Ubuntu
apparmor package

Python utils lack support for bare capability rules

Bug #1294819 reported by Tyler Hicks
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Medium
Tyler Hicks
AppArmor 2.9.0
apparmor (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

The new aa.py module does not handle a bare capability rule and emits a traceback.

$ mkdir /tmp/profs
$ printf "profile cap {\n capability,\n}" >/tmp/profs/cap
$ sudo ./aa-enforce -d /tmp/profs /tmp/profs/cap
Traceback (most recent call last):
  File "./aa-enforce", line 30, in <module>
    tool.cmd_enforce()
  File "/var/scm/apparmor.git/utils/apparmor/tools.py", line 153, in cmd_enforce
    apparmor.read_profiles()
  File "/var/scm/apparmor.git/utils/apparmor/aa.py", line 2558, in read_profiles
    read_profile(profile_dir + '/' + file, True)
  File "/var/scm/apparmor.git/utils/apparmor/aa.py", line 2584, in read_profile
    profile_data = parse_profile_data(data, file, 0)
  File "/var/scm/apparmor.git/utils/apparmor/aa.py", line 3031, in parse_profile_data
    raise AppArmorException(_('Syntax Error: Unknown line found in file: %s line: %s') % (file, lineno + 1))
apparmor.common.AppArmorException: 'Syntax Error: Unknown line found in file: /tmp/profs/cap line: 2'

See original description
Tyler Hicks (tyhicks)
Changed in apparmor (Ubuntu):
status: In Progress → Triaged
Changed in apparmor:
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Tyler Hicks (tyhicks)
Tyler Hicks (tyhicks)
summary: - Python utils don't support bare capability rules
+ Python utils lack support for bare capability rules
description: updated
Tyler Hicks (tyhicks)
Changed in apparmor:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu3

---------------
apparmor (2.8.95~2430-0ubuntu3) trusty; urgency=medium

  [ Jamie Strandboge ]
  * debian/lib/apparmor/functions: properly calculate number of profiles in
    /var/lib/apparmor/profiles (LP: #1295816)
  * autostart aa-notify via /etc/xdg/autostart instead of /etc/X11/Xsession.d
    (LP: #1288241)
    - remove debian/notify/90apparmor-notify
    - add debian/notify/apparmor-notify.desktop
    - debian/apparmor-notify.install: adjust for the above
    - add debian/apparmor-notify.maintscript to remove 90apparmor-notify
  * debian/notify/notify.conf: use_group should be set to "sudo" instead of
    "admin" (LP: #1009666)

  [ Tyler Hicks ]
  * debian/patches/initialize-mount-flags.patch: Initialize the variables
    containing mount rule flags to zero. Otherwise, the parser may set
    unexpected bits in the mount flags field for rules that do not specify
    mount flags. The uninitialized mount flag variables may have caused
    unexpected AppArmor denials during mount mediation. (LP: #1296459)
  * debian/patches/fix-typo-in-dbus_write.patch: Fix a bug in the
    apparmor/aa.py module that caused the utilities in the apparmor-utils
    package to write out network rules instead of dbus rules
  * debian/patches/limited-mount-rule-support.patch: Fix a bug in the
    apparmor/aa.py module that caused the utilities in the apparmor-utils
    package to traceback when encountering a mount rule (LP: #1294825)
  * debian/patches/bare-capability-rule-support.patch: Fix a bug in the
    apparmor/aa.py module that caused the utilities in the apparmor-utils
    package to traceback when encountering a bare capability rule
    (LP: #1294819)
  * debian/patches/check-config-for-sysctl.patch,
    debian/patches/increase-swap-size.patch: Fix bugs in the regression test
    suite that caused errors when running on ppc64el
  * debian/patches/test-v6-policy.patch,
    debian/patches/test-mount-mediation.patch: Improve the regression tests
    by increasing the mount rule test coverage
 -- Tyler Hicks <email address hidden> Thu, 27 Mar 2014 14:12:29 -0500

Changed in apparmor (Ubuntu):
status: Triaged → Fix Released
Jamie Strandboge (jdstrand)
Changed in apparmor:
milestone: none → 2.9.0
Revision history for this message
Steve Beattie (sbeattie) wrote :

Apparmor 2.9.0 has been released; closing.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.