I've added tests for this bug and bug 1243932 to QRT's test-apparmor.py.
I've successfully ran the new tests on Trusty and Saucy. I ran the tests
under a Trusty/Saucy, Raring, and Lucid kernels to test all potential
policy load scenarios. All scenarios pass.
** Description changed:
[Impact]
On older kernels that are missing certain AppArmor patches related to
AppArmor D-Bus mediation, the presence of dbus rules in the binary
AppArmor policy will result in policy load failures and, as a result,
applications may run unconfined. On newer kernels that are missing the
same patches mentioned above, the policy load will succeed but the dbus
rules will be quietly ignored.
- [Test Case]
+ [Automated Test Case]
+
+ * test_lp1231778 has been added to QRT's test-apparmor.py script
+ * Run the test under the latest Saucy, Raring, and Lucid kernels to excercise
all possible test load scenarios
+
+ [Manual Test Case]
* Install and reboot into older, unpatched mainline kernel (such as
3.1.10-030110-generic)
* Bad test results on the mainline 3.1.10 kernel:
$ echo "/t { dbus, }" | sudo apparmor_parser -r
Cache read/write disabled: /sys/kernel/security/apparmor/features interface
file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from stdin (line 1): apparmor_parser: cannot use or update cache,
disable, or force-complain via stdin
apparmor_parser: Unable to replace "/t". Profile doesn't conform to protocol
* Good test results on the mainline 3.1.10 kernel with a patched
apparmor_parser:
$ echo "/t { dbus, }" | sudo apparmor_parser -r
Cache read/write disabled: /sys/kernel/security/apparmor/features interface
file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from stdin (line 1): apparmor_parser: cannot use or update cache,
disable, or force-complain via stdin
Warning from stdin (stdin line 2): profile /t dbus rules not enforced
* Install and reboot into newer, unpatched mainline kernel (such as
3.12.0-031200-generic)
* Bad test results on the mainline 3.12.0 kernel:
$ echo "/t { dbus, }" | sudo apparmor_parser -r
Warning from stdin (line 1): apparmor_parser: cannot use or update cache,
disable, or force-complain via stdin
* Good test results on the mainline 3.12.0 kernel with a patched
apparmor_parser:
$ echo "/t { dbus, }" | sudo apparmor_parser -r
Warning from stdin (line 1): apparmor_parser: cannot use or update cache,
disable, or force-complain via stdin
Warning from stdin (stdin line 2): profile /t dbus rules not enforced
* Reboot into Ubuntu 3.11.0-12-generic kernel
* Good test results on the Ubuntu 3.11.0-12-generic kernel with or without a
patched apparmor_parser:
$ echo "/t { dbus, }" | sudo apparmor_parser -r
Warning from stdin (line 1): apparmor_parser: cannot use or update cache,
disable, or force-complain via stdin
* Verify that dbus mediation occurs under the Ubuntu 3.11.0-12-generic kernel:
$ echo "profile nodbus { file, }" | sudo apparmor_parser -rq
$ dbus-send --print-reply --system --dest=org.freedesktop.DBus
/org/freedesktop/DBus org.freedesktop.DBus.ListNames | head
method return sender=org.freedesktop.DBus -> dest=:1.51 reply_serial=2
array [
string "org.freedesktop.DBus"
...
$ aa-exec -p nodbus -- dbus-send --print-reply --system
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
Failed to open connection to "system" message bus: An AppArmor policy
prevents this sender from sending this message to this recipient, 0 matched
rules; type="method_call", sender="(null)" (inactive)
interface="org.freedesktop.DBus" member="Hello" error name="(unset)"
requested_reply="0" destination="org.freedesktop.DBus" (bus)
[Regression Potential]
* The regression potential is minor because the fix is small and easy to
test
[Original Bug Report]
Note that apparmor_parser warns that the dbus rule(s) will not be
enforced and then loads the binary policy without any dbus rules.
Lubuntu 13.10 installed from daily image have wifi not working, even
with BT disabled.
confirmed by stuw on IRC at Sun Sep 22
15:40 < stuw> iz1glg, I saw similar problem, but I don't know the reason and
solution.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1231778
Title:
wifi not working on Saucy Salamander
To manage notifications about this bug go to:
https://bugs.launchpad.net/ac100/+bug/1231778/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
