[apparmor] [patch] Fix serialize_profile_from_old_profiles() to not crash on "@{var} +="

Steve Beattie steve at nxnw.org
Wed Apr 15 19:20:07 UTC 2015 

On Wed, Apr 08, 2015 at 11:06:23PM +0200, Christian Boltz wrote:
> serialize_profile_from_old_profiles() calls store_list_var() with an
> empty hasher. This fails for "+=" because in this case store_list_var()
> expects a non-empty hasher with the variable already defined, and raises
> an exception because of the empty hasher.
> 
> This patch sets "correct = False" if a "+=" operation appears, which
> means the variable will be written in "clean" mode instead.
> 
> Adding proper support for "add to variable" needs big changes (like
> storing a variable's "history" - where it was initially defined and what
> got added where).
> 
> 
> I propose this patch for trunk and 2.9.
> 
> 
> [ 35-fix-serialize_profile_from_old_profiles-variable-add.diff ]

FYI, even with this patch and patch 33 applied, the tools will still
crash when parsing a profile that extends an existing variable that's
defined in an include file (like something under tunables/) like so:

  # Last Modified: Wed Apr 15 10:06:49 2015
  #include <tunables/global>

  @{MY_BINS}=/bin/false
  @{MY_BINS}+=/bin/true
  @{HOMEDIRS}+=/data/home

  /home/ubuntu/tmp/hello_world.sh {
    ...
    [SNIP]

  Reading log entries from /var/log/syslog.
  Updating AppArmor profiles in /etc/apparmor.d.
  Traceback (most recent call last):
  File "./aa-logprof", line 46, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/ubuntu/bzr/apparmor/utils/apparmor/aa.py", line 2280, in do_logprof_pass
    read_profiles()
  File "/home/ubuntu/bzr/apparmor/utils/apparmor/aa.py", line 2599, in read_profiles
    read_profile(profile_dir + '/' + file, True)
  File "/home/ubuntu/bzr/apparmor/utils/apparmor/aa.py", line 2625, in read_profile
    profile_data = parse_profile_data(data, file, 0)
  File "/home/ubuntu/bzr/apparmor/utils/apparmor/aa.py", line 2848, in parse_profile_data
    store_list_var(filelist[file]['lvar'], list_var, value, var_operation, file)
  File "/home/ubuntu/bzr/apparmor/utils/apparmor/aa.py", line 3275, in store_list_var
    raise AppArmorException(_('Values added to a non-existing variable %(variable)s: %(value)s in %(file)s') % { 'variable': list_var, 'value': value, 'file': filename })
  apparmor.common.AppArmorException: u'Values added to a non-existing variable @{HOMEDIRS}: /data/home in /etc/apparmor.d/home.ubuntu.tmp.hello_world.sh'


-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150415/670b7f73/attachment.pgp>

More information about the AppArmor mailing list