| 2013-10-23 21:30:01 |
Julian Taylor |
bug |
|
|
added bug |
| 2013-10-23 21:31:31 |
Tyler Hicks |
apparmor (Ubuntu): status |
New |
Triaged |
|
| 2013-10-23 21:31:37 |
Tyler Hicks |
apparmor (Ubuntu): importance |
Undecided |
Medium |
|
| 2013-10-24 21:36:13 |
Tyler Hicks |
apparmor (Ubuntu): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2013-10-26 01:30:30 |
Tyler Hicks |
bug task added |
|
apparmor |
|
| 2013-10-26 01:30:36 |
Tyler Hicks |
apparmor: status |
New |
In Progress |
|
| 2013-10-26 01:30:37 |
Tyler Hicks |
apparmor: importance |
Undecided |
Medium |
|
| 2013-10-26 01:30:40 |
Tyler Hicks |
apparmor: assignee |
|
Tyler Hicks (tyhicks) |
|
| 2013-10-30 00:08:59 |
Launchpad Janitor |
branch linked |
|
lp:apparmor |
|
| 2013-10-30 01:01:27 |
Tyler Hicks |
description |
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined"
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask));
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages |
[Impact]
* aa-logprof does not work when dbus rule denials are present in the logs
[Test Case]
* Load a profile that does not grant D-Bus access and create a D-Bus denial. Then,
test aa-logprof.
$ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
$ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
Failed to open connection to "system" message bus: An AppArmor policy prevents this
sender from sending this message to this recipient, 0 matched rules;
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus"
member="Hello" error name="(unset)" requested_reply="0"
destination="org.freedesktop.DBus" (bus)
$ aa-logprof -f /dev/null
Reading log entries from /dev/null.
Updating AppArmor profiles in /etc/apparmor.d.
An unpatched aa-logprof will print similar output followed by:
Log contains unknown mode senw.
[Regression Potential]
* The regression potential is low since aa-logprof currently refuses to work when D-Bus
denials are present. The fix is minimal and has been reviewed by upstream.
[Original Bug Report]
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined"
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask));
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages |
|
| 2013-11-05 22:27:20 |
Tyler Hicks |
description |
[Impact]
* aa-logprof does not work when dbus rule denials are present in the logs
[Test Case]
* Load a profile that does not grant D-Bus access and create a D-Bus denial. Then,
test aa-logprof.
$ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
$ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
Failed to open connection to "system" message bus: An AppArmor policy prevents this
sender from sending this message to this recipient, 0 matched rules;
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus"
member="Hello" error name="(unset)" requested_reply="0"
destination="org.freedesktop.DBus" (bus)
$ aa-logprof -f /dev/null
Reading log entries from /dev/null.
Updating AppArmor profiles in /etc/apparmor.d.
An unpatched aa-logprof will print similar output followed by:
Log contains unknown mode senw.
[Regression Potential]
* The regression potential is low since aa-logprof currently refuses to work when D-Bus
denials are present. The fix is minimal and has been reviewed by upstream.
[Original Bug Report]
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined"
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask));
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages |
[Impact]
* aa-logprof does not work when dbus rule denials are present in the logs
[Automated Test Case]
* test_lp1243932_send, test_lp1243932_receive, and test_lp1243932_bind have been added to QRT's test-apparmor.py test script
[Manual Test Case]
* Load a profile that does not grant D-Bus access and create a D-Bus denial. Then,
test aa-logprof.
$ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq
$ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
Failed to open connection to "system" message bus: An AppArmor policy prevents this
sender from sending this message to this recipient, 0 matched rules;
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus"
member="Hello" error name="(unset)" requested_reply="0"
destination="org.freedesktop.DBus" (bus)
$ aa-logprof -f /dev/null
Reading log entries from /dev/null.
Updating AppArmor profiles in /etc/apparmor.d.
An unpatched aa-logprof will print similar output followed by:
Log contains unknown mode senw.
[Regression Potential]
* The regression potential is low since aa-logprof currently refuses to work when D-Bus
denials are present. The fix is minimal and has been reviewed by upstream.
[Original Bug Report]
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined"
23:16 <tyhicks> my guess is the denial of a dbus send
23:16 <tyhicks> senw is awful close to send
23:17 <tyhicks> parse_event() in AppArmor.pm does this:
23:18 <tyhicks> $rmask =~ s/d/w/g;
23:18 <tyhicks> followed by:
23:18 <tyhicks> fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask));
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages |
|
| 2013-11-08 19:20:24 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/apparmor |
|
| 2013-11-08 20:13:23 |
Launchpad Janitor |
apparmor (Ubuntu): status |
Triaged |
Fix Released |
|
| 2013-11-12 19:54:32 |
Stéphane Graber |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2013-11-12 19:54:34 |
Stéphane Graber |
bug |
|
|
added subscriber SRU Verification |
| 2013-11-12 19:54:36 |
Stéphane Graber |
tags |
|
verification-needed |
|
| 2013-11-12 20:25:37 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/apparmor |
|
| 2013-11-13 20:57:01 |
Tyler Hicks |
tags |
verification-needed |
verification-done |
|
| 2013-11-19 23:21:00 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2014-10-10 21:36:26 |
Jamie Strandboge |
apparmor: status |
In Progress |
Fix Committed |
|
| 2014-10-10 21:36:30 |
Jamie Strandboge |
apparmor: milestone |
|
2.9.0 |
|
| 2014-10-17 23:29:17 |
Steve Beattie |
apparmor: status |
Fix Committed |
Fix Released |
|
| 2015-03-29 18:20:15 |
Christian Boltz |
apparmor: status |
Fix Released |
Confirmed |
|
| 2015-04-06 19:46:47 |
Steve Beattie |
apparmor: milestone |
2.9.0 |
2.9.2 |
|
| 2015-04-15 23:57:29 |
Christian Boltz |
apparmor: status |
Confirmed |
Fix Committed |
|
| 2015-04-24 01:10:38 |
Steve Beattie |
apparmor: status |
Fix Committed |
Fix Released |
|
| 2016-04-21 19:57:29 |
Mathew Hodson |
tags |
verification-done |
saucy trusty verification-done vivid |
|
