Python utils lack support for bare capability rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Tyler Hicks | ||
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The new aa.py module does not handle a bare capability rule and emits a traceback.
$ mkdir /tmp/profs
$ printf "profile cap {\n capability,\n}" >/tmp/profs/cap
$ sudo ./aa-enforce -d /tmp/profs /tmp/profs/cap
Traceback (most recent call last):
File "./aa-enforce", line 30, in <module>
tool.
File "/var/scm/
apparmor.
File "/var/scm/
read_
File "/var/scm/
profile_data = parse_profile_
File "/var/scm/
raise AppArmorExcepti
apparmor.
Changed in apparmor (Ubuntu): | |
status: | In Progress → Triaged |
Changed in apparmor: | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Tyler Hicks (tyhicks) |
summary: |
- Python utils don't support bare capability rules + Python utils lack support for bare capability rules |
description: | updated |
Changed in apparmor: | |
status: | In Progress → Fix Committed |
Changed in apparmor: | |
milestone: | none → 2.9.0 |
This bug was fixed in the package apparmor - 2.8.95~ 2430-0ubuntu3
--------------- 2430-0ubuntu3) trusty; urgency=medium
apparmor (2.8.95~
[ Jamie Strandboge ] lib/apparmor/ functions: properly calculate number of profiles in lib/apparmor/ profiles (LP: #1295816) notify/ 90apparmor- notify notify/ apparmor- notify. desktop apparmor- notify. install: adjust for the above apparmor- notify. maintscript to remove 90apparmor-notify notify/ notify. conf: use_group should be set to "sudo" instead of
* debian/
/var/
* autostart aa-notify via /etc/xdg/autostart instead of /etc/X11/Xsession.d
(LP: #1288241)
- remove debian/
- add debian/
- debian/
- add debian/
* debian/
"admin" (LP: #1009666)
[ Tyler Hicks ] patches/ initialize- mount-flags. patch: Initialize the variables patches/ fix-typo- in-dbus_ write.patch: Fix a bug in the patches/ limited- mount-rule- support. patch: Fix a bug in the patches/ bare-capability -rule-support. patch: Fix a bug in the patches/ check-config- for-sysctl. patch, patches/ increase- swap-size. patch: Fix bugs in the regression test patches/ test-v6- policy. patch, patches/ test-mount- mediation. patch: Improve the regression tests
* debian/
containing mount rule flags to zero. Otherwise, the parser may set
unexpected bits in the mount flags field for rules that do not specify
mount flags. The uninitialized mount flag variables may have caused
unexpected AppArmor denials during mount mediation. (LP: #1296459)
* debian/
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to write out network rules instead of dbus rules
* debian/
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a mount rule (LP: #1294825)
* debian/
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a bare capability rule
(LP: #1294819)
* debian/
debian/
suite that caused errors when running on ppc64el
* debian/
debian/
by increasing the mount rule test coverage
-- Tyler Hicks <email address hidden> Thu, 27 Mar 2014 14:12:29 -0500