2.8beta1 bugs with minimization enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Medium
|
John Johansen | ||
Precise |
Fix Released
|
Medium
|
John Johansen |
Bug Description
With minimization enabled, test-apparmor.py fails in various places. One failure is the following, which causes a kernel NULL pointer dereference:
$ sudo /sbin/apparmor_
This is worked around with the following:
$ sudo /sbin/apparmor_
Additionally, with minimization in effect, the python environment filtering tests fail, but with no denials in the log. Eg:
=======
FAIL: test_envfilter_
Test python environment filtering (PYTHONPATH)
-------
...
IOError: invalid Python installation: unable to open /usr/include/
In addition to the above, some pam_apparmor tests also fail:
=======
FAIL: test_pam_
Test pam (order=
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: Got exit code 0, expected 1
you read me
=======
FAIL: test_pam_
Test pam (order=
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: Got exit code 0, expected 1
you read me
=======
FAIL: test_pam_
Test pam (order=
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: Got exit code 0, expected 1
you read me
=======
FAIL: test_pam_
Test pam (order=
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: Got exit code 0, expected 1
you read me
=======
FAIL: test_pam_
Test pam (order=
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: Got exit code 0, expected 1
you read me
Disabling minimization allows these to complete.
Related branches
Changed in apparmor (Ubuntu): | |
assignee: | nobody → John Johansen (jjohansen) |
importance: | Undecided → Medium |
milestone: | none → ubuntu-12.04 |
status: | New → Confirmed |
summary: |
- 2.8beta1 doesn't always work with minimization enabled + 2.8beta1 bugs with minimization enabled |
description: | updated |
tags: | added: regression-release rls-p-tracking |
As mentioned, disabling minimization fixes the issue and all upstream and QRT tests pass. This is a viable workaround for beta1 and the development release as this only:
* slows down policy generation when the binary cache is out of date
* uses slightly more in-kernel memory after policy load
In other words, this does not adversely affect the system or boot performance under normal circumstances.