Ubuntu
apparmor package

aa-genprof fails in an lxd instance

Bug #1785391 reported by Seth Arnold
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Undecided
Christian Boltz
apparmor (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Hello, aa-genprof doesn't run well within an lxd instance:

lxd init # if needed
...
lxc launch ubuntu:18.04
...
lxc exec something -- bash
apt-get install apparmor-utils
aa-genprof something

root@healthy-fly:~# aa-genprof nginx
Writing updated profile for /usr/sbin/nginx.
Setting /usr/sbin/nginx to complain mode.
Traceback (most recent call last):
  File "/usr/sbin/aa-genprof", line 123, in <module>
    sysctl_write(ratelimit_sysctl, 0)
  File "/usr/sbin/aa-genprof", line 44, in sysctl_write
    with open(path, 'w') as f_out:
PermissionError: [Errno 13] Permission denied: '/proc/sys/kernel/printk_ratelimit'

An unexpected error occoured!

For details, see /tmp/apparmor-bugreport-1dp0cm5x.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.

<pre>Traceback (most recent call last):
  File "/usr/sbin/aa-genprof", line 123, in &lt;module>
    sysctl_write(ratelimit_sysctl, 0)
  File "/usr/sbin/aa-genprof", line 44, in sysctl_write
    with open(path, 'w') as f_out:
PermissionError: [Errno 13] Permission denied: '/proc/sys/kernel/printk_ratelimit'
</pre>

Thanks

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: apparmor-utils 2.12-4ubuntu5
ProcVersionSignature: Ubuntu 4.15.0-29.31-generic 4.15.18
Uname: Linux 4.15.0-29-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
Date: Sat Aug 4 12:01:07 2018
KernLog:

ProcEnviron:
 TERM=rxvt-unicode-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.15.0-29-generic root=UUID=7b8c2e1b-d2e6-47d9-9030-c078e9701a1d ro quiet splash crashkernel=384M-2G:128M,2G-:256M crashkernel=384M-2G:128M,2G-:256M crashkernel=384M-2G:128M,2G-:256M crashkernel=384M-2G:128M,2G-:256M vt.handoff=1
SourcePackage: apparmor
Syslog: Aug 4 11:39:33 healthy-fly dbus-daemon[196]: [system] AppArmor D-Bus mediation is enabled
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Seth Arnold (seth-arnold) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Funny enough, aa-logprof doesn't work well in a guest on my system either:

# aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.

This could be because the host system is running auditd.

I have no idea what happens if the host isn't running auditd.

Thanks

Revision history for this message
Christian Boltz (cboltz) wrote :

https://gitlab.com/apparmor/apparmor/merge_requests/157

For aa-logprof - a) what exactly is the problem and b) please answer in a separate bugreport ;-)

Changed in apparmor:
status: New → Triaged
assignee: nobody → Christian Boltz (cboltz)
Christian Boltz (cboltz)
Changed in apparmor:
status: Triaged → Fix Committed
Revision history for this message
Christian Boltz (cboltz) wrote :

Fix commited to 2.10 branch..master

For the aa-logprof issue you mentioned, please answer my question in a new bugreport ;-)

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Christian Boltz (cboltz)
Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.