AppArmor python tools fail to parse mounts with UTF-8 non-ascii characters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Unassigned | ||
2.9 |
Fix Released
|
Medium
|
Unassigned | ||
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[impact]
This bug prevents users with mount points that contain non-ascii UTF_8 characters in their names from easily seeing the status of their apparmor policy.
[steps to reproduce]
1) create mount point with non-ascii characters in it
2) run aa-status; if fixed it should not crash
[regression potential]
This issue is being addressed by updating the python utilities to the
version in apparmor 2.9.2 as tracked in bug 1449769. This represents are
large change which would normally be risky; however, these changes are
isolated to the python utils (so no changes to the policy parser/loader
or enforcement), there are a large number of bugs that exist in the
trusty version that make using the tools difficult, so it would be
difficult to regress further, and the updated version includes many new
unit tests to try to prevent from regressions from occurring.
[additional info]
The python utils testsuite is run as part of the test-apparmor.py test
script in lp:qa-regression-testing. The test-apparmor.py also has
additional basic usage tests to ensure that basic functionality is
maintained. These tests are run as part of the process fro each kernel
update.
[original description]
Version:
14.04 Fresh Install.
$ uname -a
Linux alain-Desktop 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
AppArmor crashes with this stack trace:
PythonArgs: ['/usr/
Traceback:
Traceback (most recent call last):
File "/usr/sbin/
commands[
File "/usr/sbin/
if get_profiles() == {}:
File "/usr/sbin/
apparmorfs = find_apparmorfs()
File "/usr/sbin/
for p in open("/
File "/usr/lib/
return codecs.
UnicodeDecodeE
That is because I have a UTF-8 non-Ascii character in one of my mounts:
$ mount
/dev/sdb1 on / type ext4 (rw,errors=
proc on /proc type proc (rw,noexec,
sysfs on /sys type sysfs (rw,noexec,
(...)
/dev/sda6 on /home/alain/Vidéos type ext4 (rw,relatime,
(...)
The Python code of aastatus near line 135 shows:
def find_apparmorfs():
'''Finds AppArmor mount point'''
for p in open("/
if p.split()[2] == "securityfs" and \
return os.path.
return False
So if I do:
$ cat /proc/mounts
rootfs / rootfs rw 0 0
sysfs /sys sysfs rw,nosuid,
(...)
/dev/sda6 /home/alain/ ext4 rw,relatime,
(...)
There is indeed a line with a 'é'
UTF-8 code of the 'é' is 0xC3 0xA9
But apparently the call to .readlines() is set as ASCII and hence does NOT support the 0xC3 (first byte of the 'é' in UTF-8) and then it crashes.
I assume the solution could be to correctly read as UTF-8 as there are some non-Americans/
Sorry my knowledge of Python is just enough to understand the bug, and not enough to submit a patch.
Regards.
Alain
Changed in apparmor: | |
importance: | Undecided → Medium |
Changed in apparmor (Ubuntu): | |
importance: | Undecided → Medium |
Changed in apparmor: | |
status: | Confirmed → Triaged |
Changed in apparmor (Ubuntu): | |
status: | Confirmed → Triaged |
summary: |
- AppArmor fails to parse mounts with UTF-8 non-ascii characters + AppArmor python tools fail to parse mounts with UTF-8 non-ascii + characters |
tags: | added: tools |
tags: |
added: aa-tools removed: tools |
description: | updated |
I'm afraid this will take more significant modifications than simply reading in utf-8 -- users in Russia or China or Japan may have mountpoints named using KOI-8, Big-5, Shift-JIS, etc., that can't be parsed as utf-8.
I suspect we'll need to read in the mounts as an array of bytes, split based on newlines, and search for the bytes that make up "securityfs" and "apparmor".
Thanks