aa-status is wrong for unconfined processes

Bug #507069 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
John Johansen

Bug Description

$ sudo aa-status
apparmor module is loaded.
10 profiles are loaded.
10 profiles are in enforce mode.
   /sbin/dhclient3
   /usr/bin/evince
   /usr/bin/evince-previewer
   /usr/bin/evince-thumbnailer
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/cups/backend/cups-pdf
   /usr/sbin/cupsd
   /usr/sbin/tcpdump
   /usr/share/gdm/guest-session/Xsession
0 profiles are in complain mode.
148 processes have profiles defined.
148 processes are in enforce mode :
   /sbin/dhclient3 (2034)
   /usr/sbin/cupsd (1552)
   unconfined (1700)
   unconfined (32)
   unconfined (2613)
   unconfined (620)
   unconfined (1488)
   unconfined (18)
   unconfined (16)
   unconfined (1930)
   unconfined (44)
   unconfined (921)
   unconfined (1993)
   unconfined (1681)
   unconfined (1490)
   unconfined (919)
   unconfined (2001)
   unconfined (20)
   unconfined (1983)
   unconfined (2023)
   unconfined (1754)
   unconfined (31)
   unconfined (11)
   unconfined (1989)
   unconfined (287)
   unconfined (1966)
   unconfined (29)
   unconfined (2133)
   unconfined (15)
   unconfined (1500)
   unconfined (1400)
   unconfined (2006)
   unconfined (1199)
   unconfined (2119)
   unconfined (2)
   unconfined (17)
   unconfined (845)
   unconfined (859)
   unconfined (1274)
   unconfined (1999)
   unconfined (1995)
   unconfined (760)
   unconfined (1954)
   unconfined (895)
   unconfined (1503)
   unconfined (14)
   unconfined (1910)
   unconfined (1790)
   unconfined (49)
   unconfined (24)
   unconfined (1986)
   unconfined (1269)
   unconfined (1813)
   unconfined (1308)
   unconfined (2117)
   unconfined (2057)
   unconfined (2060)
   unconfined (1944)
   unconfined (1903)
   unconfined (1852)
   unconfined (2041)
   unconfined (23)
   unconfined (1006)
   unconfined (2058)
   unconfined (47)
   unconfined (8)
   unconfined (1992)
   unconfined (1842)
   unconfined (43)
   unconfined (1812)
   unconfined (5)
   unconfined (33)
   unconfined (1769)
   unconfined (21)
   unconfined (1957)
   unconfined (7)
   unconfined (1160)
   unconfined (1389)
   unconfined (2013)
   unconfined (1399)
   unconfined (2612)
   unconfined (1721)
   unconfined (1498)
   unconfined (2614)
   unconfined (1997)
   unconfined (2525)
   unconfined (2031)
   unconfined (1267)
   unconfined (10)
   unconfined (1805)
   unconfined (2697)
   unconfined (2039)
   unconfined (48)
   unconfined (2121)
   unconfined (1976)
   unconfined (1925)
   unconfined (1907)
   unconfined (1198)
   unconfined (1978)
   unconfined (12)
   unconfined (41)
   unconfined (1409)
   unconfined (45)
   unconfined (19)
   unconfined (2128)
   unconfined (2061)
   unconfined (910)
   unconfined (1173)
   unconfined (877)
   unconfined (1756)
   unconfined (2059)
   unconfined (1)
   unconfined (30)
   unconfined (946)
   unconfined (25)
   unconfined (1504)
   unconfined (286)
   unconfined (28)
   unconfined (2405)
   unconfined (283)
   unconfined (40)
   unconfined (618)
   unconfined (1935)
   unconfined (1917)
   unconfined (1814)
   unconfined (2065)
   unconfined (1726)
   unconfined (1975)
   unconfined (2126)
   unconfined (1906)
   unconfined (878)
   unconfined (22)
   unconfined (2014)
   unconfined (1973)
   unconfined (46)
   unconfined (13)
   unconfined (1309)
   unconfined (301)
   unconfined (6)
   unconfined (1514)
   unconfined (3)
   unconfined (213)
   unconfined (1802)
   unconfined (9)
   unconfined (1515)
   unconfined (1758)
   unconfined (4)
   unconfined (1791)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

$ ps auxww | grep ' 4 '
root 4 0.0 0.0 0 0 ? S 09:19 0:00 [ksoftirqd/0]
$ ps auxww | grep ' 1791'
root 1791 0.0 0.0 3432 1152 ? S 09:19 0:00 hald-addon-input: Listening on /dev/input/event7 /dev/input/event4 /dev/input/event1 /dev/input/event5 /dev/input/event2 /dev/input/event0

ProblemType: Bug
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21.
Architecture: i386
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: jamie 1957 F.... pulseaudio
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
 Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981B at irq 11'
   Mixer name : 'Analog Devices AD1981B'
   Components : 'AC97a:41445374'
   Controls : 26
   Simple ctrls : 18
CurrentDmesg:
 [ 29.248025] eth1: no IPv6 routers present
 [ 86.801870] lib80211_crypt: registered algorithm 'CCMP'
Date: Wed Jan 13 10:47:30 2010
DistroRelease: Ubuntu 10.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=/dev/sda1
Lsusb:
 Bus 004 Device 002: ID 0483:2016 SGS Thomson Microelectronics Fingerprint Reader
 Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: IBM 2378RRU
Package: linux-image-2.6.32-10-generic 2.6.32-10.14
PccardctlIdent:
 Socket 0:
   no product info available
 Socket 1:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
 Socket 1:
   no card
ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.32-10-generic root=UUID=0c1cec18-6655-4ef5-8c03-2009d66c50e2 ro splash quiet
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-10.14-generic
Regression: Yes
RelatedPackageVersions: linux-firmware 1.28
Reproducible: Yes
RfKill:

SourcePackage: linux
Tags: lucid needs-upstream-testing regression-potential
TestedUpstream: No
Uname: Linux 2.6.32-10-generic i686
dmi.bios.date: 06/18/2007
dmi.bios.vendor: IBM
dmi.bios.version: 1RETDRWW (3.23 )
dmi.board.name: 2378RRU
dmi.board.vendor: IBM
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: IBM
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnIBM:bvr1RETDRWW(3.23):bd06/18/2007:svnIBM:pn2378RRU:pvrThinkPadT42:rvnIBM:rn2378RRU:rvrNotAvailable:cvnIBM:ct10:cvrNotAvailable:
dmi.product.name: 2378RRU
dmi.product.version: ThinkPad T42
dmi.sys.vendor: IBM

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
importance: Undecided → High
status: New → Confirmed
summary: - aa-status is wrong for unconfined profiles
+ aa-status is wrong for unconfined processes
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-14.19

---------------
linux (2.6.32-14.19) lucid; urgency=low

  [ Andy Whitcroft ]

  * ensure we build the source package contents when enabled
    - LP: #522308
  * [Config] enable CONFIG_X86_MCE_XEON75XX
  * SAUCE: AppArmor -- add linux/kref.h for struct kref
  * [Config] enable CONFIG_HID_ORTEK
  * enable udeb generation for arm versatile flavour
    - LP: #522515

  [ John Johansen ]

  * ubuntu: AppArmor -- update to mainline 2010-02-18
    - LP: #439560, #496110, #507069

  [ Johnathon Harris ]

  * SAUCE: HID: add support for Ortek WKB-2000
    - LP: #405390

  [ Upstream Kernel Changes ]

  * tpm_tis: TPM_STS_DATA_EXPECT workaround
    - LP: #490487
  * x86, mce: Xeon75xx specific interface to get corrected memory error
    information
  * x86, mce: Rename cpu_specific_poll to mce_cpu_specific_poll
  * x86, mce: Make xeon75xx memory driver dependent on PCI
  * drm/edid: Unify detailed block parsing between base and extension
    blocks
    - LP: #500999
  * (pre-stable) eCryptfs: Add getattr function
    - LP: #390833
 -- Andy Whitcroft <email address hidden> Thu, 18 Feb 2010 19:22:02 +0000

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lucid' to 'verification-done-lucid'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-lucid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers