[apparmor] [patch] Raise AppArmorBug on unknown request_mask in logparser.py

Christian Boltz apparmor at cboltz.de
Sat Dec 12 00:39:25 UTC 2015 

Hello,

Am Freitag, 11. Dezember 2015 schrieb Seth Arnold:
> On Fri, Dec 11, 2015 at 11:57:07PM +0100, Christian Boltz wrote:
> > An alternative solution would be a try/except game some levels /
> > function calls upwards so that the exception can print the original
> > log line causing the problem. That would probably need to happen in
> > read_log(), when calling self.add_event_to_tree().
> > 
> > How do you like this one?
> > 
> > # aa-logprof -f <(echo 'Dec 11 10:24:07 gw-dc01 kernel:
> > [2214272.912766] type=1400 audit(1449822247.549:21251):
> > apparmor="ALLOWED" operation="file_inherit"
> > profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate"
> > requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0') Reading log
> > entries from /dev/fd/63.
> > Updating AppArmor profiles in /etc/apparmor.d.
> > 
> > ERROR: Log contains unknown mode foo
> > 
> > This error was caused by the log line:
> > Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400
> > audit(1449822247.549:21251): apparmor="ALLOWED"
> > operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar"
> > pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo"
> > fsuid=0 ouid=0
> > 
> > 
> > The only disadvantage is that it doesn't include the bugreport hint
> > that comes with AppArmorBug ;-)
> 
> I like including the line. That gives someone something tangible to
> work with. Could it raise AppArmorBug instead of AppArmorException to
> retain the nice file-a-bug behaviour?

It could, but I wouldn't call it nice ;-)

# aa-logprof -f <(echo 'Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0
Reading log entries from /dev/fd/63.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 406, in read_log
    self.add_event_to_tree(event)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 206, in add_event_to_tree
    e = self.parse_event_for_tree(e)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 307, in parse_event_for_tree
    raise AppArmorException(_('Log contains unknown mode %s') % rmask)
apparmor.common.AppArmorException: 'Log contains unknown mode foo'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "aa-logprof", line 50, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 2270, in do_logprof_pass
    log = log_reader.read_log(logmark)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 410, in read_log
    {'msg': e.value, 'logline': line})
apparmor.common.AppArmorBug: Log contains unknown mode foo

This error was caused by the log line:
Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0


An unexpected error occoured!

For details, see /tmp/apparmor-bugreport-pgr5fo96.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.


(yes, I tested this before sending the patch ;-)


Regards,

Christian Boltz
-- 
Mails mit durchgängiger Kleinschreibung sind sehr, sehr viel schneller
bearbeitet als mit Groß-Klein-Schreibung.
Weil sie nämlich *SOFORT* in die Tonne wandern und *NIEMALS* beantwortet
werden! Es ist eine Frechheit, anderen so einen Sch****dreck zuzumuten.
[Ratti in suse-linux]

More information about the AppArmor mailing list