AppArmor

endless loop when writing profile with external child profile

Bug #1432865 reported by Christian Boltz on 2015-03-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	New	Undecided	Unassigned

Bug Description

Reported by Stallmanu on IRC:

Save this as one file in /etc/apparmor.d/:

/usr/lib64/thunderbird/thunderbird.sh {
/foo r,
}
profile /usr/lib64/thunderbird/thunderbird.sh///usr/lib64/thunderbird/thunderbird-bin {
/bar r,
}

Then run aa-logprof with this log line and allow access for /home/foo/:

type=AVC msg=audit(1426541576.775:281): apparmor="DENIED" operation="open" profile="/usr/lib64/thunderbird/thunderbird.sh" name="/home/foo/" pid=2564 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

When saving the profile, aa-logprof will die with an endless loop:

Traceback (most recent call last):
  File "../utils/aa-logprof", line 46, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 2313, in do_logprof_pass
    save_profiles()
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 2405, in save_profiles
    write_profile_ui_feedback(profile_name)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 4262, in write_profile_ui_feedback
    write_profile(profile)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 4282, in write_profile
    profile_string = serialize_profile(aa[profile], profile, serialize_options)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3720, in serialize_profile
    data += write_piece(profile_data, 0, name, name, include_flags)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3667, in write_piece
    data += list(map(lambda x: ' %s' % x, write_piece(profile_data, depth - 1, name, nhat, write_flags)))
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3667, in write_piece
    data += list(map(lambda x: ' %s' % x, write_piece(profile_data, depth - 1, name, nhat, write_flags)))
[... repeated lots of times ...]
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3667, in write_piece
    data += list(map(lambda x: ' %s' % x, write_piece(profile_data, depth - 1, name, nhat, write_flags)))
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3639, in write_piece
    data += write_rules(profile_data[name], depth + 1)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3622, in write_rules
    data += write_paths(prof_data, depth)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3605, in write_paths
    data += write_path_rules(prof_data, depth, 'allow')
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aa.py", line 3592, in write_path_rules
    modestr = mode_to_str(tmpmode)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aamode.py", line 210, in mode_to_str
    mode = flatten_mode(mode)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aamode.py", line 217, in flatten_mode
    user, other = split_mode(mode)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aamode.py", line 206, in split_mode
    other = AA_OTHER_REMOVE(other)
  File "/home/cb/apparmor/HEAD-clean/utils/apparmor/aamode.py", line 24, in AA_OTHER_REMOVE
    other = set()
RuntimeError: maximum recursion depth exceeded while calling a Python object

Tags:

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.