apparmor-utils fail with code exception "AttributeError: 'collections.defaultdict' object has no attribute 'startswith'" 4/4

Bug #1848227 reported by Guillaume B on 2019-10-15
24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Christian Boltz

Bug Description

Hello,

I am on Debian Buster 10.1 running apparmor 2.13.2-10 and apparmor-utils 2.13.2-10.

When trying to use the commands aa-complain, aa-disable, aa-enforce and aa-logprof, the code throws an exception and the commands fail. Downgrading to apparmor-utils 2.11.0-3+deb9u2 and python3-apparmor 2.11.0-3+deb9u2 (Debian oldstable) makes aa-enforce and aa-complain work but aa-logprof still fails.

Since only one file at a time can be attached to a message, I have attached the file for aa-logprof here. The ohter bug reports are in corresponding messages.

Please tell me if more command bug logs are needed.

Thanks.

Guillaume B (gueb1) wrote :
Christian Boltz (cboltz) wrote :

Thanks for the reports!

According to the logs, all crashes are caused by the /etc/apparmor.d/usr.sbin.cupsd profile. Can you please attach that file?

Guillaume B (gueb1) wrote :

Here it is.

Christian Boltz (cboltz) wrote :

Thanks!

I can reproduce the crash with latest master with your profile and an empty local/usr.sbin.cupsd file.

The problem is probably that

    #include <local/usr.sbin.cupsd>

is located _after_ the closing "}" of the cupsd profile (which is an error in the profile IMHO - I'd guess you broke it while removing the "third_party" child profile) - moving the local include above the "}" or commenting it out avoids the crash.

Nevertheless, even if this line is located at a "wrong" place, it shouldn't crash the aa-* tools ;-)

A simplified test profile that still triggers the crash is:

    /usr/sbin/cupsd {
    }
    #include <local/usr.sbin.cupsd>

Christian Boltz (cboltz) wrote :

The fix is funny[tm] - removing two lines of code that is, besides causing this crash, unused ;-)

https://gitlab.com/apparmor/apparmor/merge_requests/427

Changed in apparmor:
status: New → In Progress
assignee: nobody → Christian Boltz (cboltz)
tags: added: aa-tools
Guillaume B (gueb1) wrote :

Confirmed fix. The aa-* utils work fine when moving #include <local/usr.sbin.cupsd> before the closing "}" of the cupsd profile fixes the issue.

Christian Boltz (cboltz) wrote :

This was fixed some months ago, and 2.13.4 includes the fix.

Changed in apparmor:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers