** Description changed:
[Impact]
* aa-logprof does not work when dbus rule denials are present in the
logs
- [Test Case]
+ [Automated Test Case]
+
+ * test_lp1243932_send, test_lp1243932_receive, and test_lp1243932_bind
+ have been added to QRT's test-apparmor.py test script
+
+ [Manual Test Case]
* Load a profile that does not grant D-Bus access and create a D-Bus denial.
Then,
- test aa-logprof.
+ test aa-logprof.
- $ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
- $ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
- --dest=org.freedesktop.DBus /org/freedesktop/DBus
org.freedesktop.DBus.ListNames
- Failed to open connection to "system" message bus: An AppArmor policy
prevents this
- sender from sending this message to this recipient, 0 matched rules;
- type="method_call", sender="(null)" (inactive)
interface="org.freedesktop.DBus"
- member="Hello" error name="(unset)" requested_reply="0"
- destination="org.freedesktop.DBus" (bus)
- $ aa-logprof -f /dev/null
- Reading log entries from /dev/null.
- Updating AppArmor profiles in /etc/apparmor.d.
+ $ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
+ $ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
+ --dest=org.freedesktop.DBus /org/freedesktop/DBus
org.freedesktop.DBus.ListNames
+ Failed to open connection to "system" message bus: An AppArmor policy
prevents this
+ sender from sending this message to this recipient, 0 matched rules;
+ type="method_call", sender="(null)" (inactive)
interface="org.freedesktop.DBus"
+ member="Hello" error name="(unset)" requested_reply="0"
+ destination="org.freedesktop.DBus" (bus)
+ $ aa-logprof -f /dev/null
+ Reading log entries from /dev/null.
+ Updating AppArmor profiles in /etc/apparmor.d.
An unpatched aa-logprof will print similar output followed by:
- Log contains unknown mode senw.
+ Log contains unknown mode senw.
[Regression Potential]
* The regression potential is low since aa-logprof currently refuses to work
when D-Bus
- denials are present. The fix is minimal and has been reviewed by upstream.
+ denials are present. The fix is minimal and has been reviewed by upstream.
[Original Bug Report]
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus"
interface="org.freedesktop.DBus" member="Hello" mask="send"
name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-
gnome" peer_profile="unconfined"
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'),
$rmask));
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1243932
Title:
aa-logprof: Log contains unknown mode senw
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1243932/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
