Hello Me, or anyone else affected, Accepted apparmor into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: apparmor (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1577051 Title: aa-logprof fails with unknown mode "reweive" Status in AppArmor: Confirmed Status in Linux Mint: New Status in apparmor package in Ubuntu: Fix Released Status in apparmor source package in Xenial: Fix Committed Bug description: [Impact] AppArmor policy developers cannot use aa-logprof without it exiting with a traceback on certain denial messages. [Test Case] $ echo 'Apr 30 21:53:05 nova kernel: [24668.960760] audit: \ type=1400 audit(1462045985.636:2154): apparmor="DENIED" \ operation="file_perm" profile="foo" pid=12529 comm="java" \ laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 fport=52308 \ family="inet6" sock_type="stream" ^Cotocol=6 requested_mask="receive" \ denied_mask="receive"' > /tmp/log $ mkdir -p /tmp/profiles && printf "profile foo {\n}" > /tmp/profiles/foo $ aa-logprof -f /tmp/log -d /tmp/profiles Expected output of the last command is: Reading log entries from /tmp/log. Updating AppArmor profiles in /tmp/profiles. [Regression Potential] There is little potential for regression. This "hotfix" could result in some slight confusion because the problematic denial messages will simply be ignored but it allows aa-logprof to do its intended job without unexpectedly exiting. [Original Report] Ubuntu 16.04. Profiling apache tomcat. 1) aa-genprof on the catalina.sh script that is used to start and stop tomcat. 2) Start and stop tomcat. 3) Scan and save the profile. 4) aa-complain on the tomcat profile 5) Start tomcat again and this time also send a http request to tomcat. 6) Run aa-logprof which fails with this message Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in read_log self.add_event_to_tree(event) File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in add_event_to_tree e = self.parse_event_for_tree(e) File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in parse_event_for_tree raise AppArmorException(_('Log contains unknown mode %s') % rmask) apparmor.common.AppArmorException: 'Log contains unknown mode reweive' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/sbin/aa-logprof", line 50, in <module> apparmor.do_logprof_pass(logmark) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in do_logprof_pass log = log_reader.read_log(logmark) File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in read_log raise AppArmorBug(ex_msg) # py3-only: from None apparmor.common.AppArmorBug: Log contains unknown mode reweive This error was caused by the log line: Apr 30 21:53:05 nova kernel: [24668.960760] audit: type=1400 audit(1462045985.636:2154): apparmor="ALLOWED" operation="file_perm" profile="/usr/local/apache-tomcat-8.0.33/bin/catalina.sh///usr/local/jdk1.8.0_92/bin/java" pid=12529 comm="java" laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 fport=52308 family="inet6" sock_type="stream" protocol=6 requested_mask="receive" denied_mask="receive" An unexpected error occoured! For details, see /tmp/apparmor-bugreport-wj6gamog.txt Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ and attach this file. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1577051/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
