aa-genprof crashes when analyzing audit log
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Package version: 2.9.1-0ubuntu9
Kernel version: 3.19.0-25-generic
Ubuntu version: 15.04 64 bit Desktop
When I try to generate a profile for Thunderbid using the following commands, it crashes:
aa-autodep /usr/lib/
aa-genprof /usr/lib/
Genprof crashes during even scanning (after typing 's' and hitting Enter for scan) with the following error:
[(S)can system log for AppArmor events] / (F)inish
Reading log entries from /var/log/
Traceback (most recent call last):
File "/usr/sbin/
lp_ret = apparmor.
File "/usr/lib/
log = log_reader.
File "/usr/lib/
event = self.parse_
File "/usr/lib/
record_event = self.parse_
File "/usr/lib/
raise AppArmorExcepti
apparmor.
Note: I'm using auditd because it doesn't seem to find any logs without it even though there are events logged in syslog. The following bug is related: https:/
Here is the full audit log: http://
"Log contains unknown mode senw reaeive aonneat" - that's "send receive connect" in the log, and is caused by bug 1243932 and bug 1426651. Both are fixed in 2.9.2, so Ubuntu should provide updated packages. (Actually they should wait for 2.9.3 because it contains some more fixes.)
Yes, it's easy to say that for me - I'm "only" working on the aa-* tools and the openSUSE packages, but don't know anything about Ubuntu packaging ;-)
If you need the working version _now_, do a bzr checkout of the latest upstream code (trunk or 2.9 branch). You can use the tools directly inside the checkout directory without installing them somewhere:
cd utils
python3 aa-logprof # or "python aa-logprof" depending if you have python-libapparmor or python3-libapparmor installed