aa-unconfined crashes on Debian

/tmp/apparmor-bugreport-yr8c3w3p.txt should contain more details. Can you please attach that file?

Wild guess: this could be a race condition, and one of your processes exited while its /proc/$PID/attr/current was read by aa-unconfined. However, I wonder why this results in an error - "normal" files are only deleted _after_ they are closed by whoever has them open - no idea if /proc/ also has this feature.

Also, can you please check the version of your packages? You have a mix of 2.12 (libapparmor-perl and python3-libapparmor) and 2.11 (everything else) packages. I doubt this version mix is related to this bug, but please check for updates nevertheless ;-)

Hi, Christian. First, thank you for your reply.😉

I had some problems to attach the file because my browser seems not work very well, but I'm afraid that that is the only text it has. Nevertheless I've tried to execute again the command, before updating the packages and after. I attach the results (with my mobile phone this time).

So, I have apparmor, libapparmor1, python 3-apparmor and apparmor-utils upgraded to 2.12 and the exception is the same.

I'm completely surprised that you can reproduce this bug, and I have no idea why :-/ (needless to say, can't reproduce it on my system)

Can you please re-try with the attached version of aa-unconfined, which has some debugging code added? (No need to replace your /usr/sbin/aa-unconfined, just store it whereever you like and run it with "python3 aa-unconfined".)

If you can still reproduce the problem, you'll get one or more lines like

    *** OSError raised for pid 123

Please check for which processes you get these messages, and under which AppArmor profile they are running. (As an alternative, attach all "OSError raised" lines together with the output of "ps Zaux" so that I can have a look at it.)

Please also check "cat /proc/$PID/attr/current" for the listed processes if it shows something unusual.

I'm very sorry Christian! Yesterday, I realized that the filesystem of apparmor would be mounted. I researched a little more and the module wasn't loaded in grub.

I added it in grub, rebooted and it goes perfectly now: aa-unconfined shows all processes without any error.

Maybe, it could be nice that the command would verify the filesystem for apparmor would mounted before running and give an explanatory message.

Thank you a lot for your time.

The filesystem was not mounted, I wanted to say. Sorry.

I'm a fan of good error messages, so there's no need to apologzie ;-)

I was finally able to reproduce this bug by booting a debian test VM with the apparmor=0 boot parameter. Interestingly /proc/$PID/attr/current exists, but can't be read:

root@debian:/home/cb# cat /proc/$$/attr/current
cat: /proc/6047/attr/current: Invalid argument