aa-logprof crash on #include <directory>
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Christian Boltz | ||
2.9 |
Fix Released
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
aa-logprof crashes on profiles that contain an #include <directory> _if_ there are events for this profile.
2.9 crash:
# aa-logprof -f /tmp/syslog
Lese Logeinträge von /tmp/syslog.
Aktualisiere AppArmor-Profile in /etc/apparmor.d.
Traceback (most recent call last):
File "aa-logprof", line 54, in <module>
apparmor.
File "/home/
collapse_log()
File "/home/
if not profile_
File "/home/
if netrules_
KeyError: 'apache2.d'
trunk crash:
# aa-logprof -f /tmp/syslog
Lese Logeinträge von /tmp/syslog.
Aktualisiere AppArmor-Profile in /etc/apparmor.d.
Traceback (most recent call last):
File "aa-logprof", line 50, in <module>
apparmor.
File "/home/
collapse_log()
File "/home/
if not is_known_
File "/home/
if include[
KeyError: 'apache2.d'
Reproducer: (slightly faked log event, apache didn't request network raw)
aa-logprof -f <(echo 'Jul 2 06:39:54 piorun kernel: [5579093.070893] audit: type=1400 audit(143581199
Note: If you test with old logs, it doesn't happen always because is_known_rule() / profile_known_*() exits as soon as it finds a match, and the order of include files is random - which means it doesn't always loop until it hits the directory include.
I'm afraid that this affects the profile_known_*() functions for all rule types.
tags: | added: aa-tools |
Changed in apparmor: | |
milestone: | 2.9.3 → 2.10 |
patches for trunk sent to ML.