aa-logprof: doesn't parse new null profile syntax

Bug #446524 reported by Marc Deslauriers on 2009-10-08
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
John Johansen
John Johansen

Bug Description

Binary package hint: apparmor

New AppArmor kernel space changed the log format of "null" profiles, replacing the "null-profile/null-complain-profile" previously used. aa-logprof doesn't understand the new format and parses it as a hat.

type=APPARMOR_ALLOWED msg=audit(1255021936.088:5824): operation="open" pid=26965 parent=26954 profile="/usr/bin/kopete//null-20" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/group"

Related branches

Kees Cook (kees) on 2009-10-08
Changed in apparmor (Ubuntu Karmic):
status: New → Confirmed
assignee: nobody → John Johansen (jjohansen)
importance: Undecided → Low
milestone: none → ubuntu-9.10
Marc Deslauriers (mdeslaur) wrote :
Jamie Strandboge (jdstrand) wrote :

Marking as In Progress based on Marc's patch.

Changed in apparmor (Ubuntu Karmic):
status: Confirmed → In Progress
Changed in apparmor (Ubuntu Karmic):
importance: Low → High
tags: added: regression-potential
Marc Deslauriers (mdeslaur) wrote :

A feature is still missing from the preliminary patch. When aa-genprof reloads the profile after prompting the user for changes, the kernel does not replace the profile on active "null" processes. In order for active processes to get their profile replaced, the profile name must be the "null" name.

There doesn't seem to be a good way to fix this for the moment.

aa-genprof could write the profile to disk with the "null" names until the user tells it to "finish", at which point it could re-write the profile with the actual binary names. This would solve the problem of someone running aa-genprof without stopping the application between runs. On the other hand, if the application is one that executes and stops, subsequent runs would not pick up the modified profile as it wouldn't match the "null" name that would be in the file.

Marc Deslauriers (mdeslaur) wrote :
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.3.1+1403-0ubuntu27

apparmor (2.3.1+1403-0ubuntu27) karmic; urgency=low

  * utils/SubDomain.pm: handle new format "null" log entries (LP: #446524)

 -- Marc Deslauriers <email address hidden> Fri, 16 Oct 2009 14:40:04 -0400

Changed in apparmor (Ubuntu Karmic):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers