Activity log for bug #1324154

Date Who What changed Old value New value Message
2014-05-28 14:36:58 timdaman bug added bug
2014-05-28 14:36:58 timdaman attachment added profile_path.patch https://bugs.launchpad.net/bugs/1324154/+attachment/4121491/+files/profile_path.patch
2014-05-28 16:23:34 Ubuntu Foundations Team Bug Bot tags patch
2014-05-28 16:23:40 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Review Team
2014-05-29 14:56:56 Christian Boltz apparmor (Ubuntu): status New Fix Committed
2014-10-09 20:22:49 Jamie Strandboge apparmor (Ubuntu): status Fix Committed Fix Released
2014-10-09 20:22:56 Jamie Strandboge nominated for series Ubuntu Trusty
2014-10-09 20:22:56 Jamie Strandboge bug task added apparmor (Ubuntu Trusty)
2014-10-09 20:23:03 Jamie Strandboge apparmor (Ubuntu Trusty): status New Triaged
2014-10-09 20:23:06 Jamie Strandboge apparmor (Ubuntu Trusty): importance Undecided Medium
2014-10-09 20:23:13 Jamie Strandboge apparmor (Ubuntu Trusty): assignee Marc Deslauriers (mdeslaur)
2015-05-18 16:16:01 Steve Beattie description I am trying to profile apache2 with aa-logprof. As part of that I ran into the following problem root@tim-X220:~# aa-logprof -m LOGMARK1 Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Traceback (most recent call last): File "/usr/sbin/aa-logprof", line 52, in <module> apparmor.do_logprof_pass(logmark) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2262, in do_logprof_pass handle_children('', '', root) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1237, in handle_children sev_db.load_variables(profile) File "/usr/lib/python3/dist-packages/apparmor/severity.py", line 180, in load_variables for line in f_in: File "/usr/lib/python3.4/codecs.py", line 704, in __next__ return next(self.reader) File "/usr/lib/python3.4/codecs.py", line 635, in __next__ line = self.readline() File "/usr/lib/python3.4/codecs.py", line 548, in readline data = self.read(readsize, firstline=True) File "/usr/lib/python3.4/codecs.py", line 494, in read newchars, decodedbytes = self.decode(data, self.errors) UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc6 in position 24: invalid continuation byte When I trace back I find that on line 1237 the path to binary is passed to "load_variables" when it expects the path to the profile related to a binary. As a result it opens the binary and tries to process it as a profile. I suspect this but will appear as a range of Unicode style errors depending on what executable is being passed. The fix is fairly simple. On line 1237 change sev_db.load_variables(profile) to sev_db.load_variables(get_profile_filename(profile)) Attached is a patch for this. [impact] This bug makes it difficult for trusty users to use the apparmor policy utilities. [steps to reproduce] See below [regression potential] This issue is being addressed by updating the python utilities to the version in apparmor 2.9.2 as tracked in bug 1449769. This represents are large change which would normally be risky; however, these changes are isolated to the python utils (so no changes to the policy parser/loader or enforcement), there are a large number of bugs that exist in the trusty version that make using the tools difficult, so it would be difficult to regress further, and the updated version includes many new unit tests to try to prevent from regressions from occurring. [additional info] The python utils testsuite is run as part of the test-apparmor.py test script in lp:qa-regression-testing. The test-apparmor.py also has additional basic usage tests to ensure that basic functionality is maintained. These tests are run as part of the process fro each kernel update. [original description] I am trying to profile apache2 with aa-logprof. As part of that I ran into the following problem root@tim-X220:~# aa-logprof -m LOGMARK1 Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Traceback (most recent call last):   File "/usr/sbin/aa-logprof", line 52, in <module>     apparmor.do_logprof_pass(logmark)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2262, in do_logprof_pass     handle_children('', '', root)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1237, in handle_children     sev_db.load_variables(profile)   File "/usr/lib/python3/dist-packages/apparmor/severity.py", line 180, in load_variables     for line in f_in:   File "/usr/lib/python3.4/codecs.py", line 704, in __next__     return next(self.reader)   File "/usr/lib/python3.4/codecs.py", line 635, in __next__     line = self.readline()   File "/usr/lib/python3.4/codecs.py", line 548, in readline     data = self.read(readsize, firstline=True)   File "/usr/lib/python3.4/codecs.py", line 494, in read     newchars, decodedbytes = self.decode(data, self.errors) UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc6 in position 24: invalid continuation byte When I trace back I find that on line 1237 the path to binary is passed to "load_variables" when it expects the path to the profile related to a binary. As a result it opens the binary and tries to process it as a profile. I suspect this but will appear as a range of Unicode style errors depending on what executable is being passed. The fix is fairly simple. On line 1237 change    sev_db.load_variables(profile) to   sev_db.load_variables(get_profile_filename(profile)) Attached is a patch for this.
2015-05-24 17:34:18 Launchpad Janitor branch linked lp:ubuntu/trusty-proposed/apparmor
2015-06-11 17:22:03 Steve Beattie tags patch patch verification-done
2015-06-15 16:44:24 Launchpad Janitor apparmor (Ubuntu Trusty): status Triaged Fix Released