[Bug 1577051] Re: aa-logprof fails with unknown mode "reweive"

[Tyler Hicks]

** Description changed:

+ [Impact]
+ 
+ AppArmor policy developers cannot use aa-logprof without it exiting with
+ a traceback on certain denial messages.
+ 
+ [Test Case]
+ 
+ $ echo 'Apr 30 21:53:05 nova kernel: [24668.960760] audit: \
+ type=1400 audit(1462045985.636:2154): apparmor="DENIED" \
+ operation="file_perm" profile="foo" pid=12529 comm="java" \
+ laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 fport=52308 \
+ family="inet6" sock_type="stream" ^Cotocol=6 requested_mask="receive"  \
+ denied_mask="receive"' > /tmp/log
+ $ mkdir -p /tmp/profiles && printf "profile foo {\n}" > /tmp/profiles/foo
+ $ aa-logprof -f /tmp/log -d /tmp/profiles
+ 
+ Expected output of the last command is:
+ 
+ Reading log entries from /tmp/log.
+ Updating AppArmor profiles in /tmp/profiles.
+ 
+ [Regression Potential]
+ 
+ There is little potential for regression. This "hotfix" could result in
+ some slight confusion because the problematic denial messages will
+ simply be ignored but it allows aa-logprof to do its intended job
+ without unexpectedly exiting.
+ 
+ [Original Report]
+ 
  Ubuntu 16.04.
  
  Profiling apache tomcat.
-  
- 1) aa-genprof on the catalina.sh script that is used to start and stop 
tomcat. 
- 2) Start and stop tomcat. 
+ 
+ 1) aa-genprof on the catalina.sh script that is used to start and stop tomcat.
+ 2) Start and stop tomcat.
  3) Scan and save the profile.
  4) aa-complain on the tomcat profile
  5) Start tomcat again and this time also send a http request to tomcat.
  6) Run aa-logprof which fails with this message
  
  Reading log entries from /var/log/syslog.
  Updating AppArmor profiles in /etc/apparmor.d.
  Traceback (most recent call last):
-   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in 
read_log
-     self.add_event_to_tree(event)
-   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in 
add_event_to_tree
-     e = self.parse_event_for_tree(e)
-   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in 
parse_event_for_tree
-     raise AppArmorException(_('Log contains unknown mode %s') % rmask)
+   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in 
read_log
+     self.add_event_to_tree(event)
+   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in 
add_event_to_tree
+     e = self.parse_event_for_tree(e)
+   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in 
parse_event_for_tree
+     raise AppArmorException(_('Log contains unknown mode %s') % rmask)
  apparmor.common.AppArmorException: 'Log contains unknown mode reweive'
  
  During handling of the above exception, another exception occurred:
  
  Traceback (most recent call last):
-   File "/usr/sbin/aa-logprof", line 50, in <module>
-     apparmor.do_logprof_pass(logmark)
-   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in 
do_logprof_pass
-     log = log_reader.read_log(logmark)
-   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in 
read_log
-     raise AppArmorBug(ex_msg)  # py3-only: from None
+   File "/usr/sbin/aa-logprof", line 50, in <module>
+     apparmor.do_logprof_pass(logmark)
+   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in 
do_logprof_pass
+     log = log_reader.read_log(logmark)
+   File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in 
read_log
+     raise AppArmorBug(ex_msg)  # py3-only: from None
  apparmor.common.AppArmorBug: Log contains unknown mode reweive
  
  This error was caused by the log line:
  Apr 30 21:53:05 nova kernel: [24668.960760] audit: type=1400 
audit(1462045985.636:2154): apparmor="ALLOWED" operation="file_perm" 
profile="/usr/local/apache-tomcat-8.0.33/bin/catalina.sh///usr/local/jdk1.8.0_92/bin/java"
 pid=12529 comm="java" laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 
fport=52308 family="inet6" sock_type="stream" protocol=6 
requested_mask="receive" denied_mask="receive"
- 
  
  An unexpected error occoured!
  
  For details, see /tmp/apparmor-bugreport-wj6gamog.txt
  Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
  and attach this file.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1577051

Title:
  aa-logprof fails with unknown mode "reweive"

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1577051/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs