AppArmor

aa-logprof creates invalid regex for firefox{,*[^s][^h]}

Bug #1700416 reported by Buz Finork
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Undecided
Unassigned

Bug Description

I was working on profiling syncthing and syncthing-gtk.. and running aa-logprof got this error.. (not sure what went wrong)

Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Traceback (most recent call last):
  File "/usr/sbin/aa-logprof", line 50, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2200, in do_logprof_pass
    collapse_log()
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2451, in collapse_log
    if not is_known_rule(aa[profile][hat], 'ptrace', ptrace_event):
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 4100, in is_known_rule
    if profile[rule_type].is_covered(rule_obj, False):
  File "/usr/lib/python3/dist-packages/apparmor/rule/__init__.py", line 363, in is_covered
    if r.is_covered(rule, check_allow_deny, check_audit):
  File "/usr/lib/python3/dist-packages/apparmor/rule/__init__.py", line 148, in is_covered
    return self.is_covered_localvars(other_rule)
  File "/usr/lib/python3/dist-packages/apparmor/rule/ptrace.py", line 141, in is_covered_localvars
    if not self._is_covered_aare(self.peer, self.all_peers, other_rule.peer, other_rule.all_peers, 'peer'):
  File "/usr/lib/python3/dist-packages/apparmor/rule/__init__.py", line 194, in _is_covered_aare
    if not self_value.match(other_value.regex): # XXX should check against other_value (without .regex) - but that gives different (more strict) results
  File "/usr/lib/python3/dist-packages/apparmor/aare.py", line 68, in match
    self._regex_compiled = re.compile(convert_regexp(self.regex))
  File "/usr/lib/python3.5/re.py", line 224, in compile
    return _compile(pattern, flags)
  File "/usr/lib/python3.5/re.py", line 293, in _compile
    p = sre_compile.compile(pattern, flags)
  File "/usr/lib/python3.5/sre_compile.py", line 536, in compile
    p = sre_parse.parse(p, flags)
  File "/usr/lib/python3.5/sre_parse.py", line 834, in parse
    raise source.error("unbalanced parenthesis")
sre_constants.error: unbalanced parenthesis at position 59

An unexpected error occoured!

For details, see /tmp/apparmor-bugreport-iwq9ml40.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.

Tags: aa-tools
Revision history for this message
Buz Finork (m321v123m) wrote :

For details, see /tmp/apparmor-bugreport-iwq9ml40.txt

Revision history for this message
Christian Boltz (cboltz) wrote :

Thanks for the bugreport!

Looks like the profile name
    /usr/lib/firefox/firefox{,*[^s][^h]}
gets miscompiled to an invalid regex.

Workaround: Change the profile to
    profile firefox /usr/lib/firefox/firefox{,*[^s][^h]}

tags: added: aa-tools
summary: - aa-logprof error
+ aa-logprof creates invalid regex for firefox{,*[^s][^h]}
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.