Feature buffer full in precise with LTS kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Tim Gardner |
Bug Description
[Impact]
* Users running Saucy or newer kernels on 12.04 LTS release cannot load
AppArmor profiles due to a fixed-size buffer in the apparmor_parser binary.
* As a result of this failure, lxc could not install, and no programs would
run with AppArmor confinement, when a user installed a Saucy or newer kernel.
* This upload cherry picks a fix from Saucy that increases the size of the
fixed buffer from 1024 to 8192 bytes. This is expected to be large enough.
[Test Case]
* apt-add-repository ppa:ubuntu-
apt-get update
apt-get install linux-generic-
shutdown -r now
/etc/
apt-get install lxc
aa-status
* Without the fix, the reload and install lxc commands fail, and
aa-status would report no loaded profiles.
With the fix, the reload and install lxc commands succeed, and
aa-status reports many loaded profiles.
[Regression Potential]
* If a future kernel requires more than 8192 bytes of buffer to describe
features, this will again break. The AppArmor 3.0 upstream release is
expected to dynamically allocate the size of this buffer if the buffer
should again prove to be too small, and such a hypothesized patch can be
cherry-picked again.
[Other Info]
* I verified this bug as well as #982619, #987578, and #1091642.
Thanks
Seth Arnold
[Original report]
The 0041-parser-
Related branches
Changed in apparmor (Ubuntu Precise): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in apparmor (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
description: | updated |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Marking confirmed as both rtg and I have seen it.