AppArmor

apparmor-utils fail with code exception "AttributeError: 'collections.defaultdict' object has no attribute 'startswith'" 4/4

Bug #1848227 reported by Guillaume B on 2019-10-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	Fix Released	Undecided	Christian Boltz

Bug Description

Hello,

I am on Debian Buster 10.1 running apparmor 2.13.2-10 and apparmor-utils 2.13.2-10.

When trying to use the commands aa-complain, aa-disable, aa-enforce and aa-logprof, the code throws an exception and the commands fail. Downgrading to apparmor-utils 2.11.0-3+deb9u2 and python3-apparmor 2.11.0-3+deb9u2 (Debian oldstable) makes aa-enforce and aa-complain work but aa-logprof still fails.

Since only one file at a time can be attached to a message, I have attached the file for aa-logprof here. The ohter bug reports are in corresponding messages.

Please tell me if more command bug logs are needed.

Thanks.

Tags:

Revision history for this message

Guillaume B (gueb1) wrote on 2019-10-15:

aa-logprof_bug.txt Edit (5.4 KiB, text/plain)

Revision history for this message

Christian Boltz (cboltz) wrote on 2019-10-15:

Thanks for the reports!

According to the logs, all crashes are caused by the /etc/apparmor.d/usr.sbin.cupsd profile. Can you please attach that file?

Revision history for this message

Guillaume B (gueb1) wrote on 2019-10-16:

usr.sbin.cupsd Edit (3.9 KiB, text/plain)

Here it is.

Revision history for this message

Christian Boltz (cboltz) wrote on 2019-10-16:

Thanks!

I can reproduce the crash with latest master with your profile and an empty local/usr.sbin.cupsd file.

The problem is probably that

#include <local/usr.sbin.cupsd>

is located _after_ the closing "}" of the cupsd profile (which is an error in the profile IMHO - I'd guess you broke it while removing the "third_party" child profile) - moving the local include above the "}" or commenting it out avoids the crash.

Nevertheless, even if this line is located at a "wrong" place, it shouldn't crash the aa-* tools ;-)

A simplified test profile that still triggers the crash is:

    /usr/sbin/cupsd {
    }
    #include <local/usr.sbin.cupsd>

Revision history for this message

Christian Boltz (cboltz) wrote on 2019-10-16:

The fix is funny[tm] - removing two lines of code that is, besides causing this crash, unused ;-)

https://gitlab.com/apparmor/apparmor/merge_requests/427

Changed in apparmor:
status:	New → In Progress
assignee:	nobody → Christian Boltz (cboltz)
tags:	added: aa-tools

Revision history for this message

Guillaume B (gueb1) wrote on 2019-10-17:

Confirmed fix. The aa-* utils work fine when moving #include <local/usr.sbin.cupsd> before the closing "}" of the cupsd profile fixes the issue.

Revision history for this message

Christian Boltz (cboltz) wrote on 2020-04-05:

This was fixed some months ago, and 2.13.4 includes the fix.

Changed in apparmor:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.