AppArmor

aa-genprof crashes

Bug #1815551 reported by Ilay Raz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Undecided
Unassigned

Bug Description

aa-genprof crashes when generating a new profile due to an unterminated subpattern. Please see attached log file.

Tags: aa-tools
Revision history for this message
Ilay Raz (ilayraz) wrote :
Revision history for this message
Christian Boltz (cboltz) wrote :

You seem to have an ... interesting[tm] filename:

/home/ilayraz/.java/.userPrefs/jetbrains/_...@\"j\!(k\!|w\"w\!'8\!b\!\"p\!':\!e@==/prefs.xml

The filename was probably shortened in the middle, but still looks crazy enough, and I'm not surprised that aa-genprof explodes while trying to auto-convert this to a valid regex.

Can you please check your /var/log/audit/audit.log for the orignal log line and upload the result? Usually I'd say grep for "jetbrains.*/prefs.xml", but given the filename, it could also be hex-encoded, so please also grep for "6A6574627261696E73.*70726566732E786D6C".

If you can't find such a log line, it's probably good enough if you tell me the full path and filename.

Revision history for this message
Ilay Raz (ilayraz) wrote :

Sorry for the late respond didn't have time to get to this right away.
It is indeed very strange. I don't have the original log file from when I uploaded the bug report, but I reproduced the bug and found a line that matches what you were looking for. Please let me know if there is anything else you need that might help you in fixing this.
This is the line matching the second grep pattern from my audit.log file:

type=AVC msg=audit(1551050099.504:6875): apparmor="DENIED" operation="open" profile="/opt/webstorm/bin/webstorm.sh" name=2F686F6D652F696C617972617A2F2E6A6176612F2E7573657250726566732F6A6574627261696E732F5F212821216367227021287D217D40226A21286B217C772277212738216221227021273A2165403D3D2F70726566732E786D6C pid=32557 comm="java" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Revision history for this message
Christian Boltz (cboltz) wrote :

# aa-decode 2F686F6D652F696C617972617A2F2E6A6176612F2E7573657250726566732F6A6574627261696E732F5F212821216367227021287D217D40226A21286B217C772277212738216221227021273A2165403D3D2F70726566732E786D6C
Decoded: /home/ilayraz/.java/.userPrefs/jetbrains/_!(!!cg"p!(}!}@"j!(k!|w"w!'8!b!"p!':!e@==/prefs.xml

Oh well, that's an "interesting" directory name. I completely understand why you want to have a profile for jetbrains ;-) and I'm also not surprised that this directory name breaks the code that tries to convert it to a regex. (Nevertheless, we should at least catch such cases instead of erroring out the hard way.)

As a workaround, you can add the following rule manually:

    /home/ilayraz/.java/.userPrefs/jetbrains/*/prefs.xml r,

(and remove that log event from your logfile to avoid that aa-genprof or aa-logprof crash again)

tags: added: aa-tools
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.