** Description changed:
+ [Impact]
+
+ * aa-logprof does not work when dbus rule denials are present in the
+ logs
+
+ [Test Case]
+
+ * Load a profile that does not grant D-Bus access and create a D-Bus denial.
Then,
+ test aa-logprof.
+
+ $ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
+ $ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
+ --dest=org.freedesktop.DBus /org/freedesktop/DBus
org.freedesktop.DBus.ListNames
+ Failed to open connection to "system" message bus: An AppArmor policy
prevents this
+ sender from sending this message to this recipient, 0 matched rules;
+ type="method_call", sender="(null)" (inactive)
interface="org.freedesktop.DBus"
+ member="Hello" error name="(unset)" requested_reply="0"
+ destination="org.freedesktop.DBus" (bus)
+ $ aa-logprof -f /dev/null
+ Reading log entries from /dev/null.
+ Updating AppArmor profiles in /etc/apparmor.d.
+
+ An unpatched aa-logprof will print similar output followed by:
+
+ Log contains unknown mode senw.
+
+ [Regression Potential]
+
+ * The regression potential is low since aa-logprof currently refuses to work
when D-Bus
+ denials are present. The fix is minimal and has been reviewed by upstream.
+
+ [Original Bug Report]
+
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus"
interface="org.freedesktop.DBus" member="Hello" mask="send"
name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-
gnome" peer_profile="unconfined"
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'),
$rmask));
-
ubuntu 13.10 amd64.
apparmor-utils:
- Installed: 2.8.0-0ubuntu31
- Candidate: 2.8.0-0ubuntu31
- Version table:
- *** 2.8.0-0ubuntu31 0
- 500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
+ Installed: 2.8.0-0ubuntu31
+ Candidate: 2.8.0-0ubuntu31
+ Version table:
+ *** 2.8.0-0ubuntu31 0
+ 500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1243932
Title:
aa-logprof: Log contains unknown mode senw
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1243932/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
