[apparmor] Two logprof backtraces

Christian Boltz apparmor at cboltz.de
Sun Aug 17 00:11:58 UTC 2014 

Hello,

while using aa-logprof (from latest bzr), I managed to crash it with two 
totally different backtraces:

1)

# python3 aa-logprof
Protokolleinträge von /var/log/audit/audit.log werden eingelesen.
AppArmor-Profile in /etc/apparmor.d werden aktualisiert.
Traceback (most recent call last):
  File "aa-logprof", line 52, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 2275, in do_logprof_pass
    handle_children('', '', root)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 1243, in handle_children
    parent_uses_ld_xxx = check_for_LD_XXX(profile)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 126, in check_for_LD_XXX
    for line in f_in:
  File "/usr/lib64/python3.4/codecs.py", line 704, in __next__
    return next(self.reader)
  File "/usr/lib64/python3.4/codecs.py", line 635, in __next__
    line = self.readline()
  File "/usr/lib64/python3.4/codecs.py", line 548, in readline
    data = self.read(readsize, firstline=True)
  File "/usr/lib64/python3.4/codecs.py", line 494, in read
    newchars, decodedbytes = self.decode(data, self.errors)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xf8 in position 40: ordinal not in range(128)


This is caused by this log line:

type=AVC msg=audit(1407865079.883:215): apparmor="ALLOWED" operation="exec" profile="/usr/lib64/firefox/plugin-container" name="/usr/lib64/gstreamer-0.10/gst-plugin-scanner" pid=11832 comm="Browser" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/usr/lib64/firefox/plugin-container//null-1"

but it also seems to require my set of profiles (at least some of them).
aa-logprof doesn't crash if I run it with   -d /var/lib/empty



2) 

# python3 aa-logprof -f /var/log/audit/audit.log.1
[...]
= Changed Local Profiles =

The following local profiles were changed. Would you like to save them?

 [1 - /usr/bin/boomaga]
  2 - /usr/sbin/nscd 
(S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t
    [... pressed 'v'...]
Traceback (most recent call last):
  File "aa-logprof", line 52, in <module>
    apparmor.do_logprof_pass(logmark)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 2292, in do_logprof_pass
    save_profiles()
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 2373, in save_profiles
    newprofile = serialize_profile_from_old_profile(aa[which], which, '')
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 4217, in serialize_profile_from_old_profile
    data += write_methods[segs](write_prof_data[name], int(depth / 2))
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 3606, in write_paths
    data += write_path_rules(prof_data, depth, 'allow')
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py", line 3553, in write_path_rules
    user, other = split_mode(mode)
  File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aamode.py", line 212, in split_mode
    other = mode - user
TypeError: unsupported operand type(s) for -: 'collections.defaultdict' and 'set'


BTW: Using 'c' instead of 'v' lets me view the differences without a crash.


Regards,

Christian Boltz
-- 
... wenn man schon Spams und Viren nur unvollkommen filtern,
wie will man dann die Windoof Experten fo^Hiltern? ;-)
[Paul Foerster in suse-laptop]

More information about the AppArmor mailing list