[apparmor] [patch] aa-genprof: fix byte vs. string and wrong filename

Christian Boltz apparmor at cboltz.de
Mon May 19 00:17:49 UTC 2014 

Hello,

aa-genprof crashes instantly after creating the basic profile in 
/etc/apparmor.d and before asking any questions:

# LANG=C python3 ~cb/apparmor/HEAD-CLEAN/utils/aa-genprof  /bin/true
[...]
For each AppArmor event, you will be given the 
opportunity to choose whether the access should be 
allowed or denied.
Traceback (most recent call last):
  File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-genprof", line 141, in <module>
    logmark = last_audit_entry_time()
  File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-genprof", line 44, in last_audit_entry_time
    if re.search('^.*msg\=audit\((\d+\.\d+\:\d+).*\).*$', out):
  File "/usr/lib64/python3.4/re.py", line 166, in search
    return _compile(pattern, flags).search(string)
TypeError: can't use a string pattern on a bytes-like object


Besides that, I noticed that aa-genprof is using hardcoded 
/var/log/audit/audit.log in last_audit_entry_time().


This patch fixes those issues in aa-genprof's last_audit_entry_time():
- convert "tail" result from byte to string to avoid TypeError
- use apparmor.filename instead of hardcoded /var/log/audit/audit.log

Note: I'm using python 3.4.0 - maybe there's a nice[tm] change in this 
version... 
(I didn't test with older python versions.)


BTW: there's another hardcoded /var/log/audit.log in aa-genprof:

if os.path.exists('/var/log/audit/audit.log'):                                                                                                               
    syslog = False

Does this also need a change to honor the -f parameter?


That all said, here's the patch:

=== modified file 'utils/aa-genprof'
--- utils/aa-genprof    2014-03-19 23:10:13 +0000
+++ utils/aa-genprof    2014-05-19 00:10:18 +0000
@@ -39,8 +39,9 @@
         f_out.write(str(value))
 
 def last_audit_entry_time():
-    out = subprocess.check_output(['tail', '-1', '/var/log/audit/audit.log'])
+    out = subprocess.check_output(['tail', '-1', apparmor.filename])
     logmark = None
+    out = out.decode('ascii')
     if re.search('^.*msg\=audit\((\d+\.\d+\:\d+).*\).*$', out):
         logmark = re.search('^.*msg\=audit\((\d+\.\d+\:\d+).*\).*$', out).groups()[0]
     else:



Regards,

Christian Boltz
-- 
I'm root - if you see me laughing you better have a backup!

More information about the AppArmor mailing list