aa-logprof wrongly transforms PUx to UPx

Bug #982619 reported by Julian Taylor on 2012-04-15
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
High
Steve Beattie
Precise
High
Steve Beattie

Bug Description

apparmor accepts the PUx qualifier
but when aa-logprof updates a profile that uses that it transforms it to UPx which apparmor does not accept.
It then complains:
AppArmor parser error for /etc/apparmor.d/home.jtaylor.tmp.test.sh in /etc/apparmor.d/home.jtaylor.tmp.test.sh at line 22: syntax error, unexpected TOK_ID, expecting TOK_MODE

e.g.
#include <tunables/global>

/home/jtaylor/tmp/test.sh {
  #include <abstractions/base>
  #include <abstractions/bash>

  /usr/bin/gedit rPUx,

}

put something else than gedit in /home/jtaylor/tmp/test.sh and run logprof and it will break the profile.

apparmor version: 2.7.102-0ubuntu3 in 12.04

Julian Taylor (jtaylor) on 2012-04-15
description: updated
Changed in apparmor (Ubuntu):
importance: Undecided → Critical
importance: Critical → High
status: New → Triaged
assignee: nobody → Steve Beattie (sbeattie)
tags: added: rls-p-tracking
Changed in apparmor (Ubuntu Precise):
milestone: none → precise-updates
Steve Beattie (sbeattie) wrote :

Thanks, I've reproduced the issue and am trying to track down where things are going wrong.

Changed in apparmor (Ubuntu Precise):
status: Triaged → In Progress
Steve Beattie (sbeattie) wrote :

This was addressed in Ubuntu 12.10 with the 2.8.0-0ubuntu1 package. I'll include a fix for this for 12.04 LTS in an SRU.

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released

Hello Julian, or anyone else affected,

Accepted apparmor into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apparmor/2.7.102-0ubuntu3.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in apparmor (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Julian Taylor (jtaylor) wrote :

the fix is working in precise

tags: added: verification-done
removed: verification-needed
Seth Arnold (seth-arnold) wrote :

Verified apparmor-utils in proposed fixes this issue on precise.

Seth Arnold (seth-arnold) wrote :

apparmor 2.7.102-0ubuntu3.8 has been superceded by apparmor 2.7.102-0ubuntu3.9 in -proposed and needs new verification.

tags: added: verification-needed
removed: verification-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.7.102-0ubuntu3.8

---------------
apparmor (2.7.102-0ubuntu3.8) precise-proposed; urgency=low

  * 0022-aa-logprof-PUx_rewrite_fix-lp982619.patch: fix aa-logprof
    rewrite of PUx modes (LP: #982619)
  * 0023-lp1091642-parser-reset_matchflags.patch: prevent reuse of
    matchflags in parser dfa backend and add testcase demonstrating
    the problem (LP: #1091642)
  * 0024-profiles-allow_exo-open-lp987578.patch: allow exo-open to work
    within ubuntu-integration (LP: #987578)
 -- Steve Beattie <email address hidden> Thu, 24 Jan 2013 11:40:48 -0800

Changed in apparmor (Ubuntu Precise):
status: Fix Committed → Fix Released
tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers