Bug #1540562 “aa-genprof crashes in logparser NoneType has no “r...” : Bugs : AppArmor

Revision history for this message

Chad Miller (cmiller) wrote on 2016-02-01:

#1

apparmor-bugreport-hvz0m8s0.txt Edit (70.8 KiB, text/plain)
ApparmorPackages.txt Edit (420 bytes, text/plain; charset="utf-8")
ApparmorStatusOutput.txt Edit (11.0 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (2.2 KiB, text/plain; charset="utf-8")
KernLog.txt Edit (107.1 MiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (322 bytes, text/plain; charset="utf-8")
PstreeP.txt Edit (32.6 KiB, text/plain; charset="utf-8")
Syslog.txt Edit (185.9 KiB, text/plain; charset="utf-8")

Revision history for this message

Christian Boltz (cboltz) wrote on 2016-02-01:

#2

Relevant log line (profile name changed to make reproducing easier):

Feb 1 14:34:25 zippy kernel: [55870.767873] audit: type=1400 audit(1454355265.041:133046): apparmor="ALLOWED" operation="file_receive" profile="/usr/sbin/smbd" pid=28265 comm="RosettaStoneDae" family="inet" sock_type="stream" protocol=6

tags:

added: aa-tools

Revision history for this message

Chad Miller (cmiller) wrote on 2016-02-01:

#3

e dict that causes problem: {'task': 0, 'info': None, 'attr': None, 'denied_mask': None, 'time': 1454361312, 'parent': 0, 'name': None, 'active_hat': None, 'resource': None, 'request_mask': None, 'pid': 31472, 'operation': 'file_receive', 'name2': None, 'error_code': 0, 'magic_token': 0, 'profile': 'null-complain-profile', 'aamode': 'PERMITTING'}

probably due to one of these

kernel: [61917.812680] audit: type=1400 audit(1454361312.425:636563): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-94//null-96//null-99" pid=31472 comm="WineApp" family="inet" sock_type="stream" protocol=6

kernel: [61917.812683] audit: type=1400 audit(1454361312.425:636564): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-93" pid=31472 comm="WineApp" family="inet" sock_type="stream" protocol=6

kernel: [61917.812756] audit: type=1400 audit(1454361312.425:636569): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-94//null-96//null-99" pid=31472 comm="WineApp" family="inet6" sock_type="stream" protocol=6

kernel: [61917.812759] audit: type=1400 audit(1454361312.425:636570): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-93" pid=31472 comm="WineApp" family="inet6" sock_type="stream" protocol=6

Revision history for this message

Christian Boltz (cboltz) wrote on 2016-02-01:

#4

Yes, that's also what I found.

Patch sent to the mailinglist for review.

If you want to test it, get logparser.py from the bzr 2.10 branch (there were several fixes since 2.10) and around line 304, change

if e['operation'] in ['file_perm', 'file_inherit'] and not e['request_mask']:

to

if not e['request_mask']:

(that's the relevant part of the patch)

Revision history for this message

Christian Boltz (cboltz) wrote on 2016-02-10:

#5

Fix commited to bzr trunk r3368, 2.10 branch r3308 and 2.9 branch r2993.

Changed in apparmor:
assignee:	nobody → Christian Boltz (cboltz)
milestone:	none → 2.10.1
status:	New → Fix Committed
milestone:	2.10.1 → 2.11

Revision history for this message

Lee (lee-8) wrote on 2016-03-04:

#6

I note the original bug report was for Ubuntu 16.04. I've just experienced the exact same error (minor line number changes notwithstanding) as the original reporter.

I'm using 14.04.4 LTS and have 2.8.95~2430-0ubuntu5.3 installed. Will this fix come down the 2.8 branch for 14.04 LTS users, too, at some point?

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-04-11:

#7

Download full text (4.4 KiB)

This bug was fixed in the package apparmor - 2.10.95-0ubuntu1

---------------
apparmor (2.10.95-0ubuntu1) xenial; urgency=medium

  * Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
    - Allow Apache prefork profile to chown(2) files (LP: #1210514)
    - Allow deluge-gtk and deluge-console to handle torrents opened in
      browsers (LP: #1501913)
    - Allow file accesses needed by some programs using libnl-3-200
      (Closes: #810888)
    - Allow file accesses needed on systems that use NetworkManager without
      resolvconf (Closes: #813835)
    - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
    - Fix aa-logprof(8) crash when operating on files containing multiple
      profiles with certain rules (LP: #1528139)
    - Fix log parsing crashes, in the Python utilities, caused by certain file
      related events (LP: #1525119, LP: #1540562)
    - Fix log parsing crasher, in the Python utilities, caused by certain
      change_hat events (LP: #1523297)
    - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
      when Python 3 is not available (LP: #1513880)
    - Send aa-easyprof(8) error messages to stderr instead of stdout
      (LP: #1521400)
    - Fix aa-autodep(8) failure when the shebang line of a script contained
      parameters (LP: #1505775)
    - Don't depend on the system logprof.conf when running utils/ build tests
      (LP: #1393979)
    - Fix apparmor_parser(8) bugs when parsing profiles that use policy
      namespaces in the profile declaration or profile transition targets
      (LP: #1540666, LP: #1544387)
    - Regression fix for apparmor_parser(8) bug that resulted in the
      --namespace-string commandline option being ignored causing profiles to
      be loaded into the root policy namespace (LP: #1526085)
    - Fix crasher regression in apparmor_parser(8) when the parser was asked
      to process a directory (LP: #1534405)
    - Fix bug in apparmor_parser(8) to honor the specified bind flags remount
      rules (LP: #1272028)
    - Support tarball generation for Coverity scans and fix a number of issues
      discovered by Coverity
    - Fix regression test failures on s390x systems (LP: #1531325)
    - Adjust expected errno values in changeprofile regression test
      (LP: #1559705)
    - The Python utils gained support for ptrace and signal rules
    - aa-exec(8) received a rewrite in C
    - apparmor_parser(8) gained support for stacking multiple profiles, as
      supported by the Xenial kernel (LP: #1379535)
    - libapparmor gained new public interfaces, aa_stack_profile(2) and
      aa_stack_onexec(2), allowing applications to utilize the new kernel
      stacking support (LP: #1379535)
  * Drop the following patches since they've been incorporated upstream:
    - aa-status-dont_require_python3-apparmor.patch
    - r3209-dnsmasq-allow-dash
    - r3227-locale-indep-capabilities-sorting.patch
    - r3277-update-python-abstraction.patch
    - r3366-networkd.patch,
    - tests-fix_sysctl_test.patch
    - parser-fix-cache-file-mtime-regression.patch
    - parser-verify-cache-file-mtime.patch
    - parser-run-caching-tests-without-apparmorfs.patch
    - pa...

This bug was fixed in the package apparmor - 2.10.95-0ubuntu1

---------------
apparmor (2.10.95-0ubuntu1) xenial; urgency=medium

* Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
    - Allow Apache prefork profile to chown(2) files (LP: #1210514)
    - Allow deluge-gtk and deluge-console to handle torrents opened in
      browsers (LP: #1501913)
    - Allow file accesses needed by some programs using libnl-3-200
      (Closes: #810888)
    - Allow file accesses needed on systems that use NetworkManager without
      resolvconf (Closes: #813835)
    - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
    - Fix aa-logprof(8) crash when operating on files containing multiple
      profiles with certain rules (LP: #1528139)
    - Fix log parsing crashes, in the Python utilities, caused by certain file
      related events (LP: #1525119, LP: #1540562)
    - Fix log parsing crasher, in the Python utilities, caused by certain
      change_hat events (LP: #1523297)
    - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
      when Python 3 is not available (LP: #1513880)
    - Send aa-easyprof(8) error messages to stderr instead of stdout
      (LP: #1521400)
    - Fix aa-autodep(8) failure when the shebang line of a script contained
      parameters (LP: #1505775)
    - Don't depend on the system logprof.conf when running utils/ build tests
      (LP: #1393979)
    - Fix apparmor_parser(8) bugs when parsing profiles that use policy
      namespaces in the profile declaration or profile transition targets
      (LP: #1540666, LP: #1544387)
    - Regression fix for apparmor_parser(8) bug that resulted in the
      --namespace-string commandline option being ignored causing profiles to
      be loaded into the root policy namespace (LP: #1526085)
    - Fix crasher regression in apparmor_parser(8) when the parser was asked
      to process a directory (LP: #1534405)
    - Fix bug in apparmor_parser(8) to honor the specified bind flags remount
      rules (LP: #1272028)
    - Support tarball generation for Coverity scans and fix a number of issues
      discovered by Coverity
    - Fix regression test failures on s390x systems (LP: #1531325)
    - Adjust expected errno values in changeprofile regression test
      (LP: #1559705)
    - The Python utils gained support for ptrace and signal rules
    - aa-exec(8) received a rewrite in C
    - apparmor_parser(8) gained support for stacking multiple profiles, as
      supported by the Xenial kernel (LP: #1379535)
    - libapparmor gained new public interfaces, aa_stack_profile(2) and
      aa_stack_onexec(2), allowing applications to utilize the new kernel
      stacking support (LP: #1379535)
  * Drop the following patches since they've been incorporated upstream:
    - aa-status-dont_require_python3-apparmor.patch
    - r3209-dnsmasq-allow-dash
    - r3227-locale-indep-capabilities-sorting.patch
    - r3277-update-python-abstraction.patch
    - r3366-networkd.patch,
    - tests-fix_sysctl_test.patch
    - parser-fix-cache-file-mtime-regression.patch
    - parser-verify-cache-file-mtime.patch
    - parser-run-caching-tests-without-apparmorfs.patch
    - parser-do-cleanup-when-test-was-skipped.patch
    - parser-allow-unspec-in-network-rules.patch
  * debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update
    for new upstream binutils directory and aa-enabled binary
    - Continue installing aa-exec into /usr/sbin/ for now since
      click-apparmor's aa-exec-click autopkgtest expects it to be there
  * debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man
    page
  * debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file
    access needed for nscd's paranoia mode
  * debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the
    regression test build time checks, for libapparmor stacking support, to
    look for the 2.10.95 versioning rather than 2.11
  * debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch:
    Remove extra slash in the parser Makefile so that debugedit(8) can work on
    apparmor_parser(8) (LP: #1561939)
  * debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file
    rules of the new stacking tests so that the generated profiles allow the
    system binaries and libraries to be tested
  * debian/libapparmor1.symbols: update symbols file for added symbols
    in libapparmor

-- Tyler Hicks <tyhicks@canonical.com>  Sat, 09 Apr 2016 01:35:25 -0500

Changed in apparmor (Ubuntu):
status:	New → Fix Released

Revision history for this message

Christian Boltz (cboltz) wrote on 2016-12-06:

#8

"Real fix" (which decides about file vs. network instead of ignoring these events) implemented in bzr trunk r3594 and 2.10 branch r3369 (will be in 2.10.2).

Christian Boltz (cboltz) on 2017-01-10

Changed in apparmor:
status:	Fix Committed → Fix Released

AppArmor

aa-genprof crashes in logparser NoneType has no "replace"

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to	Milestone
AppArmor	Fix Released	Undecided	Christian Boltz	AppArmor 2.11
2.10	Fix Released	Undecided	Christian Boltz	AppArmor 2.10.1
2.9	Fix Released	Undecided	Christian Boltz	AppArmor 2.9.3
apparmor (Ubuntu)	Fix Released	Undecided	Unassigned