[apparmor] [Bug 652674] Re: logprof doesn't handle log messages without denied or requested masks correctly

Steve Beattie sbeattie at ubuntu.com
Thu Mar 17 18:34:50 UTC 2011

Closing the apparmor 2.5 task, apparmor 2.5.2 was released.

** Changed in: apparmor/2.5
       Status: Fix Committed => Fix Released

You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.

  logprof doesn't handle log messages without denied or requested masks

Status in AppArmor Linux application security framework:
  Fix Released
Status in AppArmor 2.5 series:
  Fix Released
Status in “apparmor” package in Ubuntu:
  Fix Released
Status in “apparmor” source package in Lucid:
  Fix Released
Status in “apparmor” source package in Maverick:
  Fix Released
Status in “apparmor” source package in Natty:
  Fix Released

Bug description:

  1. when loading, unloading and replacing policy, AppArmor leaves a
  message in kern.log. When aa-logprof encounters this, it will spew
  many confusing warning messages.

  2. The bug has not been addressed in the development branch (natty is
  not open yet)

  3. Patch is from r1440 of 2.5 branch (linked to this bug)

  $ echo 'Oct 14 07:14:13 bug652674 kernel: [ 5.429706] type=1400 audit(1287058453.835:9): apparmor="STATUS" operation="profile_load" name="/usr/share/gdm/guest-session/Xsession" pid=1201 comm="apparmor_parser"' > /tmp/log
  $ sudo aa-logprof -f /tmp/log # may be prompted to enable the repository. Choose 'Ask later'

  5. The regression potential is considered low. The fix does not affect
  the boot or shutdown process.

  Binary package hint: apparmor

  When aa-logprof runs into log messages that don't have denied or
  requested masks, like the following status message, it ends up trying
  to perform a string operation on an undefined variable which causes
  warnings to be printed to the console.

      [    9.633452] type=1400 audit(1285899118.285:5):
  apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient3"
  pid=912 comm="apparmor_parser"

  I'm attaching a patch to fix this.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: apparmor 2.5.1~rc1-0ubuntu2
  ProcVersionSignature: Ubuntu 2.6.35-22.33-generic
  Uname: Linux 2.6.35-22-generic x86_64
  NonfreeKernelModules: nvidia
  Architecture: amd64
  Date: Thu Sep 30 21:16:25 2010
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release Candidate amd64 (20100928)
   PATH=(custom, user)
  SourcePackage: apparmor

More information about the AppArmor mailing list