aa-genprof fails to create profile for shell script with encrypted home directory - overlong path causes cut-off log line
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
To reproduce:
Start aa-genprof in a terminal window and wait for prompt
Start shell script in another window. When finished:
Enter 's' in aa-genprof terminal window
Result:
Fehler beim Erzeugen eine Profils für rsbackup:
Protokolleinträge von /var/log/syslog werden gelesen.
AppArmor-Profile in /etc/apparmor.d werden aktualisiert.
Traceback (most recent call last):
File "/usr/lib/
self.
File "/usr/lib/
e = self.parse_
File "/usr/lib/
elif self.op_type(e) == 'file':
File "/usr/lib/
raise AppArmorExcepti
apparmor.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/
lp_ret = apparmor.
File "/usr/lib/
log = log_reader.
File "/usr/lib/
raise AppArmorBug(ex_msg) # py3-only: from None
apparmor.
This error was caused by the log line:
Jul 24 11:50:07 klapp kernel: [153217.735729] audit: type=1400 audit(165865620
An unexpected error occoured!
For details, see /tmp/user/
Please consider reporting a bug at https:/
and attach this file.
op_type() checks if a log event has the attributes family, protocol and sock_type (which makes it a network event) or denied_mask (which makes it a file event).
However, your log line doesn't have any of that (since it's obviously a file event, I'd expect a "denied_mask"), therefore none of these conditions match - and the code errors out.
It looks like your syslog daemon did cut off the log line at about 1000 chars, and the path is too long and causes things like denied_mask to be cut off.
As a workaround, I'd recommend to install and use auditd - AFAIK it doesn't cut off the log lines.
Or edit /usr/.. .../apparmor/ logparser. py and, in the op_type() function, change raising the exception to "return 'unknown'" (like it does for operation keywords not handled in this function).