aa-logprof crash when saving profiles - invalid regex for firefox{,*[^s][^h]}

Bug #1705179 reported by Buz Finork on 2017-07-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned

Bug Description

Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.

Profile: /opt/Enpass/bin/runenpass.sh
Execute: /usr/bin/lsof
Severity: unknown

(I)nherit / (C)hild / (P)rofile / (N)amed / (U)nconfined / (X) ix On / (D)eny / Abo(r)t / (F)inish

Profile: /usr/bin/file-roller
Execute: /usr/bin/unrar-free
Severity: unknown

(I)nherit / (C)hild / (P)rofile / (N)amed / (U)nconfined / (X) ix On / (D)eny / Abo(r)t / (F)inish
Target profile exists: /etc/apparmor.d/usr.lib.firefox.firefox.sh

Profile: /usr/lib/thunderbird/thunderbird{,*[^s][^h]}
Execute: /usr/lib/firefox/firefox.sh
Severity: unknown

(I)nherit / (C)hild / (P)rofile / (N)amed / (U)nconfined / (X) ix On / (D)eny / Abo(r)t / (F)inish

Should AppArmor sanitise the environment when
switching profiles?

Sanitising environment is more secure,
but some applications depend on the presence
of LD_PRELOAD or LD_LIBRARY_PATH.

(Y)es / [(N)o]

Profile: /usr/bin/xdg-open
Execute: /usr/bin/exo-open
Severity: unknown

(I)nherit / (C)hild / (P)rofile / (N)amed / (U)nconfined / (X) ix On / (D)eny / Abo(r)t / (F)inish

= Changed Local Profiles =

The following local profiles were changed. Would you like to save them?

 [1 - /opt/Enpass/bin/runenpass.sh]
  2 - /usr/lib/thunderbird/thunderbird{,*[^s][^h]}
  3 - /usr/bin/file-roller
(S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t
Writing updated profile for /opt/Enpass/bin/runenpass.sh.
Writing updated profile for /usr/bin/file-roller.
Writing updated profile for /usr/lib/thunderbird/thunderbird{,*[^s][^h]}.
Traceback (most recent call last):
  File "/usr/sbin/aa-logprof", line 50, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2200, in do_logprof_pass
    collapse_log()
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2451, in collapse_log
    if not is_known_rule(aa[profile][hat], 'ptrace', ptrace_event):
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 4100, in is_known_rule
    if profile[rule_type].is_covered(rule_obj, False):
  File "/usr/lib/python3/dist-packages/apparmor/rule/__init__.py", line 363, in is_covered
    if r.is_covered(rule, check_allow_deny, check_audit):
  File "/usr/lib/python3/dist-packages/apparmor/rule/__init__.py", line 148, in is_covered
    return self.is_covered_localvars(other_rule)
  File "/usr/lib/python3/dist-packages/apparmor/rule/ptrace.py", line 141, in is_covered_localvars
    if not self._is_covered_aare(self.peer, self.all_peers, other_rule.peer, other_rule.all_peers, 'peer'):
  File "/usr/lib/python3/dist-packages/apparmor/rule/__init__.py", line 194, in _is_covered_aare
    if not self_value.match(other_value.regex): # XXX should check against other_value (without .regex) - but that gives different (more strict) results
  File "/usr/lib/python3/dist-packages/apparmor/aare.py", line 68, in match
    self._regex_compiled = re.compile(convert_regexp(self.regex))
  File "/usr/lib/python3.5/re.py", line 224, in compile
    return _compile(pattern, flags)
  File "/usr/lib/python3.5/re.py", line 293, in _compile
    p = sre_compile.compile(pattern, flags)
  File "/usr/lib/python3.5/sre_compile.py", line 536, in compile
    p = sre_parse.parse(p, flags)
  File "/usr/lib/python3.5/sre_parse.py", line 834, in parse
    raise source.error("unbalanced parenthesis")
sre_constants.error: unbalanced parenthesis at position 67

An unexpected error occoured!

INPUT I,I,P,Y,F

attached the log file

Buz Finork (m321v123m) wrote :
Buz Finork (m321v123m) wrote :

I had a similar error occur if I hit (inheret) for the last item as well.. so that's why this time I hit the F there to save them.

Christian Boltz (cboltz) wrote :

Looks similar to bug 1700416, except that you see the crash at a different time. Nevertheless, the workaround from bug 1700416 should help here too.

tags: added: aa-tools
summary: - aa-logprof error 2l6afxlc
+ aa-logprof crash when saving profiles - invalid regex for
+ firefox{,*[^s][^h]}
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers