[apparmor] [patch] Raise AppArmorBug on unknown request_mask in logparser.py
Steve Beattie
steve at nxnw.org
Thu Jan 7 11:11:01 UTC 2016
On Sat, Dec 12, 2015 at 01:39:25AM +0100, Christian Boltz wrote:
> Hello,
>
> Am Freitag, 11. Dezember 2015 schrieb Seth Arnold:
> > On Fri, Dec 11, 2015 at 11:57:07PM +0100, Christian Boltz wrote:
> > > An alternative solution would be a try/except game some levels /
> > > function calls upwards so that the exception can print the original
> > > log line causing the problem. That would probably need to happen in
> > > read_log(), when calling self.add_event_to_tree().
> > >
> > > How do you like this one?
> > >
> > > # aa-logprof -f <(echo 'Dec 11 10:24:07 gw-dc01 kernel:
> > > [2214272.912766] type=1400 audit(1449822247.549:21251):
> > > apparmor="ALLOWED" operation="file_inherit"
> > > profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate"
> > > requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0') Reading log
> > > entries from /dev/fd/63.
> > > Updating AppArmor profiles in /etc/apparmor.d.
> > >
> > > ERROR: Log contains unknown mode foo
> > >
> > > This error was caused by the log line:
> > > Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400
> > > audit(1449822247.549:21251): apparmor="ALLOWED"
> > > operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar"
> > > pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo"
> > > fsuid=0 ouid=0
> > >
> > >
> > > The only disadvantage is that it doesn't include the bugreport hint
> > > that comes with AppArmorBug ;-)
> >
> > I like including the line. That gives someone something tangible to
> > work with. Could it raise AppArmorBug instead of AppArmorException to
> > retain the nice file-a-bug behaviour?
>
> It could, but I wouldn't call it nice ;-)
>
> # aa-logprof -f <(echo 'Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0
> Reading log entries from /dev/fd/63.
> Updating AppArmor profiles in /etc/apparmor.d.
> Traceback (most recent call last):
> File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 406, in read_log
> self.add_event_to_tree(event)
> File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 206, in add_event_to_tree
> e = self.parse_event_for_tree(e)
> File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 307, in parse_event_for_tree
> raise AppArmorException(_('Log contains unknown mode %s') % rmask)
> apparmor.common.AppArmorException: 'Log contains unknown mode foo'
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File "aa-logprof", line 50, in <module>
> apparmor.do_logprof_pass(logmark)
> File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 2270, in do_logprof_pass
> log = log_reader.read_log(logmark)
> File "/home/cb/apparmor/HEAD-clean/utils/apparmor/logparser.py", line 410, in read_log
> {'msg': e.value, 'logline': line})
> apparmor.common.AppArmorBug: Log contains unknown mode foo
>
> This error was caused by the log line:
> Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0
>
>
> An unexpected error occoured!
>
> For details, see /tmp/apparmor-bugreport-pgr5fo96.txt
> Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
> and attach this file.
>
>
> (yes, I tested this before sending the patch ;-)
Sigh, yet another difference in behavior between python2 and python3.
For python2, this happens when AppArmorBug is used instead:
$ PYTHON_PATH=. python2 aa-logprof -f <(echo 'Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0')
Reading log entries from /dev/fd/63.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/home/steve/bzr/apparmor-master/utils/apparmor/aa.py", line 2239, in do_logprof_pass
log = log_reader.read_log(logmark)
File "/home/steve/bzr/apparmor-master/utils/apparmor/logparser.py", line 409, in read_log
{'msg': e.value, 'logline': line})
AppArmorBug: Log contains unknown mode foo
This error was caused by the log line:
Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0
An unexpected error occoured!
For details, see /home/steve/tmp/apparmor-bugreport-Is8nzM.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
$
So, for AppArmor 2.9 and 2.10, I'm fine with either AppArmorException or
AppArmorBug being raised (i.e. Acked-by: Steve Beattie <steve at nxnw.org>
for your choice, whether you want the enhanced reporting with the
drawback of the double trace, or not).
For trunk/upcoming 2.11, I proposed that we use the following python 3
only syntax:
[ 38-more-useful-logparser-failure-reports.diff ]
---
utils/apparmor/logparser.py | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
Index: b/utils/apparmor/logparser.py
===================================================================
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -17,7 +17,7 @@ import re
import sys
import time
import LibAppArmor
-from apparmor.common import AppArmorException, open_file_read, DebugLogger
+from apparmor.common import AppArmorException, AppArmorBug, open_file_read, DebugLogger
from apparmor.aamode import validate_log_mode, log_str_to_mode, hide_log_mode, AA_MAY_EXEC
@@ -398,7 +398,12 @@ class ReadLog:
event = self.parse_log_record(line)
#print(event)
if event:
- self.add_event_to_tree(event)
+ try:
+ self.add_event_to_tree(event)
+ except AppArmorException as e:
+ # Drop the original AppArmorException by passing None as the parent exception
+ raise AppArmorBug('%(msg)s\n\nThis error was caused by the log line:\n%(logline)s' %
+ {'msg': e.value, 'logline': line}) from None
self.LOG.close()
self.logmark = ''
return self.log
This results in the following:
$ PYTHON_PATH=. python3 aa-logprof -f <(echo 'Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0')
Reading log entries from /dev/fd/63.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
File "aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/home/steve/bzr/apparmor-master/utils/apparmor/aa.py", line 2239, in do_logprof_pass
log = log_reader.read_log(logmark)
File "/home/steve/bzr/apparmor-master/utils/apparmor/logparser.py", line 406, in read_log
{'msg': e.value, 'logline': line}) from None
apparmor.common.AppArmorBug: Log contains unknown mode foo
This error was caused by the log line:
Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400 audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit"
profile="/usr/sbin/smbd" name="/foo/bar" pid=7112 comm="nsupdate" requested_mask="foo" denied_mask="foo" fsuid=0 ouid=0
An unexpected error occoured!
For details, see /home/steve/tmp/apparmor-bugreport-4x8opc6i.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
$
Which is what I think you desire. But it also means we need to get
serious about making the code base python3 only (e.g. use pyflakes3
instead of pyflakes, etc.).
What do you think?
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160107/4faed707/attachment.pgp>
More information about the AppArmor
mailing list