configured_profile_names() in /lib/apparmor/functions breaks eg usr.bin.firefox profile

Bug #788616 reported by Christoph Trassl on 2011-05-26
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
High
Unassigned
2.6
High
Unassigned
apparmor (Ubuntu)
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned

Bug Description

Binary package hint: apparmor

configured_profile_names() in /lib/apparmor/functions greps for '\^' which stops the shipped usr.bin.firefox profile from loading during apparmor restart or apparmor reload.

The firefox profile is named '/usr/lib/firefox-4.0.1/firefox{,*[^s][^h]} and therefore grepped away.

Christoph Trassl (chtrassl) wrote :

Sorry, missed the installed apparmor version, it is: 2.6.1-0ubuntu3

Steve Beattie (sbeattie) wrote :

Good catch. It should be filtering out '//' instead as that's now the separator used by the kernel portion of apparmor to indicate where hats and child profile names begin, like so:

=== modified file 'debian/lib/apparmor/functions'
--- debian/lib/apparmor/functions 2011-02-24 01:41:58 +0000
+++ debian/lib/apparmor/functions 2011-05-31 19:36:08 +0000
@@ -54,7 +54,7 @@
 }

 configured_profile_names() {
- foreach_configured_profile $quiet_arg -N 2>/dev/null | LC_COLLATE=C sort | grep -v '\^'
+ foreach_configured_profile $quiet_arg -N 2>/dev/null | LC_COLLATE=C sort | grep -v '//'
 }

 running_profile_names() {

Changed in apparmor (Ubuntu):
status: New → Triaged
importance: Undecided → High
Kees Cook (kees) on 2011-05-31
Changed in apparmor (Ubuntu Natty):
status: New → Triaged
importance: Undecided → High
Steve Beattie (sbeattie) wrote :

This also affects the upstream parser/rc.apparmor.functions (which the debian/ubuntu version was based off of but differs from).

Changed in apparmor:
status: New → In Progress
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.6.1-4ubuntu1

---------------
apparmor (2.6.1-4ubuntu1) oneiric; urgency=low

  * Get rid of Perl in main AppArmor package so we can remove perl-modules
    from the installation cd:
    - debian/patches/0104-python-aa-status.patch: switch aa-status to
      Python
    - debian/apparmor.*, debian/apparmor-utils.*: move aa-status, symlink
      and manpages to main apparmor package.
    - debian/control: add appropriate Breaks/Replaces/Depends because of
      the file move, add ${python:Depends} to apparmor Depends, add
      apparmor-utils to apparmor Suggests.
    - debian/rules: add apparmor package to dh_python2.
  * debian/lib/apparmor/functions: fix hat separator (LP: #788616)
    - Based on upstream revision 1733
 -- Marc Deslauriers <email address hidden> Wed, 01 Jun 2011 11:03:20 -0400

Changed in apparmor (Ubuntu Oneiric):
status: Triaged → Fix Released
Changed in apparmor:
status: In Progress → Confirmed
Christoph Trassl (chtrassl) wrote :

The issue was patched, can we cleanup and close this bug?

Changed in apparmor:
status: Confirmed → Fix Released
dino99 (9d9) wrote :
Changed in apparmor (Ubuntu Natty):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers