aa-logprof: Log contains unknown mode senw
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Tyler Hicks | ||
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Tyler Hicks |
Bug Description
[Impact]
* aa-logprof does not work when dbus rule denials are present in the logs
[Automated Test Case]
* test_lp1243932_
[Manual Test Case]
* Load a profile that does not grant D-Bus access and create a D-Bus denial. Then,
test aa-logprof.
$ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
$ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
--dest=
Failed to open connection to "system" message bus: An AppArmor policy prevents this
sender from sending this message to this recipient, 0 matched rules;
type=
member="Hello" error name="(unset)" requested_reply="0"
destination=
$ aa-logprof -f /dev/null
Reading log entries from /dev/null.
Updating AppArmor profiles in /etc/apparmor.d.
An unpatched aa-logprof will print similar output followed by:
Log contains unknown mode senw.
[Regression Potential]
* The regression potential is low since aa-logprof currently refuses to work when D-Bus
denials are present. The fix is minimal and has been reviewed by upstream.
[Original Bug Report]
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED" operation=
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://
Changed in apparmor (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in apparmor (Ubuntu): | |
assignee: | nobody → Tyler Hicks (tyhicks) |
Changed in apparmor: | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Tyler Hicks (tyhicks) |
description: | updated |
description: | updated |
Changed in apparmor: | |
status: | In Progress → Fix Committed |
milestone: | none → 2.9.0 |
Changed in apparmor: | |
milestone: | 2.9.0 → 2.9.2 |
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
tags: | added: saucy trusty vivid |
Saucy patch 0063-utils- ignore- unsupported- rules.patch was written to ignore policy rules unknown to AppArmor.pm. What's missing is the corresponding patch to ignore unknown denials.
This isn't specific to dbus rules. See the patch mentioned above for the policy rule types that are unsupported by AppArmor.pm.