2016-04-30 20:30:32 |
Me |
bug |
|
|
added bug |
2016-04-30 20:30:32 |
Me |
attachment added |
|
apparmor-bugreport-s_69eqep.txt https://bugs.launchpad.net/bugs/1577051/+attachment/4652404/+files/apparmor-bugreport-s_69eqep.txt |
|
2016-05-01 15:53:10 |
Christian Boltz |
tags |
|
aa-tools |
|
2016-05-02 23:14:20 |
Seth Arnold |
bug task added |
|
apparmor (Ubuntu) |
|
2016-05-06 18:18:19 |
Launchpad Janitor |
apparmor (Ubuntu): status |
New |
Confirmed |
|
2016-05-06 18:22:47 |
lysdexia |
attachment added |
|
debug file generated by aa-logprof https://bugs.launchpad.net/apparmor/+bug/1577051/+attachment/4657410/+files/apparmor-bugreport-sen2n544.txt |
|
2016-05-06 18:32:22 |
lysdexia |
attachment added |
|
apparmor-bugreport-sen2n544.txt https://bugs.launchpad.net/apparmor/+bug/1577051/+attachment/4657421/+files/apparmor-bugreport-go3m8pjs.txt |
|
2016-05-06 21:00:29 |
Christian Boltz |
apparmor: status |
New |
Confirmed |
|
2016-05-15 01:03:08 |
killermagpie |
bug |
|
|
added subscriber killermagpie |
2016-05-20 13:24:54 |
Chris J Arges |
nominated for series |
|
Ubuntu Xenial |
|
2016-05-20 13:24:54 |
Chris J Arges |
bug task added |
|
apparmor (Ubuntu Xenial) |
|
2016-05-23 21:32:00 |
Launchpad Janitor |
branch linked |
|
lp:apparmor |
|
2016-05-23 21:32:32 |
Launchpad Janitor |
branch linked |
|
lp:apparmor/2.10 |
|
2016-05-23 21:33:05 |
Launchpad Janitor |
branch linked |
|
lp:apparmor/2.9 |
|
2016-05-27 03:45:31 |
Launchpad Janitor |
apparmor (Ubuntu Xenial): status |
New |
Confirmed |
|
2016-06-06 19:01:31 |
ruffsl |
bug |
|
|
added subscriber ruffsl |
2016-06-22 21:15:46 |
Niklas Janz |
bug |
|
|
added subscriber Niklas Janz |
2016-06-22 21:20:18 |
Niklas Janz |
attachment added |
|
apparmor-bugreport-z55swdas.txt https://bugs.launchpad.net/apparmor/+bug/1577051/+attachment/4688754/+files/apparmor-bugreport-z55swdas.txt |
|
2016-06-22 21:20:40 |
Niklas Janz |
attachment removed |
apparmor-bugreport-z55swdas.txt https://bugs.launchpad.net/apparmor/+bug/1577051/+attachment/4688754/+files/apparmor-bugreport-z55swdas.txt |
|
|
2016-06-29 21:46:01 |
James Parsons |
bug |
|
|
added subscriber James Parsons |
2016-07-01 10:13:56 |
Niklas Janz |
bug task added |
|
linuxmint |
|
2016-07-21 04:25:52 |
Launchpad Janitor |
branch linked |
|
lp:~apparmor-dev/apparmor/apparmor-ubuntu-citrain |
|
2016-07-28 10:38:34 |
Launchpad Janitor |
apparmor (Ubuntu): status |
Confirmed |
Fix Released |
|
2016-07-28 20:15:03 |
Tyler Hicks |
apparmor (Ubuntu Xenial): status |
Confirmed |
In Progress |
|
2016-07-28 20:15:09 |
Tyler Hicks |
apparmor (Ubuntu): importance |
Undecided |
Medium |
|
2016-07-28 20:15:12 |
Tyler Hicks |
apparmor (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2016-07-28 20:15:15 |
Tyler Hicks |
apparmor (Ubuntu Xenial): assignee |
|
Tyler Hicks (tyhicks) |
|
2016-07-28 20:15:18 |
Tyler Hicks |
apparmor (Ubuntu): assignee |
|
Tyler Hicks (tyhicks) |
|
2016-07-28 20:27:02 |
Tyler Hicks |
description |
Ubuntu 16.04.
Profiling apache tomcat.
1) aa-genprof on the catalina.sh script that is used to start and stop tomcat.
2) Start and stop tomcat.
3) Scan and save the profile.
4) aa-complain on the tomcat profile
5) Start tomcat again and this time also send a http request to tomcat.
6) Run aa-logprof which fails with this message
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in read_log
self.add_event_to_tree(event)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in add_event_to_tree
e = self.parse_event_for_tree(e)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in parse_event_for_tree
raise AppArmorException(_('Log contains unknown mode %s') % rmask)
apparmor.common.AppArmorException: 'Log contains unknown mode reweive'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in do_logprof_pass
log = log_reader.read_log(logmark)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in read_log
raise AppArmorBug(ex_msg) # py3-only: from None
apparmor.common.AppArmorBug: Log contains unknown mode reweive
This error was caused by the log line:
Apr 30 21:53:05 nova kernel: [24668.960760] audit: type=1400 audit(1462045985.636:2154): apparmor="ALLOWED" operation="file_perm" profile="/usr/local/apache-tomcat-8.0.33/bin/catalina.sh///usr/local/jdk1.8.0_92/bin/java" pid=12529 comm="java" laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 fport=52308 family="inet6" sock_type="stream" protocol=6 requested_mask="receive" denied_mask="receive"
An unexpected error occoured!
For details, see /tmp/apparmor-bugreport-wj6gamog.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file. |
[Impact]
AppArmor policy developers cannot use aa-logprof without it exiting with a traceback on certain denial messages.
[Test Case]
$ echo 'Apr 30 21:53:05 nova kernel: [24668.960760] audit: \
type=1400 audit(1462045985.636:2154): apparmor="DENIED" \
operation="file_perm" profile="foo" pid=12529 comm="java" \
laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 fport=52308 \
family="inet6" sock_type="stream" ^Cotocol=6 requested_mask="receive" \
denied_mask="receive"' > /tmp/log
$ mkdir -p /tmp/profiles && printf "profile foo {\n}" > /tmp/profiles/foo
$ aa-logprof -f /tmp/log -d /tmp/profiles
Expected output of the last command is:
Reading log entries from /tmp/log.
Updating AppArmor profiles in /tmp/profiles.
[Regression Potential]
There is little potential for regression. This "hotfix" could result in some slight confusion because the problematic denial messages will simply be ignored but it allows aa-logprof to do its intended job without unexpectedly exiting.
[Original Report]
Ubuntu 16.04.
Profiling apache tomcat.
1) aa-genprof on the catalina.sh script that is used to start and stop tomcat.
2) Start and stop tomcat.
3) Scan and save the profile.
4) aa-complain on the tomcat profile
5) Start tomcat again and this time also send a http request to tomcat.
6) Run aa-logprof which fails with this message
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in read_log
self.add_event_to_tree(event)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in add_event_to_tree
e = self.parse_event_for_tree(e)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in parse_event_for_tree
raise AppArmorException(_('Log contains unknown mode %s') % rmask)
apparmor.common.AppArmorException: 'Log contains unknown mode reweive'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in do_logprof_pass
log = log_reader.read_log(logmark)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in read_log
raise AppArmorBug(ex_msg) # py3-only: from None
apparmor.common.AppArmorBug: Log contains unknown mode reweive
This error was caused by the log line:
Apr 30 21:53:05 nova kernel: [24668.960760] audit: type=1400 audit(1462045985.636:2154): apparmor="ALLOWED" operation="file_perm" profile="/usr/local/apache-tomcat-8.0.33/bin/catalina.sh///usr/local/jdk1.8.0_92/bin/java" pid=12529 comm="java" laddr=::ffff:127.0.0.1 lport=8080 faddr=::ffff:127.0.0.1 fport=52308 family="inet6" sock_type="stream" protocol=6 requested_mask="receive" denied_mask="receive"
An unexpected error occoured!
For details, see /tmp/apparmor-bugreport-wj6gamog.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file. |
|
2016-07-28 21:42:52 |
Tyler Hicks |
bug |
|
|
added subscriber Tyler Hicks |
2016-07-29 07:05:29 |
Martin Pitt |
apparmor (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2016-07-29 07:05:37 |
Martin Pitt |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2016-07-29 07:05:51 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
2016-07-29 07:06:08 |
Martin Pitt |
tags |
aa-tools |
aa-tools verification-needed |
|
2016-07-29 09:52:23 |
Niklas Janz |
attachment added |
|
apparmor-bugreport-dxclyajj.txt https://bugs.launchpad.net/apparmor/+bug/1577051/+attachment/4709351/+files/apparmor-bugreport-dxclyajj.txt |
|
2016-07-30 16:06:24 |
Niklas Janz |
bug task deleted |
linuxmint |
|
|
2016-08-02 21:06:42 |
Tyler Hicks |
tags |
aa-tools verification-needed |
aa-tools verification-done |
|
2016-08-14 13:23:28 |
Christian Boltz |
apparmor: milestone |
|
2.11 |
|
2016-08-14 13:23:33 |
Christian Boltz |
apparmor: status |
Confirmed |
Fix Committed |
|
2016-08-16 19:54:00 |
Launchpad Janitor |
apparmor (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2016-08-16 19:54:12 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2016-12-06 21:37:11 |
Christian Boltz |
apparmor: assignee |
|
Christian Boltz (cboltz) |
|
2016-12-06 21:37:16 |
Christian Boltz |
nominated for series |
|
apparmor/2.10 |
|
2016-12-06 21:37:16 |
Christian Boltz |
bug task added |
|
apparmor/2.10 |
|
2016-12-06 21:37:22 |
Christian Boltz |
apparmor/2.10: status |
New |
Fix Committed |
|
2016-12-06 21:37:26 |
Christian Boltz |
apparmor/2.10: assignee |
|
Christian Boltz (cboltz) |
|
2016-12-06 21:37:28 |
Christian Boltz |
apparmor/2.10: milestone |
|
2.10.2 |
|
2017-01-10 20:36:26 |
Christian Boltz |
apparmor: status |
Fix Committed |
Fix Released |
|
2017-01-10 20:36:30 |
Christian Boltz |
apparmor/2.10: status |
Fix Committed |
Fix Released |
|