| 2016-07-28 20:30:38 |
Tyler Hicks |
description |
Ref #1243932. Same title but appears to be different cause.
Ubuntu 16.04. Error thrown on 'sudo aa-logprof'
Python 3.5.1+: /usr/bin/python3
Mon May 16 20:13:30 2016
A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.
/usr/sbin/aa-logprof in <module>()
42
43 if profiledir:
44 apparmor.profile_dir = apparmor.get_full_path(profiledir)
45 if not os.path.isdir(apparmor.profile_dir):
46 raise apparmor.AppArmorException("%s is not a directory."%profiledir)
47
48 apparmor.loadincludes()
49
50 apparmor.do_logprof_pass(logmark)
51
apparmor = <module 'apparmor.aa' from '/usr/lib/python3/dist-packages/apparmor/aa.py'>
apparmor.do_logprof_pass = <function do_logprof_pass>
logmark = ''
/usr/lib/python3/dist-packages/apparmor/aa.py in do_logprof_pass(logmark='', passno=0, pid={13215: [['unknown_hat', 13215, '/usr/sbin/apache2', 'null-www.xxxxxxxxxx.co.uk', 'PERMITTING', 'null-www.xxxxxxxxxx.co.uk'], ['path', 13215, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::r', 'r'}, '/proc/13215/attr/current', '']], 13697: [['path', 13697, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::a', '::w', 'a', 'w'}, '/proc/13697/attr/current', '']]})
2184 ## repo_cfg = read_config('repository.conf')
2185 ## if not repo_cfg['repository'].get('enabled', False) or repo_cfg['repository]['enabled'] not in ['yes', 'no']:
2186 ## UI_ask_to_enable_repo()
2187
2188 log_reader = apparmor.logparser.ReadLog(pid, logfile, existing_profiles, profile_dir, log)
2189 log = log_reader.read_log(logmark)
2190 #read_log(logmark)
2191
2192 for root in log:
2193 handle_children('', '', root)
global log = [[['path', 13697, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::a', '::w', 'a', 'w'}, '/proc/13697/attr/current', '']], [['unknown_hat', 13215, '/usr/sbin/apache2', 'null-www.po4management.co.uk', 'PERMITTING', 'null-www.xxxxxxxxxx.co.uk'], ['path', 13215, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::r', 'r'}, '/proc/13215/attr/current', '']]]
log_reader = <apparmor.logparser.ReadLog object>
log_reader.read_log = <bound method ReadLog.read_log of <apparmor.logparser.ReadLog object>>
logmark = ''
/usr/lib/python3/dist-packages/apparmor/logparser.py in read_log(self=<apparmor.logparser.ReadLog object>, logmark='')
402 self.add_event_to_tree(event)
403 except AppArmorException as e:
404 ex_msg = ('%(msg)s\n\nThis error was caused by the log line:\n%(logline)s' %
405 {'msg': e.value, 'logline': line})
406 # when py3 only: Drop the original AppArmorException by passing None as the parent exception
407 raise AppArmorBug(ex_msg) # py3-only: from None
408
409 self.LOG.close()
410 self.logmark = ''
411 return self.log
global AppArmorBug = <class 'apparmor.common.AppArmorBug'>
ex_msg = 'Log contains unknown mode senw\n\nThis error was c...otocol=6 requested_mask="send" denied_mask="send"'
AppArmorBug: Log contains unknown mode senw
This error was caused by the log line:
type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED" operation="file_perm" profile="/usr/sbin/apache2//null-www.xxxxxxxxxx.co.uk" pid=13215 comm="apache2" laddr=::ffff:192.168.1.100 lport=80 faddr=::ffff:192.168.1.100 fport=45658 family="inet6" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send"
__cause__ = None
__class__ = <class 'apparmor.common.AppArmorBug'>
__context__ = AppArmorException('Log contains unknown mode senw',)
__delattr__ = <method-wrapper '__delattr__' of AppArmorBug object>
__dict__ = {}
__dir__ = <built-in method __dir__ of AppArmorBug object>
__doc__ = 'This class represents AppArmor exceptions "that should never happen"'
__eq__ = <method-wrapper '__eq__' of AppArmorBug object>
__format__ = <built-in method __format__ of AppArmorBug object>
__ge__ = <method-wrapper '__ge__' of AppArmorBug object>
__getattribute__ = <method-wrapper '__getattribute__' of AppArmorBug object>
__gt__ = <method-wrapper '__gt__' of AppArmorBug object>
__hash__ = <method-wrapper '__hash__' of AppArmorBug object>
__init__ = <method-wrapper '__init__' of AppArmorBug object>
__le__ = <method-wrapper '__le__' of AppArmorBug object>
__lt__ = <method-wrapper '__lt__' of AppArmorBug object>
__module__ = 'apparmor.common'
__ne__ = <method-wrapper '__ne__' of AppArmorBug object>
__new__ = <built-in method __new__ of type object>
__reduce__ = <built-in method __reduce__ of AppArmorBug object>
__reduce_ex__ = <built-in method __reduce_ex__ of AppArmorBug object>
__repr__ = <method-wrapper '__repr__' of AppArmorBug object>
__setattr__ = <method-wrapper '__setattr__' of AppArmorBug object>
__setstate__ = <built-in method __setstate__ of AppArmorBug object>
__sizeof__ = <built-in method __sizeof__ of AppArmorBug object>
__str__ = <method-wrapper '__str__' of AppArmorBug object>
__subclasshook__ = <built-in method __subclasshook__ of type object>
__suppress_context__ = False
__traceback__ = <traceback object>
__weakref__ = None
args = ('Log contains unknown mode senw\n\nThis error was c...otocol=6 requested_mask="send" denied_mask="send"',)
with_traceback = <built-in method with_traceback of AppArmorBug object>
The above is a description of an error in a Python program. Here is
the original traceback:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in read_log
self.add_event_to_tree(event)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in add_event_to_tree
e = self.parse_event_for_tree(e)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in parse_event_for_tree
raise AppArmorException(_('Log contains unknown mode %s') % rmask)
apparmor.common.AppArmorException: 'Log contains unknown mode senw'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in do_logprof_pass
log = log_reader.read_log(logmark)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in read_log
raise AppArmorBug(ex_msg) # py3-only: from None
apparmor.common.AppArmorBug: Log contains unknown mode senw
This error was caused by the log line:
type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED" operation="file_perm" profile="/usr/sbin/apache2//null-www.xxxxxxxxxx.co.uk" pid=13215 comm="apache2" laddr=::ffff:192.168.1.100 lport=80 faddr=::ffff:192.168.1.100 fport=45658 family="inet6" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" |
[Impact]
AppArmor policy developers cannot use aa-logprof without it exiting with a traceback on certain denial messages.
[Test Case]
$ echo 'type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED" \
operation="file_perm" profile="foo" pid=13215 comm="apache2" \
laddr=::ffff:192.168.1.100 lport=80 faddr=::ffff:192.168.1.100 fport=45658 \
family="inet6" sock_type="stream" protocol=6 requested_mask="send" \
denied_mask="send"' > /tmp/log
$ mkdir -p /tmp/profiles && printf "profile foo {\n}" > /tmp/profiles/foo
$ aa-logprof -f /tmp/log -d /tmp/profiles
Expected output of the last command is:
Reading log entries from /tmp/log.
Updating AppArmor profiles in /tmp/profiles.
[Regression Potential]
There is little potential for regression. This "hotfix" could result in some slight confusion because the problematic denial messages will simply be ignored but it allows aa-logprof to do its intended job without unexpectedly exiting.
[Original Report]
Ref #1243932. Same title but appears to be different cause.
Ubuntu 16.04. Error thrown on 'sudo aa-logprof'
Python 3.5.1+: /usr/bin/python3
Mon May 16 20:13:30 2016
A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.
/usr/sbin/aa-logprof in <module>()
42
43 if profiledir:
44 apparmor.profile_dir = apparmor.get_full_path(profiledir)
45 if not os.path.isdir(apparmor.profile_dir):
46 raise apparmor.AppArmorException("%s is not a directory."%profiledir)
47
48 apparmor.loadincludes()
49
50 apparmor.do_logprof_pass(logmark)
51
apparmor = <module 'apparmor.aa' from '/usr/lib/python3/dist-packages/apparmor/aa.py'>
apparmor.do_logprof_pass = <function do_logprof_pass>
logmark = ''
/usr/lib/python3/dist-packages/apparmor/aa.py in do_logprof_pass(logmark='', passno=0, pid={13215: [['unknown_hat', 13215, '/usr/sbin/apache2', 'null-www.xxxxxxxxxx.co.uk', 'PERMITTING', 'null-www.xxxxxxxxxx.co.uk'], ['path', 13215, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::r', 'r'}, '/proc/13215/attr/current', '']], 13697: [['path', 13697, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::a', '::w', 'a', 'w'}, '/proc/13697/attr/current', '']]})
2184 ## repo_cfg = read_config('repository.conf')
2185 ## if not repo_cfg['repository'].get('enabled', False) or repo_cfg['repository]['enabled'] not in ['yes', 'no']:
2186 ## UI_ask_to_enable_repo()
2187
2188 log_reader = apparmor.logparser.ReadLog(pid, logfile, existing_profiles, profile_dir, log)
2189 log = log_reader.read_log(logmark)
2190 #read_log(logmark)
2191
2192 for root in log:
2193 handle_children('', '', root)
global log = [[['path', 13697, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::a', '::w', 'a', 'w'}, '/proc/13697/attr/current', '']], [['unknown_hat', 13215, '/usr/sbin/apache2', 'null-www.po4management.co.uk', 'PERMITTING', 'null-www.xxxxxxxxxx.co.uk'], ['path', 13215, 'null-complain-profile', 'null-complain-profile', 'HINT', 'PERMITTING', {'::r', 'r'}, '/proc/13215/attr/current', '']]]
log_reader = <apparmor.logparser.ReadLog object>
log_reader.read_log = <bound method ReadLog.read_log of <apparmor.logparser.ReadLog object>>
logmark = ''
/usr/lib/python3/dist-packages/apparmor/logparser.py in read_log(self=<apparmor.logparser.ReadLog object>, logmark='')
402 self.add_event_to_tree(event)
403 except AppArmorException as e:
404 ex_msg = ('%(msg)s\n\nThis error was caused by the log line:\n%(logline)s' %
405 {'msg': e.value, 'logline': line})
406 # when py3 only: Drop the original AppArmorException by passing None as the parent exception
407 raise AppArmorBug(ex_msg) # py3-only: from None
408
409 self.LOG.close()
410 self.logmark = ''
411 return self.log
global AppArmorBug = <class 'apparmor.common.AppArmorBug'>
ex_msg = 'Log contains unknown mode senw\n\nThis error was c...otocol=6 requested_mask="send" denied_mask="send"'
AppArmorBug: Log contains unknown mode senw
This error was caused by the log line:
type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED" operation="file_perm" profile="/usr/sbin/apache2//null-www.xxxxxxxxxx.co.uk" pid=13215 comm="apache2" laddr=::ffff:192.168.1.100 lport=80 faddr=::ffff:192.168.1.100 fport=45658 family="inet6" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send"
__cause__ = None
__class__ = <class 'apparmor.common.AppArmorBug'>
__context__ = AppArmorException('Log contains unknown mode senw',)
__delattr__ = <method-wrapper '__delattr__' of AppArmorBug object>
__dict__ = {}
__dir__ = <built-in method __dir__ of AppArmorBug object>
__doc__ = 'This class represents AppArmor exceptions "that should never happen"'
__eq__ = <method-wrapper '__eq__' of AppArmorBug object>
__format__ = <built-in method __format__ of AppArmorBug object>
__ge__ = <method-wrapper '__ge__' of AppArmorBug object>
__getattribute__ = <method-wrapper '__getattribute__' of AppArmorBug object>
__gt__ = <method-wrapper '__gt__' of AppArmorBug object>
__hash__ = <method-wrapper '__hash__' of AppArmorBug object>
__init__ = <method-wrapper '__init__' of AppArmorBug object>
__le__ = <method-wrapper '__le__' of AppArmorBug object>
__lt__ = <method-wrapper '__lt__' of AppArmorBug object>
__module__ = 'apparmor.common'
__ne__ = <method-wrapper '__ne__' of AppArmorBug object>
__new__ = <built-in method __new__ of type object>
__reduce__ = <built-in method __reduce__ of AppArmorBug object>
__reduce_ex__ = <built-in method __reduce_ex__ of AppArmorBug object>
__repr__ = <method-wrapper '__repr__' of AppArmorBug object>
__setattr__ = <method-wrapper '__setattr__' of AppArmorBug object>
__setstate__ = <built-in method __setstate__ of AppArmorBug object>
__sizeof__ = <built-in method __sizeof__ of AppArmorBug object>
__str__ = <method-wrapper '__str__' of AppArmorBug object>
__subclasshook__ = <built-in method __subclasshook__ of type object>
__suppress_context__ = False
__traceback__ = <traceback object>
__weakref__ = None
args = ('Log contains unknown mode senw\n\nThis error was c...otocol=6 requested_mask="send" denied_mask="send"',)
with_traceback = <built-in method with_traceback of AppArmorBug object>
The above is a description of an error in a Python program. Here is
the original traceback:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 402, in read_log
self.add_event_to_tree(event)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 206, in add_event_to_tree
e = self.parse_event_for_tree(e)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 303, in parse_event_for_tree
raise AppArmorException(_('Log contains unknown mode %s') % rmask)
apparmor.common.AppArmorException: 'Log contains unknown mode senw'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2189, in do_logprof_pass
log = log_reader.read_log(logmark)
File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 407, in read_log
raise AppArmorBug(ex_msg) # py3-only: from None
apparmor.common.AppArmorBug: Log contains unknown mode senw
This error was caused by the log line:
type=AVC msg=audit(1463403689.381:267599): apparmor="ALLOWED" operation="file_perm" profile="/usr/sbin/apache2//null-www.xxxxxxxxxx.co.uk" pid=13215 comm="apache2" laddr=::ffff:192.168.1.100 lport=80 faddr=::ffff:192.168.1.100 fport=45658 family="inet6" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" |
|
