aa-mergeprof: act() mergeprofiles.clear_common() call crashes

Bug #1382236 reported by Christian Boltz on 2014-10-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Low
Christian Boltz

Bug Description

aa-mergeprof around line 120:

def act(files, merge_mode, merging_profile):
    mergeprofiles = Merge(files)
    #Get rid of common/superfluous stuff
    mergeprofiles.clear_common()

crashes with

 Traceback (most recent call last):
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 764, in <module>
     main()
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 114, in main
     act([user_file, base_file, None], 2, profile_name)
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 123, in act
     mergeprofiles.clear_common()
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 191, in clear_common
     deleted += user_base.compare_profiles()
   File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/cleanprofile.py", line 42, in compare_profiles
     deleted += self.remove_duplicate_rules(profile)
   File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/cleanprofile.py", line 72, in remove_duplicate_rules
     deleted += delete_path_duplicates(self.profile.aa[program][hat], self.other.aa[program][hat], 'allow', self.same_file)
   File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/cleanprofile.py", line 107, in delete_path_duplicates
     profile_other[allow]['path'].pop(entry)
 KeyError: '/etc/postfix/ssl/certs/mail.pem'

As a workaround, I temporarily disabled the mergeprofiles.clear_common() call.

Steve Beattie (sbeattie) on 2014-10-21
Changed in apparmor:
status: New → Triaged
importance: Undecided → Low
Christian Boltz (cboltz) wrote :

Fixed (calling clear_common() re-enabled) in r3542 as part of the FileRule patch series.

Changed in apparmor:
milestone: none → 2.11
assignee: nobody → Christian Boltz (cboltz)
status: Triaged → Fix Committed
Christian Boltz (cboltz) on 2017-01-10
Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers