deluge-gtk and deluge-consol
Not really - they show that you also need some exec rules - probably something
like
/bin/sh ix,
/usr/bin/sendmail Px,
Note that I guessed the directory names (only the program's filename is
shown in the messages you provided), and that you'll need a separate
profile for sendmail if you us
So can I ignore this entries if I profiling by hand?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains multiple
profiles
To
The null-* subprofiles are automatically created by the kernel if a
program in complain mode executes another program, and there's no
execute rule (ix, Px, Cx or Ux) for that yet.
There should be a line with operation="exec" some lines above the lines
you pasted that show what exactly gets execute
I have question:
In logs I see entries like
apparmor="ALLOWED" operation="file_inherit"
profile="/usr/sbin/apache2//DEFAULT_URI//null-d5c" name="/dev/null" comm="sh"
requested_mask="w" denied_mask="w" fsuid=33 ouid=0
or
apparmor="ALLOWED" operation="file_inherit"
profile="/usr/sbin/apache2//D
Workaround patch commited to trunk r 3380 and 2.10 branch r3317 - a
failing serialize_profile_from_old_profile() (which will only happen if
a file contains multiple profiles, so it's hopefully a corner case) will
now print an error message that recommends the clean diff instead of
crashing.
** Cha
** Branch linked: lp:apparmor
** Branch linked: lp:apparmor/2.10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains multiple
Weird, I downloaded via bzr branch lp:apparmor command.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains multiple
profiles
Hmm, this looks like you don't have the latest trunk checkout - this is
bug 1525119 which is fixed since 2015-12-12.
Another detail confirms that you have an outdated checkout:
rmask = rmask.replace('c', 'a')
We changed 'a' to 'w' a month ago ;-) (see bzr log -r3279 for background info)
--
Y
I patched aa-.py (trunk version) but aa-logprof still crashes.
python3 ./aa-logprof -f /var/log/kern.log
Reading log entries from /var/log/kern.log.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "./aa-logprof", line 50, in
apparmor.do_logprof_pass(l
Depends on the exact traceback ;-) - I can only say that bzr trunk
didn't crash anymore after applying the fix from comment 7.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize
ok, I will do new bug report. But what about aa-logprof crashes from
comment #12?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file cont
Which messages exactly?
(Please open a new bug for it, because that's totally unrelated to the crash
reported here.)
(It can't be something with a strange log format, because aa-logprof
understands your log in general.)
--
You received this bug notification because you are a member of Ubuntu
Bu
I'm already downloaded branch version of apparmor and it's still doesn't
see DENIED messages.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash
I found it. After split file on two different profiles aa-logprof still
crashes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file conta
Comment 9 is a different bug, see https://launchpad.net/bugs/1525119
(already fixed in bzr). Since logparser.py got quite some fixes since
the 2.10 release, try replacing your logparser.py with
http://bazaar.launchpad.net/~apparmor-
dev/apparmor/2.10/view/head:/utils/apparmor/logparser.py (I can't
I don't have that /usr/lib/NetworkManager/nm-dhcp-client.action file and
I dont have profile for it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile()
I patched aa.py file with standard Ubuntu version (2.10) but error still
occurs.
sudo aa-logprof -f /var/log/kern.log
Reading log entries from /var/log/kern.log.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in
apparm
Nice, launchpad killed the whitespace in the patch. See
https://lists.ubuntu.com/archives/apparmor/2015-December/009025.html
for a usable version ;-)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/15281
So I have good and bad news.
Let me start with the bad news:
profile_data / write_prof_data (in serialize_profile_from_old_profile())
contain only one profile with its hats. This will explode if a file
contains multiple profiles, as reported in this bug.
Fixing this needs lots of write_prof_data
** Summary changed:
- aa-logprof crash again
+ serialize_profile_from_old_profile() crash if file contains multiple profiles
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_p
26 matches
Mail list logo