Verification passed for mantic-linux-laptop. I ran the AppArmor QA
Regression Tests [1] and the specific prompting tests [2] which were
able to reproduce the issue before. The QA Regression Tests that failed
were due to a timeout because I'm emulating in my machine, but they pass
when the timeout is increased.
georgia@sec-mantic-arm64:~$ uname -a
Linux sec-mantic-arm64 6.5.0-1007-laptop #10-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov
22 20:27:28 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
georgia@sec-mantic-arm64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root
georgia@sec-mantic-arm64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
ERROR: test_dbus (__main__.ApparmorTest.test_dbus)
Test dbus apparmor activation from dbus-tests
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/georgia/qrt-test-apparmor/./test-apparmor.py", line 719, in
test_dbus
rc, report =
testlib.cmd(['/usr/lib/dbus-1.0/installed-tests/dbus/test-apparmor-activation.sh'],
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/georgia/qrt-test-apparmor/testlib.py", line 471, in cmd
out, outerr = sp.communicate(input, timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 1209, in communicate
stdout, stderr = self._communicate(input, endtime, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 2109, in _communicate
self._check_timeout(endtime, orig_timeout, stdout, stderr)
File "/usr/lib/python3.11/subprocess.py", line 1253, in _check_timeout
raise TimeoutExpired(
subprocess.TimeoutExpired: Command
'['/usr/lib/dbus-1.0/installed-tests/dbus/test-apparmor-activation.sh']' timed
out after 5 seconds
---------------------------------------------------------------------
running attach_disconnected
Fatal Error (unix_fd_server): Unable to run test sub-executable
PASSED: aa_exec access at_secure introspect capabilities changeprofile onexec
changehat changehat_fork changehat_misc chdir clone coredump deleted e2e
environ exec exec_qual fchdir fd_inheritance fork i18n link link_subset mkdir
mmap mount mult_mount named_pipe namespaces net_raw open openat pipe pivot_root
posix_ipc ptrace pwrite query_label regex rename readdir rw socketpair swap
sd_flags setattr symlink syscall sysv_ipc tcp unix_fd_server
unix_socket_pathname unix_socket_abstract unix_socket_unnamed
unix_socket_autobind unlink userns xattrs xattrs_profile longpath nfs
dbus_eavesdrop dbus_message dbus_service dbus_unrequested_reply io_uring
aa_policy_cache exec_stack nnp stackonexec stackprofile
FAILED: attach_disconnected
make: *** [Makefile:402: alltests] Error 1
---------------------------------------------------------------------
ERROR: test_0 (__main__.TestLogprof.test_0)
test 'ping'
----------------------------------------------------------------------
Traceback (most recent call last):
File
"/tmp/testlib2jc8hiih/source/mantic/apparmor-4.0.0~alpha2/utils/test/common_test.py",
line 90, in stub_test
self._run_test(test_data, expected)
File
"/tmp/testlib2jc8hiih/source/mantic/apparmor-4.0.0~alpha2/utils/test/test-logprof.py",
line 99, in _run_test
self.process.wait(timeout=0.2)
File "/usr/lib/python3.11/subprocess.py", line 1264, in wait
return self._wait(timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/subprocess.py", line 2038, in _wait
raise TimeoutExpired(self.args, timeout)
subprocess.TimeoutExpired: Command '['/usr/bin/python3', '../aa-logprof',
'--json', '--configdir', './', '-f', './logprof/ping.auditlog', '-d',
'/tmp/aa-test-tkkg1ex3/profiles', '--no-check-mountpoint']' timed out after 0.2
seconds
----------------------------------------------------------------------
Ran 62 tests in 43542.817s
FAILED (failures=3, errors=1, skipped=3)
Rerunning failing tests increasing the timeout
georgia@sec-mantic-arm64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
ApparmorTest.test_dbus
Skipping private tests
.
----------------------------------------------------------------------
Ran 1 test in 19.786s
OK
georgia@sec-mantic-arm64:~/apparmor-4.0.0~alpha2/tests/regression/apparmor$
sudo bash ./attach_disconnected.sh
georgia@sec-mantic-arm64:~/apparmor-4.0.0~alpha2/tests/regression/apparmor$
echo $?
0
georgia@sec-mantic-arm64:~/apparmor-4.0.0~alpha2/utils/test$ python3
test-logprof.py TestLogprof.test_0
.
----------------------------------------------------------------------
Ran 1 test in 12.463s
OK
[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests
** Tags removed: verification-needed-mantic-linux-laptop
** Tags added: verification-done-mantic-linux-laptop
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2040192
Title:
AppArmor spams kernel log with assert when auditing
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Mantic:
Fix Committed
Bug description:
A reply to a prompt request that denies all permissions requested will throw
the following warning, because the auditing code does not expect the request
field to be empty when generating the audit message.
Sep 27 22:48:14 ubuntu-mantic snapd[596]: listener.go:189: Sending access
response back to kernel: {MsgNotification:{MsgHeader:{Length:0 Version:0}
NotificationType:APPARMOR_NOTIF_RESP Signalled:0 NoCache:1 ID:2 Error:0}
Error:-13 Allow:0 Deny:4}
Sep 27 22:48:14 ubuntu-mantic kernel: ------------[ cut here ]------------
Sep 27 22:48:14 ubuntu-mantic kernel: AppArmor WARN aa_audit_file:
((!ad.request)):
Sep 27 22:48:14 ubuntu-mantic kernel: WARNING: CPU: 3 PID: 2082 at
security/apparmor/file.c:268 aa_audit_file+0x2b1/0x310
Sep 27 22:48:14 ubuntu-mantic kernel: Modules linked in: snd_seq_dummy
snd_hrtimer snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device
snd_timer snd soundcore binfmt_misc nls_iso8859_1 kvm_intel kvm irqbypass
crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic
ghash_clmulni_intel sha512_ssse3 aesni_intel virtio_gpu crypto_simd cryptd
virtio_dma_buf drm_shmem_helper 9pnet_virtio drm_kms_helper 9pnet
vmw_vsock_virtio_transport virtio_input vmw_vsock_virtio_transport_common
input_leds joydev serio_raw vsock msr parport_pc ppdev lp parport drm virtiofs
efi_pstore ip_tables x_tables autofs4 virtio_net xhci_pci ahci psmouse
net_failover libahci xhci_pci_renesas failover virtio_rng
Sep 27 22:48:14 ubuntu-mantic kernel: CPU: 3 PID: 2082 Comm: bash Not tainted
6.5.0-5-generic #5+aa4.0.0+debug5-Ubuntu
Sep 27 22:48:14 ubuntu-mantic kernel: Hardware name: QEMU Standard PC (Q35 +
ICH9, 2009)/LXD, BIOS unknown 2/2/2022
Sep 27 22:48:14 ubuntu-mantic kernel: RIP: 0010:aa_audit_file+0x2b1/0x310
Sep 27 22:48:14 ubuntu-mantic kernel: Code: 3c ff ff ff e8 80 6f a8 ff 44 8b
95 3c ff ff ff 5a 59 e9 e3 fe ff ff 48 c7 c6 98 5c 08 84 48 c7 c7 90 1a 60 84
e8 9f da 9d ff <0f> 0b 8b 85 78 ff ff ff e9 05 ff ff ff 48 89 de 4c 89 f7 e8 b7
f5
Sep 27 22:48:14 ubuntu-mantic kernel: RSP: 0018:ffffb66a82b57968 EFLAGS:
00010246
Sep 27 22:48:14 ubuntu-mantic kernel: RAX: 0000000000000000 RBX:
ffffb66a82b57b24 RCX: 0000000000000000
Sep 27 22:48:14 ubuntu-mantic kernel: RDX: 0000000000000000 RSI:
0000000000000000 RDI: 0000000000000000
Sep 27 22:48:14 ubuntu-mantic kernel: RBP: ffffb66a82b57a30 R08:
0000000000000000 R09: 0000000000000000
Sep 27 22:48:14 ubuntu-mantic kernel: R10: 0000000000000000 R11:
0000000000000000 R12: 0000000000000000
Sep 27 22:48:14 ubuntu-mantic kernel: R13: ffff8b160239d800 R14:
ffffb66a82b57970 R15: 0000000000000001
Sep 27 22:48:14 ubuntu-mantic kernel: FS: 00007f1f7d3b3380(0000)
GS:ffff8b17778c0000(0000) knlGS:0000000000000000
Sep 27 22:48:14 ubuntu-mantic kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Sep 27 22:48:14 ubuntu-mantic kernel: CR2: 000055d4482063f0 CR3:
0000000137e64000 CR4: 0000000000750ee0
Sep 27 22:48:14 ubuntu-mantic kernel: PKRU: 55555554
Sep 27 22:48:14 ubuntu-mantic kernel: Call Trace:
Sep 27 22:48:14 ubuntu-mantic kernel: <TASK>
Sep 27 22:48:14 ubuntu-mantic kernel: ? show_regs+0x6d/0x80
Sep 27 22:48:14 ubuntu-mantic kernel: ? __warn+0x89/0x160
Sep 27 22:48:14 ubuntu-mantic kernel: ? aa_audit_file+0x2b1/0x310
Sep 27 22:48:14 ubuntu-mantic kernel: ? report_bug+0x17e/0x1b0
Sep 27 22:48:14 ubuntu-mantic kernel: ? handle_bug+0x51/0xa0
Sep 27 22:48:14 ubuntu-mantic kernel: ? exc_invalid_op+0x18/0x80
Sep 27 22:48:14 ubuntu-mantic kernel: ? asm_exc_invalid_op+0x1b/0x20
Sep 27 22:48:14 ubuntu-mantic kernel: ? aa_audit_file+0x2b1/0x310
Sep 27 22:48:14 ubuntu-mantic kernel: ? aa_audit_file+0x2b1/0x310
Sep 27 22:48:14 ubuntu-mantic kernel: __aa_path_perm+0xaf/0x130
Sep 27 22:48:14 ubuntu-mantic kernel: aa_path_perm+0xf1/0x1c0
Sep 27 22:48:14 ubuntu-mantic kernel: apparmor_file_open+0x1bb/0x2e0
Sep 27 22:48:14 ubuntu-mantic kernel: security_file_open+0x2e/0x60
Sep 27 22:48:14 ubuntu-mantic kernel: do_dentry_open+0x10d/0x530
Sep 27 22:48:14 ubuntu-mantic kernel: vfs_open+0x33/0x50
Sep 27 22:48:14 ubuntu-mantic kernel: do_open+0x2ed/0x470
Sep 27 22:48:14 ubuntu-mantic kernel: ? path_init+0x59/0x3d0
Sep 27 22:48:14 ubuntu-mantic kernel: path_openat+0x135/0x2d0
Sep 27 22:48:14 ubuntu-mantic kernel: ? _raw_spin_unlock+0xe/0x40
Sep 27 22:48:14 ubuntu-mantic kernel: do_filp_open+0xaf/0x170
Sep 27 22:48:14 ubuntu-mantic kernel: do_sys_openat2+0xb3/0xe0
Sep 27 22:48:14 ubuntu-mantic kernel: __x64_sys_openat+0x55/0xa0
Sep 27 22:48:14 ubuntu-mantic kernel: do_syscall_64+0x59/0x90
Sep 27 22:48:14 ubuntu-mantic kernel: ? handle_mm_fault+0xad/0x360
Sep 27 22:48:14 ubuntu-mantic kernel: ? do_user_addr_fault+0x238/0x6b0
Sep 27 22:48:14 ubuntu-mantic kernel: ? exit_to_user_mode_prepare+0x30/0xb0
Sep 27 22:48:14 ubuntu-mantic kernel: ? irqentry_exit_to_user_mode+0x17/0x20
Sep 27 22:48:14 ubuntu-mantic kernel: ? irqentry_exit+0x43/0x50
Sep 27 22:48:14 ubuntu-mantic kernel: ? exc_page_fault+0x94/0x1b0
Sep 27 22:48:14 ubuntu-mantic kernel:
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Sep 27 22:48:14 ubuntu-mantic kernel: RIP: 0033:0x7f1f7d4cdbcc
Sep 27 22:48:14 ubuntu-mantic kernel: Code: 24 18 31 c0 41 83 e2 40 75 44 89
f0 25 00 00 41 00 3d 00 00 41 00 74 36 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01
01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 48 8b 54 24 18 64 48 2b 14 25 28 00 00
00
Sep 27 22:48:14 ubuntu-mantic kernel: RSP: 002b:00007fff2a1d1280 EFLAGS:
00000287 ORIG_RAX: 0000000000000101
Sep 27 22:48:14 ubuntu-mantic kernel: RAX: ffffffffffffffda RBX:
0000000000000000 RCX: 00007f1f7d4cdbcc
Sep 27 22:48:14 ubuntu-mantic kernel: RDX: 0000000000090800 RSI:
000055b5d4043c40 RDI: 00000000ffffff9c
Sep 27 22:48:14 ubuntu-mantic kernel: RBP: 000055b5d4043c40 R08:
0000000000090800 R09: 000055b5d4043c40
Sep 27 22:48:14 ubuntu-mantic kernel: R10: 0000000000000000 R11:
0000000000000287 R12: 000055b5d4043c20
Sep 27 22:48:14 ubuntu-mantic kernel: R13: 000055b5d34637f8 R14:
000055b5d4043c00 R15: 000055b5d40436a0
Sep 27 22:48:14 ubuntu-mantic kernel: </TASK>
Sep 27 22:48:14 ubuntu-mantic kernel: ---[ end trace 0000000000000000 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2040192/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
