aa-genprof traceback with apparmor 2.8.95
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Marc Deslauriers |
Bug Description
[impact]
This bug makes it difficult for trusty users to use the apparmor policy utilities.
[steps to reproduce]
See below
[regression potential]
This issue is being addressed by updating the python utilities to the version in apparmor 2.9.2 as tracked in bug 1449769. This represents are large change which would normally be risky; however, these changes are isolated to the python utils (so no changes to the policy parser/loader or enforcement), there are a large number of bugs that exist in the trusty version that make using the tools difficult, so it would be difficult to regress further, and the updated version includes many new unit tests to try to prevent from regressions from occurring.
[additional info]
The python utils testsuite is run as part of the test-apparmor.py test
script in lp:qa-regression-testing. The test-apparmor.py also has
additional basic usage tests to ensure that basic functionality is
maintained. These tests are run as part of the process fro each kernel
update.
[original description]
In a terminal, I run:
$ sudo aa-genprof /usr/bin/empathy
...
[(S)can system log for AppArmor events] / (F)inish
At this point, I start empathy, then stop it.
Now I go back to the terminal:
<press S>
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "/usr/sbin/
lp_ret = apparmor.
File "/usr/lib/
read_profiles()
File "/usr/lib/
read_
File "/usr/lib/
profile_data = parse_profile_
File "/usr/lib/
filelist[
TypeError: 'bool' object does not support item assignment
If I run it again, I get a different traceback:
Traceback (most recent call last):
File "/usr/sbin/
lp_ret = apparmor.
File "/usr/lib/
read_profiles()
File "/usr/lib/
read_
File "/usr/lib/
profile_data = parse_profile_
File "/usr/lib/
raise AppArmorExcepti
apparmor.
/etc/apparmor.
# v2 compatible wildly permissive profile
profile "zz_unconfined" {
capability,
network,
/** rwlkm,
/** pix,
# TODO: when dbus hits:
dbus,
}
Related branches
Changed in apparmor (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in apparmor (Ubuntu Trusty): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in apparmor: | |
milestone: | none → 2.9.0 |
Changed in apparmor (Ubuntu Trusty): | |
status: | Fix Released → Confirmed |
tags: | added: trusty |
description: | updated |
Changed in apparmor (Ubuntu): | |
importance: | Undecided → Medium |
Here is /etc/apparmor and /etc/apparmor.d