Verification passed for mantic-linux-laptop. I ran the AppArmor QA
Regression Tests [1] and specific prompting tests [2]. The QA Regression
Tests that failed were due to a timeout because I'm emulating in my
machine, but they pass when the timeout is increased.
georgia@sec-mantic-arm64:~$ uname -a
Linux sec-mantic-arm64 6.5.0-1007-laptop #10-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov
22 20:27:28 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
georgia@sec-mantic-arm64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root
georgia@sec-mantic-arm64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
ERROR: test_dbus (__main__.ApparmorTest.test_dbus)
Test dbus apparmor activation from dbus-tests
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/georgia/qrt-test-apparmor/./test-apparmor.py", line 719, in
test_dbus
rc, report =
testlib.cmd(['/usr/lib/dbus-1.0/installed-tests/dbus/test-apparmor-activation.sh'],
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/georgia/qrt-test-apparmor/testlib.py", line 471, in cmd
out, outerr = sp.communicate(input, timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 1209, in communicate
stdout, stderr = self._communicate(input, endtime, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 2109, in _communicate
self._check_timeout(endtime, orig_timeout, stdout, stderr)
File "/usr/lib/python3.11/subprocess.py", line 1253, in _check_timeout
raise TimeoutExpired(
subprocess.TimeoutExpired: Command
'['/usr/lib/dbus-1.0/installed-tests/dbus/test-apparmor-activation.sh']' timed
out after 5 seconds
---------------------------------------------------------------------
running attach_disconnected
Fatal Error (unix_fd_server): Unable to run test sub-executable
PASSED: aa_exec access at_secure introspect capabilities changeprofile onexec
changehat changehat_fork changehat_misc chdir clone coredump deleted e2e
environ exec exec_qual fchdir fd_inheritance fork i18n link link_subset mkdir
mmap mount mult_mount named_pipe namespaces net_raw open openat pipe pivot_root
posix_ipc ptrace pwrite query_label regex rename readdir rw socketpair swap
sd_flags setattr symlink syscall sysv_ipc tcp unix_fd_server
unix_socket_pathname unix_socket_abstract unix_socket_unnamed
unix_socket_autobind unlink userns xattrs xattrs_profile longpath nfs
dbus_eavesdrop dbus_message dbus_service dbus_unrequested_reply io_uring
aa_policy_cache exec_stack nnp stackonexec stackprofile
FAILED: attach_disconnected
make: *** [Makefile:402: alltests] Error 1
---------------------------------------------------------------------
ERROR: test_0 (__main__.TestLogprof.test_0)
test 'ping'
----------------------------------------------------------------------
Traceback (most recent call last):
File
"/tmp/testlib2jc8hiih/source/mantic/apparmor-4.0.0~alpha2/utils/test/common_test.py",
line 90, in stub_test
self._run_test(test_data, expected)
File
"/tmp/testlib2jc8hiih/source/mantic/apparmor-4.0.0~alpha2/utils/test/test-logprof.py",
line 99, in _run_test
self.process.wait(timeout=0.2)
File "/usr/lib/python3.11/subprocess.py", line 1264, in wait
return self._wait(timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 2038, in _wait
raise TimeoutExpired(self.args, timeout)
subprocess.TimeoutExpired: Command '['/usr/bin/python3', '../aa-logprof',
'--json', '--configdir', './', '-f', './logprof/ping.auditlog', '-d',
'/tmp/aa-test-tkkg1ex3/profiles', '--no-check-mountpoint']' timed out after 0.2
seconds
----------------------------------------------------------------------
Ran 62 tests in 43542.817s
FAILED (failures=3, errors=1, skipped=3)
Rerunning failing tests increasing the timeout
georgia@sec-mantic-arm64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
ApparmorTest.test_dbus
Skipping private tests
.
----------------------------------------------------------------------
Ran 1 test in 19.786s
OK
georgia@sec-mantic-arm64:~/apparmor-4.0.0~alpha2/tests/regression/apparmor$
sudo bash ./attach_disconnected.sh
georgia@sec-mantic-arm64:~/apparmor-4.0.0~alpha2/tests/regression/apparmor$
echo $?
0
georgia@sec-mantic-arm64:~/apparmor-4.0.0~alpha2/utils/test$ python3
test-logprof.py TestLogprof.test_0
.
----------------------------------------------------------------------
Ran 1 test in 12.463s
OK
[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests
** Tags removed: verification-needed-mantic-linux-laptop
** Tags added: verification-done-mantic-linux-laptop
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2040250
Title:
apparmor notification files verification
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Mantic:
Fix Committed
Bug description:
apparmor notifications on the 6.5 kernel are failing verification
between the header size and the returned size.
When strings are appended to the notification the header size should
be updated to reflect the correct size. While the size is also
directly returned as part of delivering the notification, the header
should also be update to conform to specification and allow for
verification.
If verification is enabled and the notification contains appended
strings then notifications fail verification and won't be delivered.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2040250/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
