[apparmor] [patch] fix "Invalid mode found: /usr/lib64/firefox/firefox.sh"

Christian Boltz apparmor at cboltz.de
Sun Oct 12 18:31:42 UTC 2014 

Hello,

you probably heard of Stallmanu's strange crash with
    Invalid mode found: /usr/lib64/firefox/firefox.sh
on IRC.

After several hours of debugging and flooding paste.opensuse.org ;-) 
I finally found the reason - reading(!) from log_dict with a wrong 
parameter caused the creation of that strange mode in log_dict.keys().

While finding that bug was very hard, the fix is easy - just replace 
"profile" with "aamode". (That probably makes one char per hour of 
debugging...)

To improve that ratio, also add a warning to common.py so that this 
interesting[tm] behaviour of hasher() is at least documented.

=== modified file 'utils/apparmor/aa.py'
--- utils/apparmor/aa.py        2014-10-11 21:30:46 +0000
+++ utils/apparmor/aa.py        2014-10-12 18:00:20 +0000
@@ -1938,7 +1938,7 @@
                 #
                 for family in sorted(log_dict[aamode][profile][hat]['netdomain'].keys()):
                     # severity handling for net toggles goes here
-                    for sock_type in sorted(log_dict[profile][profile][hat]['netdomain'][family].keys()):
+                    for sock_type in sorted(log_dict[aamode][profile][hat]['netdomain'][family].keys()):
                         if profile_known_network(aa[profile][hat], family, sock_type):
                             continue
                         default_option = 1
=== modified file 'utils/apparmor/common.py'
--- utils/apparmor/common.py    2014-10-10 18:35:32 +0000
+++ utils/apparmor/common.py    2014-10-12 18:01:40 +0000
@@ -200,6 +200,8 @@
 def hasher():
     '''A neat alternative to perl's hash reference'''
     # Creates a dictionary for any depth and returns empty dictionary otherwise
+    # WARNING: when reading non-existing sub-dicts, empty dicts will be added.
+    #          This might cause strange effects when using .keys()
     return collections.defaultdict(hasher)
 
 def convert_regexp(regexp):





Regards,

Christian Boltz
-- 
hey, that's *the cool thing* about software engineering - it's all 
like a puzzle. And if you ask 10 people about it, then you may get 
11 different answers. ;-) [Bernhard Voelker in opensuse-packaging]

More information about the AppArmor mailing list