** Description changed:
+ [Impact]
+
+ AppArmor policy developers cannot use aa-logprof without it exiting with
+ a traceback on certain denial messages.
+
+ [Test Case]
+
+ $ echo 'type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED" \
+ operation="file_perm" profile="foo" pid=13215 comm="apache2" \
+ laddr=::ffff:192.168.1.100 lport=80 faddr=::ffff:192.168.1.100 fport=45658 \
+ family="inet6" sock_type="stream" protocol=6 requested_mask="send" \
+ denied_mask="send"' > /tmp/log
+ $ mkdir -p /tmp/profiles && printf "profile foo {\n}" > /tmp/profiles/foo
+ $ aa-logprof -f /tmp/log -d /tmp/profiles
+
+ Expected output of the last command is:
+
+ Reading log entries from /tmp/log.
+ Updating AppArmor profiles in /tmp/profiles.
+
+ [Regression Potential]
+
+ There is little potential for regression. This "hotfix" could result in
+ some slight confusion because the problematic denial messages will
+ simply be ignored but it allows aa-logprof to do its intended job
+ without unexpectedly exiting.
+
+ [Original Report]
+
Ref #1243932. Same title but appears to be different cause.
Ubuntu 16.04. Error thrown on 'sudo aa-logprof'
Python 3.5.1+: /usr/bin/python3
Mon May 16 20:13:30 2016
A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.
- /usr/sbin/aa-logprof in <module>()
- 42
- 43 if profiledir:
- 44 apparmor.profile_dir = apparmor.get_full_path(profiledir)
- 45 if not os.path.isdir(apparmor.profile_dir):
- 46 raise apparmor.AppArmorException("%s is not a
directory."%profiledir)
- 47
- 48 apparmor.loadincludes()
- 49
- 50 apparmor.do_logprof_pass(logmark)
- 51
+ /usr/sbin/aa-logprof in <module>()
+ 42
+ 43 if profiledir:
+ 44 apparmor.profile_dir = apparmor.get_full_path(profiledir)
+ 45 if not os.path.isdir(apparmor.profile_dir):
+ 46 raise apparmor.AppArmorException("%s is not a
directory."%profiledir)
+ 47
+ 48 apparmor.loadincludes()
+ 49
+ 50 apparmor.do_logprof_pass(logmark)
+ 51
apparmor = <module 'apparmor.aa' from
'/usr/lib/python3/dist-packages/apparmor/aa.py'>
apparmor.do_logprof_pass = <function do_logprof_pass>
logmark = ''
- /usr/lib/python3/dist-packages/apparmor/aa.py in do_logprof_pass(logmark='',
passno=0, pid={13215: [['unknown_hat', 13215, '/usr/sbin/apache2',
'null-www.xxxxxxxxxx.co.uk', 'PERMITTING', 'null-www.xxxxxxxxxx.co.uk'],
['path', 13215, 'null-complain-profile', 'null-complain-profile', 'HINT',
'PERMITTING', {'::r', 'r'}, '/proc/13215/attr/current', '']], 13697: [['path',
13697, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING',
{'::a', '::w', 'a', 'w'}, '/proc/13697/attr/current', '']]})
- 2184 ## repo_cfg = read_config('repository.conf')
- 2185 ## if not repo_cfg['repository'].get('enabled', False) or
repo_cfg['repository]['enabled'] not in ['yes', 'no']:
- 2186 ## UI_ask_to_enable_repo()
- 2187
- 2188 log_reader = apparmor.logparser.ReadLog(pid, logfile,
existing_profiles, profile_dir, log)
- 2189 log = log_reader.read_log(logmark)
- 2190 #read_log(logmark)
- 2191
- 2192 for root in log:
- 2193 handle_children('', '', root)
+ /usr/lib/python3/dist-packages/apparmor/aa.py in do_logprof_pass(logmark='',
passno=0, pid={13215: [['unknown_hat', 13215, '/usr/sbin/apache2',
'null-www.xxxxxxxxxx.co.uk', 'PERMITTING', 'null-www.xxxxxxxxxx.co.uk'],
['path', 13215, 'null-complain-profile', 'null-complain-profile', 'HINT',
'PERMITTING', {'::r', 'r'}, '/proc/13215/attr/current', '']], 13697: [['path',
13697, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING',
{'::a', '::w', 'a', 'w'}, '/proc/13697/attr/current', '']]})
+ 2184 ## repo_cfg = read_config('repository.conf')
+ 2185 ## if not repo_cfg['repository'].get('enabled', False) or
repo_cfg['repository]['enabled'] not in ['yes', 'no']:
+ 2186 ## UI_ask_to_enable_repo()
+ 2187
+ 2188 log_reader = apparmor.logparser.ReadLog(pid, logfile,
existing_profiles, profile_dir, log)
+ 2189 log = log_reader.read_log(logmark)
+ 2190 #read_log(logmark)
+ 2191
+ 2192 for root in log:
+ 2193 handle_children('', '', root)
global log = [[['path', 13697, 'null-complain-profile',
'null-complain-profile', 'HINT', 'PERMITTING', {'::a', '::w', 'a', 'w'},
'/proc/13697/attr/current', '']], [['unknown_hat', 13215, '/usr/sbin/apache2',
'null-www.po4management.co.uk', 'PERMITTING', 'null-www.xxxxxxxxxx.co.uk'],
['path', 13215, 'null-complain-profile', 'null-complain-profile', 'HINT',
'PERMITTING', {'::r', 'r'}, '/proc/13215/attr/current', '']]]
log_reader = <apparmor.logparser.ReadLog object>
log_reader.read_log = <bound method ReadLog.read_log of
<apparmor.logparser.ReadLog object>>
logmark = ''
- /usr/lib/python3/dist-packages/apparmor/logparser.py in
read_log(self=<apparmor.logparser.ReadLog object>, logmark='')
- 402 self.add_event_to_tree(event)
- 403 except AppArmorException as e:
- 404 ex_msg = ('%(msg)s\n\nThis error was caused by the
log line:\n%(logline)s' %
- 405 {'msg': e.value, 'logline': line})
- 406 # when py3 only: Drop the original
AppArmorException by passing None as the parent exception
- 407 raise AppArmorBug(ex_msg) # py3-only: from None
- 408
- 409 self.LOG.close()
- 410 self.logmark = ''
- 411 return self.log
+ /usr/lib/python3/dist-packages/apparmor/logparser.py in
read_log(self=<apparmor.logparser.ReadLog object>, logmark='')
+ 402 self.add_event_to_tree(event)
+ 403 except AppArmorException as e:
+ 404 ex_msg = ('%(msg)s\n\nThis error was caused by the
log line:\n%(logline)s' %
+ 405 {'msg': e.value, 'logline': line})
+ 406 # when py3 only: Drop the original
AppArmorException by passing None as the parent exception
+ 407 raise AppArmorBug(ex_msg) # py3-only: from None
+ 408
+ 409 self.LOG.close()
+ 410 self.logmark = ''
+ 411 return self.log
global AppArmorBug = <class 'apparmor.common.AppArmorBug'>
ex_msg = 'Log contains unknown mode senw\n\nThis error was c...otocol=6
requested_mask="send" denied_mask="send"'
AppArmorBug: Log contains unknown mode senw
This error was caused by the log line:
type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED"
operation="file_perm" profile="/usr/sbin/apache2//null-www.xxxxxxxxxx.co.uk"
pid=13215 comm="apache2" laddr=::ffff:192.168.1.100 lport=80
faddr=::ffff:192.168.1.100 fport=45658 family="inet6" sock_type="stream"
protocol=6 requested_mask="send" denied_mask="send"
- __cause__ = None
- __class__ = <class 'apparmor.common.AppArmorBug'>
- __context__ = AppArmorException('Log contains unknown mode senw',)
- __delattr__ = <method-wrapper '__delattr__' of AppArmorBug object>
- __dict__ = {}
- __dir__ = <built-in method __dir__ of AppArmorBug object>
- __doc__ = 'This class represents AppArmor exceptions "that should never
happen"'
- __eq__ = <method-wrapper '__eq__' of AppArmorBug object>
- __format__ = <built-in method __format__ of AppArmorBug object>
- __ge__ = <method-wrapper '__ge__' of AppArmorBug object>
- __getattribute__ = <method-wrapper '__getattribute__' of AppArmorBug
object>
- __gt__ = <method-wrapper '__gt__' of AppArmorBug object>
- __hash__ = <method-wrapper '__hash__' of AppArmorBug object>
- __init__ = <method-wrapper '__init__' of AppArmorBug object>
- __le__ = <method-wrapper '__le__' of AppArmorBug object>
- __lt__ = <method-wrapper '__lt__' of AppArmorBug object>
- __module__ = 'apparmor.common'
- __ne__ = <method-wrapper '__ne__' of AppArmorBug object>
- __new__ = <built-in method __new__ of type object>
- __reduce__ = <built-in method __reduce__ of AppArmorBug object>
- __reduce_ex__ = <built-in method __reduce_ex__ of AppArmorBug object>
- __repr__ = <method-wrapper '__repr__' of AppArmorBug object>
- __setattr__ = <method-wrapper '__setattr__' of AppArmorBug object>
- __setstate__ = <built-in method __setstate__ of AppArmorBug object>
- __sizeof__ = <built-in method __sizeof__ of AppArmorBug object>
- __str__ = <method-wrapper '__str__' of AppArmorBug object>
- __subclasshook__ = <built-in method __subclasshook__ of type object>
- __suppress_context__ = False
- __traceback__ = <traceback object>
- __weakref__ = None
- args = ('Log contains unknown mode senw\n\nThis error was c...otocol=6
requested_mask="send" denied_mask="send"',)
- with_traceback = <built-in method with_traceback of AppArmorBug object>
+ __cause__ = None
+ __class__ = <class 'apparmor.common.AppArmorBug'>
+ __context__ = AppArmorException('Log contains unknown mode senw',)
+ __delattr__ = <method-wrapper '__delattr__' of AppArmorBug object>
+ __dict__ = {}
+ __dir__ = <built-in method __dir__ of AppArmorBug object>
+ __doc__ = 'This class represents AppArmor exceptions "that should never
happen"'
+ __eq__ = <method-wrapper '__eq__' of AppArmorBug object>
+ __format__ = <built-in method __format__ of AppArmorBug object>
+ __ge__ = <method-wrapper '__ge__' of AppArmorBug object>
+ __getattribute__ = <method-wrapper '__getattribute__' of AppArmorBug
object>
+ __gt__ = <method-wrapper '__gt__' of AppArmorBug object>
+ __hash__ = <method-wrapper '__hash__' of AppArmorBug object>
+ __init__ = <method-wrapper '__init__' of AppArmorBug object>
+ __le__ = <method-wrapper '__le__' of AppArmorBug object>
+ __lt__ = <method-wrapper '__lt__' of AppArmorBug object>
+ __module__ = 'apparmor.common'
+ __ne__ = <method-wrapper '__ne__' of AppArmorBug object>
+ __new__ = <built-in method __new__ of type object>
+ __reduce__ = <built-in method __reduce__ of AppArmorBug object>
+ __reduce_ex__ = <built-in method __reduce_ex__ of AppArmorBug object>
+ __repr__ = <method-wrapper '__repr__' of AppArmorBug object>
+ __setattr__ = <method-wrapper '__setattr__' of AppArmorBug object>
+ __setstate__ = <built-in method __setstate__ of AppArmorBug object>
+ __sizeof__ = <built-in method __sizeof__ of AppArmorBug object>
+ __str__ = <method-wrapper '__str__' of AppArmorBug object>
+ __subclasshook__ = <built-in method __subclasshook__ of type object>
+ __suppress_context__ = False
+ __traceback__ = <traceback object>
+ __weakref__ = None
+ args = ('Log contains unknown mode senw\n\nThis error was c...otocol=6
requested_mask="send" denied_mask="send"',)
+ with_traceback = <built-in method with_traceback of AppArmorBug object>
The above is a description of an error in a Python program. Here is
the original traceback:
Traceback (most recent call last):
- File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in
read_log
- self.add_event_to_tree(event)
- File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in
add_event_to_tree
- e = self.parse_event_for_tree(e)
- File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in
parse_event_for_tree
- raise AppArmorException(_('Log contains unknown mode %s') % rmask)
+ File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in
read_log
+ self.add_event_to_tree(event)
+ File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in
add_event_to_tree
+ e = self.parse_event_for_tree(e)
+ File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in
parse_event_for_tree
+ raise AppArmorException(_('Log contains unknown mode %s') % rmask)
apparmor.common.AppArmorException: 'Log contains unknown mode senw'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
- File "/usr/sbin/aa-logprof", line 50, in <module>
- apparmor.do_logprof_pass(logmark)
- File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in
do_logprof_pass
- log = log_reader.read_log(logmark)
- File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in
read_log
- raise AppArmorBug(ex_msg) # py3-only: from None
+ File "/usr/sbin/aa-logprof", line 50, in <module>
+ apparmor.do_logprof_pass(logmark)
+ File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in
do_logprof_pass
+ log = log_reader.read_log(logmark)
+ File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in
read_log
+ raise AppArmorBug(ex_msg) # py3-only: from None
apparmor.common.AppArmorBug: Log contains unknown mode senw
This error was caused by the log line:
type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED"
operation="file_perm" profile="/usr/sbin/apache2//null-www.xxxxxxxxxx.co.uk"
pid=13215 comm="apache2" laddr=::ffff:192.168.1.100 lport=80
faddr=::ffff:192.168.1.100 fport=45658 family="inet6" sock_type="stream"
protocol=6 requested_mask="send" denied_mask="send"
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Medium
** Changed in: apparmor (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: apparmor (Ubuntu Xenial)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: apparmor (Ubuntu Xenial)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1582374
Title:
Log contains unknown mode senw
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1582374/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
