AppArmor

Bug #1691761
Activity log

Activity log for bug #1691761

Date	Who	What changed	Old value	New value	Message
2017-05-18 13:34:36	Mikhail Kurinnoi	bug			added bug
2017-05-18 13:35:45	Mikhail Kurinnoi	description	I play around confined init (disabled SECURITY_APPARMOR_UNCONFINED_INIT kernel config option). And faced one issue connected to apparmor utils. apparmor utils v 2.11.0 1) Kernel configured with disabled SECURITY_APPARMOR_UNCONFINED_INIT. 2) default profile not reloaded by user's default profile. 3) # ps aux -Z \| grep "default" ... default (-) root 2 0.0 0.0 0 0 ? S 16:16 0:00 [kthreadd] default (-) root 3 0.0 0.0 0 0 ? S 16:16 0:00 [ksoftirqd/0] ... 4) # aa-status Traceback (most recent call last): File "/usr/lib/python-exec/python3.4/aa-status", line 255, in <module> commands[cmd]() File "/usr/lib/python-exec/python3.4/aa-status", line 59, in cmd_verbose profiles = get_profiles() File "/usr/lib/python-exec/python3.4/aa-status", line 149, in get_profiles profiles[match.group(1)] = match.group(2) AttributeError: 'NoneType' object has no attribute 'group' 1) Kernel configured with disabled SECURITY_APPARMOR_UNCONFINED_INIT. 2) default profile reloaded by user's default profile, for example: profile default flags=(complain) {} 3) # ps aux -Z \| grep "default" ... default (complain) root 2 0.0 0.0 0 0 ? S 16:16 0:00 [kthreadd] default (complain) root 3 0.0 0.0 0 0 ? S 16:16 0:00 [ksoftirqd/0] ... 4) # aa-status ... 142 processes are in complain mode. default (2) default (3) ...	I play around confined init (disabled SECURITY_APPARMOR_UNCONFINED_INIT kernel config option). And faced one issue connected to apparmor utils. apparmor utils v 2.11.0 --------------------------------------------------------------------- 1) Kernel configured with disabled SECURITY_APPARMOR_UNCONFINED_INIT. 2) default profile not reloaded by user's default profile. 3) # ps aux -Z \| grep "default" ... default (-) root 2 0.0 0.0 0 0 ? S 16:16 0:00 [kthreadd] default (-) root 3 0.0 0.0 0 0 ? S 16:16 0:00 [ksoftirqd/0] ... 4) # aa-status Traceback (most recent call last): File "/usr/lib/python-exec/python3.4/aa-status", line 255, in <module> commands[cmd]() File "/usr/lib/python-exec/python3.4/aa-status", line 59, in cmd_verbose profiles = get_profiles() File "/usr/lib/python-exec/python3.4/aa-status", line 149, in get_profiles profiles[match.group(1)] = match.group(2) AttributeError: 'NoneType' object has no attribute 'group' --------------------------------------------------------------------- 1) Kernel configured with disabled SECURITY_APPARMOR_UNCONFINED_INIT. 2) default profile reloaded by user's default profile, for example: profile default flags=(complain) {} 3) # ps aux -Z \| grep "default" ... default (complain) root 2 0.0 0.0 0 0 ? S 16:16 0:00 [kthreadd] default (complain) root 3 0.0 0.0 0 0 ? S 16:16 0:00 [ksoftirqd/0] ... 4) # aa-status ... 142 processes are in complain mode. default (2) default (3) ...
2017-05-18 15:50:13	Christian Boltz	tags		aa-tools
2017-05-18 16:40:03	Mikhail Kurinnoi	attachment added		aa_broken_profiles https://bugs.launchpad.net/apparmor/+bug/1691761/+attachment/4879139/+files/aa_broken_profiles