aa-genprof crashes in logparser NoneType has no "replace"

Bug #1540562 reported by Chad Miller on 2016-02-01
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Christian Boltz
Christian Boltz
Christian Boltz
apparmor (Ubuntu)

Bug Description

Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.

Traceback (most recent call last):
  File "/usr/sbin/aa-genprof", line 151, in <module>
    lp_ret = apparmor.do_logprof_pass(logmark, passno)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2176, in do_logprof_pass
    log = log_reader.read_log(logmark)
  File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 358, in read_log
  File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 263, in add_event_to_tree
    rmask = rmask.replace('c', 'a')
AttributeError: 'NoneType' object has no attribute 'replace'

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor 2.10-0ubuntu11
ProcVersionSignature: Ubuntu 4.3.0-7.18-generic 4.3.3
Uname: Linux 4.3.0-7-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.19.4-0ubuntu1
Architecture: amd64
CurrentDesktop: GNOME
Date: Mon Feb 1 14:35:38 2016
InstallationDate: Installed on 2014-05-07 (635 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
JournalErrors: -- No entries --
ProcKernelCmdline: BOOT_IMAGE=/root@/boot/vmlinuz-4.3.0-7-generic.efi.signed root=ZFS=gelb/root ro boot=zfs rpool=gelb bootfs=gelb/root
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.abstractions.dbus.accessibility.strict: [modified]
mtime.conffile..etc.apparmor.d.abstractions.dbus.accessibility.strict: 2016-01-11T17:19:10.453376

Chad Miller (cmiller) wrote :
Christian Boltz (cboltz) wrote :

Relevant log line (profile name changed to make reproducing easier):

Feb 1 14:34:25 zippy kernel: [55870.767873] audit: type=1400 audit(1454355265.041:133046): apparmor="ALLOWED" operation="file_receive" profile="/usr/sbin/smbd" pid=28265 comm="RosettaStoneDae" family="inet" sock_type="stream" protocol=6

tags: added: aa-tools
Chad Miller (cmiller) wrote :

e dict that causes problem: {'task': 0, 'info': None, 'attr': None, 'denied_mask': None, 'time': 1454361312, 'parent': 0, 'name': None, 'active_hat': None, 'resource': None, 'request_mask': None, 'pid': 31472, 'operation': 'file_receive', 'name2': None, 'error_code': 0, 'magic_token': 0, 'profile': 'null-complain-profile', 'aamode': 'PERMITTING'}

probably due to one of these

kernel: [61917.812680] audit: type=1400 audit(1454361312.425:636563): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-94//null-96//null-99" pid=31472 comm="WineApp" family="inet" sock_type="stream" protocol=6

kernel: [61917.812683] audit: type=1400 audit(1454361312.425:636564): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-93" pid=31472 comm="WineApp" family="inet" sock_type="stream" protocol=6

kernel: [61917.812756] audit: type=1400 audit(1454361312.425:636569): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-94//null-96//null-99" pid=31472 comm="WineApp" family="inet6" sock_type="stream" protocol=6

kernel: [61917.812759] audit: type=1400 audit(1454361312.425:636570): apparmor="ALLOWED" operation="file_receive" profile="/usr/bin/wine//null-92//null-93" pid=31472 comm="WineApp" family="inet6" sock_type="stream" protocol=6

Christian Boltz (cboltz) wrote :

Yes, that's also what I found.

Patch sent to the mailinglist for review.

If you want to test it, get logparser.py from the bzr 2.10 branch (there were several fixes since 2.10) and around line 304, change

            if e['operation'] in ['file_perm', 'file_inherit'] and not e['request_mask']:


            if not e['request_mask']:

(that's the relevant part of the patch)

Christian Boltz (cboltz) wrote :

Fix commited to bzr trunk r3368, 2.10 branch r3308 and 2.9 branch r2993.

Changed in apparmor:
assignee: nobody → Christian Boltz (cboltz)
milestone: none → 2.10.1
status: New → Fix Committed
milestone: 2.10.1 → 2.11
Lee (lee-8) wrote :

I note the original bug report was for Ubuntu 16.04. I've just experienced the exact same error (minor line number changes notwithstanding) as the original reporter.

I'm using 14.04.4 LTS and have 2.8.95~2430-0ubuntu5.3 installed. Will this fix come down the 2.8 branch for 14.04 LTS users, too, at some point?

Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package apparmor - 2.10.95-0ubuntu1

apparmor (2.10.95-0ubuntu1) xenial; urgency=medium

  * Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
    - Allow Apache prefork profile to chown(2) files (LP: #1210514)
    - Allow deluge-gtk and deluge-console to handle torrents opened in
      browsers (LP: #1501913)
    - Allow file accesses needed by some programs using libnl-3-200
      (Closes: #810888)
    - Allow file accesses needed on systems that use NetworkManager without
      resolvconf (Closes: #813835)
    - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
    - Fix aa-logprof(8) crash when operating on files containing multiple
      profiles with certain rules (LP: #1528139)
    - Fix log parsing crashes, in the Python utilities, caused by certain file
      related events (LP: #1525119, LP: #1540562)
    - Fix log parsing crasher, in the Python utilities, caused by certain
      change_hat events (LP: #1523297)
    - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
      when Python 3 is not available (LP: #1513880)
    - Send aa-easyprof(8) error messages to stderr instead of stdout
      (LP: #1521400)
    - Fix aa-autodep(8) failure when the shebang line of a script contained
      parameters (LP: #1505775)
    - Don't depend on the system logprof.conf when running utils/ build tests
      (LP: #1393979)
    - Fix apparmor_parser(8) bugs when parsing profiles that use policy
      namespaces in the profile declaration or profile transition targets
      (LP: #1540666, LP: #1544387)
    - Regression fix for apparmor_parser(8) bug that resulted in the
      --namespace-string commandline option being ignored causing profiles to
      be loaded into the root policy namespace (LP: #1526085)
    - Fix crasher regression in apparmor_parser(8) when the parser was asked
      to process a directory (LP: #1534405)
    - Fix bug in apparmor_parser(8) to honor the specified bind flags remount
      rules (LP: #1272028)
    - Support tarball generation for Coverity scans and fix a number of issues
      discovered by Coverity
    - Fix regression test failures on s390x systems (LP: #1531325)
    - Adjust expected errno values in changeprofile regression test
      (LP: #1559705)
    - The Python utils gained support for ptrace and signal rules
    - aa-exec(8) received a rewrite in C
    - apparmor_parser(8) gained support for stacking multiple profiles, as
      supported by the Xenial kernel (LP: #1379535)
    - libapparmor gained new public interfaces, aa_stack_profile(2) and
      aa_stack_onexec(2), allowing applications to utilize the new kernel
      stacking support (LP: #1379535)
  * Drop the following patches since they've been incorporated upstream:
    - aa-status-dont_require_python3-apparmor.patch
    - r3209-dnsmasq-allow-dash
    - r3227-locale-indep-capabilities-sorting.patch
    - r3277-update-python-abstraction.patch
    - r3366-networkd.patch,
    - tests-fix_sysctl_test.patch
    - parser-fix-cache-file-mtime-regression.patch
    - parser-verify-cache-file-mtime.patch
    - parser-run-caching-tests-without-apparmorfs.patch
    - pa...


Changed in apparmor (Ubuntu):
status: New → Fix Released
Christian Boltz (cboltz) wrote :

"Real fix" (which decides about file vs. network instead of ignoring these events) implemented in bzr trunk r3594 and 2.10 branch r3369 (will be in 2.10.2).

Christian Boltz (cboltz) on 2017-01-10
Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers