hat loading is funky in karmic

Bug #408473 reported by Marc Deslauriers on 2009-08-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Linux
Invalid
Undecided
Unassigned
linux (Ubuntu)
Medium
John Johansen

Bug Description

Binary package hint: apparmor

Loading hats hits some unexpected behaviour:

1- Loading a profile with three hats only shows the last hat loaded in aa-status
2- Loading a hat from an included file doesn't show the hat in the kernel messages, but only shows that hat in aa-status. Trying to stop apparmor after hangs in a loop with:

"[ 795.887984] type=1505 audit(1249316593.001:3654110): operation="profile_remove" info="failed: profile does not exist" pid=3084 name=/usr/lib/apache2/mpm-prefork/apache2//phpsysinfo namespace=default"

The included tarball contains the apparmor profiles.

Marc Deslauriers (mdeslaur) wrote :
Marc Deslauriers (mdeslaur) wrote :

This bug is a blocker for my spec:

https://wiki.ubuntu.com/SecurityTeam/Specifications/ApacheAppArmorSpec

This bug seems to be fixed by John Johansen's test kernel (/home/jj/linux-image-2.6.31-6-generic_2.6.31-6.26_amd64.deb).

Changed in apparmor (Ubuntu):
status: New → In Progress
Changed in linux:
status: New → In Progress
affects: apparmor (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
importance: Undecided → Medium
tags: added: regression-potential
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.31-10.30

---------------
linux (2.6.31-10.30) karmic; urgency=low

  [ Amit Kucheria ]

  * [Config] Enable CONFIG_USB_DEVICEFS
    - LP: #417748
  * [Config] Populate the config-update template a bit more

  [ Andy Whitcroft ]

  * rebase to v2.6.31-rc9
  * [Config] update configs following rebase to v2.6.31-rc9
  * [Config] update ports configs following rebase to v2.6.31-rc9

  [ Colin Ian King ]

  * SAUCE: wireless: hostap, fix oops due to early probing interrupt
    - LP: #254837

  [ Jerone Young ]

  * [Upstream] ACPI: Add Thinkpad T400 & Thinkpad T500 to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad X200, X200s, X200t to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad X300 & Thinkpad X301 to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad R400 & Thinkpad R500 to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad W500, W700, & W700ds to OSI(Linux)
    white-list
    - LP: #281732

  [ John Johansen ]

  * SAUCE: AppArmor: Fix profile attachment for regexp based profile names
    - LP: #419308
  * SAUCE: AppArmor: Return the correct error codes on profile
    addition/removal
    - LP: #408473
  * SAUCE: AppArmor: Fix OOPS in profile listing, and display full list
    - LP: #408454
  * SAUCE: AppArmor: Fix mapping of pux to new internal permission format
    - LP: #419222
  * SAUCE: AppArmor: Fix change_profile failure
    - LP: #401931
  * SAUCE: AppArmor: Tell git to ignore generated include files
    - LP: #419505

  [ Stefan Bader ]

  * [Upstream] acpi: video: Loosen strictness of video bus detection code
    - LP: #333386
  * SAUCE: Remove ov511 driver from ubuntu subdirectory

  [ Tim Gardner ]

  * [Config] Exclude char-modules from non-x86 udeb creation
  * SAUCE: Notify the ACPI call chain of AC events
  * [Config] CONFIG_SATA_VIA=m
    - LP: #403385
  * [Config] Build in all phylib support modules.
  * [Config] Don't fail when sub-flavour files are missing
    - LP: #423426
  * [Config] Set CONFIG_LSM_MMAP_MIN_ADDR=0
    - LP: #423513

  [ Upstream ]

  * Rebased against v2.6.31-rc9

 -- Andy Whitcroft <email address hidden> Mon, 07 Sep 2009 11:33:45 +0100

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Changed in linux:
status: In Progress → Fix Released
status: Fix Released → In Progress
Changed in linux:
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers