** No longer affects: linuxmint
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1577051
Title:
aa-logprof fails with unknown mode "reweive"
Status in AppArmor:
Confirmed
Status in apparmor package in Ubuntu:
Fix Released
Status in apparmor source package in Xenial:
Fix Committed
Bug description:
[Impact]
AppArmor policy developers cannot use aa-logprof without it exiting
with a traceback on certain denial messages.
[Test Case]
$ echo 'Apr 30 21:53:05 nova kernel: [24668.960760] audit: \
type=1400 audit(1462045985.636:2154): apparmor="DENIED" \
operation="file_perm" profile="foo" pid=12529 comm="java" \
laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 fport=52308 \
family="inet6" sock_type="stream" ^Cotocol=6 requested_mask="receive" \
denied_mask="receive"' > /tmp/log
$ mkdir -p /tmp/profiles && printf "profile foo {\n}" > /tmp/profiles/foo
$ aa-logprof -f /tmp/log -d /tmp/profiles
Expected output of the last command is:
Reading log entries from /tmp/log.
Updating AppArmor profiles in /tmp/profiles.
[Regression Potential]
There is little potential for regression. This "hotfix" could result
in some slight confusion because the problematic denial messages will
simply be ignored but it allows aa-logprof to do its intended job
without unexpectedly exiting.
[Original Report]
Ubuntu 16.04.
Profiling apache tomcat.
1) aa-genprof on the catalina.sh script that is used to start and stop tomcat.
2) Start and stop tomcat.
3) Scan and save the profile.
4) aa-complain on the tomcat profile
5) Start tomcat again and this time also send a http request to tomcat.
6) Run aa-logprof which fails with this message
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in
read_log
self.add_event_to_tree(event)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in
add_event_to_tree
e = self.parse_event_for_tree(e)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in
parse_event_for_tree
raise AppArmorException(_('Log contains unknown mode %s') % rmask)
apparmor.common.AppArmorException: 'Log contains unknown mode reweive'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in
do_logprof_pass
log = log_reader.read_log(logmark)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in
read_log
raise AppArmorBug(ex_msg) # py3-only: from None
apparmor.common.AppArmorBug: Log contains unknown mode reweive
This error was caused by the log line:
Apr 30 21:53:05 nova kernel: [24668.960760] audit: type=1400
audit(1462045985.636:2154): apparmor="ALLOWED" operation="file_perm"
profile="/usr/local/apache-tomcat-8.0.33/bin/catalina.sh///usr/local/jdk1.8.0_92/bin/java"
pid=12529 comm="java" laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1
fport=52308 family="inet6" sock_type="stream" protocol=6
requested_mask="receive" denied_mask="receive"
An unexpected error occoured!
For details, see /tmp/apparmor-bugreport-wj6gamog.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1577051/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
