[apparmor] [Bug 652674] Re: logprof doesn't handle log messages without denied or requested masks correctly
sbeattie at ubuntu.com
Thu Mar 17 18:34:50 UTC 2011
Closing the apparmor 2.5 task, apparmor 2.5.2 was released.
** Changed in: apparmor/2.5
Status: Fix Committed => Fix Released
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
logprof doesn't handle log messages without denied or requested masks
Status in AppArmor Linux application security framework:
Status in AppArmor 2.5 series:
Status in “apparmor” package in Ubuntu:
Status in “apparmor” source package in Lucid:
Status in “apparmor” source package in Maverick:
Status in “apparmor” source package in Natty:
1. when loading, unloading and replacing policy, AppArmor leaves a
message in kern.log. When aa-logprof encounters this, it will spew
many confusing warning messages.
2. The bug has not been addressed in the development branch (natty is
not open yet)
3. Patch is from r1440 of 2.5 branch (linked to this bug)
4. TEST CASE:
$ echo 'Oct 14 07:14:13 bug652674 kernel: [ 5.429706] type=1400 audit(1287058453.835:9): apparmor="STATUS" operation="profile_load" name="/usr/share/gdm/guest-session/Xsession" pid=1201 comm="apparmor_parser"' > /tmp/log
$ sudo aa-logprof -f /tmp/log # may be prompted to enable the repository. Choose 'Ask later'
5. The regression potential is considered low. The fix does not affect
the boot or shutdown process.
Binary package hint: apparmor
When aa-logprof runs into log messages that don't have denied or
requested masks, like the following status message, it ends up trying
to perform a string operation on an undefined variable which causes
warnings to be printed to the console.
[ 9.633452] type=1400 audit(1285899118.285:5):
apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient3"
I'm attaching a patch to fix this.
DistroRelease: Ubuntu 10.10
Package: apparmor 2.5.1~rc1-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.35-22.33-generic 184.108.40.206
Uname: Linux 2.6.35-22-generic x86_64
Date: Thu Sep 30 21:16:25 2010
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release Candidate amd64 (20100928)
More information about the AppArmor