[apparmor] apparmor_parser segfault

Tue Jan 11 22:55:33 UTC 2011

Hello,

Am Dienstag, 11. Januar 2011 schrieb John Johansen:
> yikes!  I remember the general set of commits that fixed this.  We
> really need to get suse on to a more recent version of the parser.

True words.

> I know we can pull the patches to fix this, but then you would be
> still be missing so many other improvements and fixes since
> 2.1.  The parser really has come a long ways since then (admittedly
> there is still a lot of improvements to come).

Please note that I'm using the AppArmor 2.5.1 packages from 
security:apparmor, and the backtrace was produced with those packages.

*argh*
re-reading this, I see that I have the wrong repo. ...:Factory is the 
correct (and up-to-date) repo. Sometimes the buildservice offers too 
much options :-/

And the good news: After switching to the ...:Factory repo (with a 
slightly newer 2.5.1 - probably with some more patches), I can't 
reproduce the apparmor_parser segfaults :-)

Sorry for the false/outdated alarm!

Those packages are SR'd to factory (SR 57745), but are waiting for some 
checks AFAIK, so they didn't enter Factory yet.

This means 11.4 will have AppArmor 2.5.1 for sure (well, 99%, as you 
never know if something strange happens...)

> If we could get a recent build of the parser up in the build service
> would that be an acceptable "fix"?

Fortunately this question is superfluous now :-) (unless you have other 
important fixes)

On the negative side, apache2-mod_apparmor fails to build:
https://build.opensuse.org/package/live_build_log?arch=x86_64&package=apache2-
mod_apparmor&project=security%3Aapparmor%3Afactory&repository=openSUSE_Factory

The error is "sys/immunix.h: No such file or directory", but the main 
problem is probably that the last change to this package happened more 
than 2 years ago :-( It would be nice if you could have a look at it and 
fix it (or update it to the newest version)...

Regards,

Christian Boltz
-- 
>In Yast2-System-Editor /etc/sysconfig-Dateien in 
>System-Kernel-MODULES_LOADED_ON_BOOT ide-scsi eintragen.
*JAUUUUUUUULLLLL* *ARRRGGHHHH*
Man reiche mir eine Klinik-Jahrespackung von $SCHMERZMITTEL!!!
[> Heinz Dittmar und David Haller in suse-linux]