And if we add the same snippet to source_apparmor.py so we can run it
directly then we also don't reproduce this:
root@sec-noble-amd64:/usr/share/apport/package-hooks# tail
source_apparmor.py -n6
if __name__ == '__main__':
report = {}
add_info(report, None)
for key in report:
print('%s: %s' % (key, report[key].split('\n', 1)[0]))
root@sec-noble-amd64:/usr/share/apport/package-hooks# python3
source_apparmor.py
/usr/share/apport/package-hooks/source_apparmor.py:61: SyntaxWarning: invalid
escape sequence '\('
sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE)
ProcVersionSignature: Ubuntu 6.8.0-47.47-generic 6.8.12
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.8.0-47-generic
root=UUID=15a6fbdd-2b57-4890-803d-c6a103a6a00f ro console=tty1 console=ttyS0
KernLog: 2024-12-05T03:41:19.462683+00:00 sec-noble-amd64 kernel: audit:
type=1400 audit(1733370079.461:132): apparmor="STATUS"
operation="profile_replace" profile="unconfined"
name="/usr/lib/snapd/snap-confine" pid=923 comm="apparmor_parser"
Syslog:
ApparmorPackages: apparmor 4.0.1really4.0.1-0ubuntu0.24.04.3
ApparmorStatusOutput: apparmor module is loaded.
PstreeP: systemd(1)-+-ModemManager(7969)-+-{ModemManager}(7973)
But actually it is not a bug in apparmor - it is in apport itself - it has its
own version of the AppArmor log capturing bits in hookutils.py in
attach_mac_events() - the same regex is used there BUT it is used with
re.findall() which only returns the matching part of the regex - so these regex
patterns need to be updated to capture the rest of the line - something like:
mac_regex = r"^audit\(.*|apparmor.*|selinux.*|security.*"
mac_re = re.compile(mac_regex, re.IGNORECASE)
aa_regex = 'apparmor="DENIED".+?profile=([^ ]+?)[ ].*'
Should hopefully dtrt.
So I think this is bug is actually in the mysql-8.0 not apparmor (but am
not sure exactly how it is occurring as I am not that familiar with the
apport hook mechanism etc)
** Package changed: apparmor (Ubuntu) => apport (Ubuntu)
** Summary changed:
- apport hook source_apparmor.py shows only one word per line
+ apport hookutils.py only captures first word per line for KernLog
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/2090887
Title:
apport hookutils.py only captures first word per line for KernLog
Status in apport package in Ubuntu:
New
Bug description:
As can be seen in some bugs collecting KernLog.txt, such as
https://launchpadlibrarian.net/755520804/KernLog.txt from LP:
#2085412, or https://launchpadlibrarian.net/748024373/KernLog.txt from
LP: #2079912, only one word of each line is being shown:
Security
AppArmor
AppArmor
audit(
AppArmor
AppArmor
AppArmor
AppArmor
security
selinux
security
security
security
security
security
apparmor
I haven't reproduced this behavior myself locally, so wonder if the
reporters' kern.log files are odd, but I've seen this in several bug
reports. I thought it might be the stringify() routine but running
the apport hook manually on my own system, it works fine. Looking
through the source_apparmor.py file I notice the words are ones
matching the regular expression:
sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE)
report['KernLog'] = recent_kernlog(sec_re)
That can't be a coincidence. However, I don't see how the code would
produce this behavior, so no idea how to fix it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/2090887/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
