[Touch-packages] [Bug 1817627] Re: systemd-analyze verify reports failure
This affects each system where /tmp is *not* on tmpfs which affects a lot of cloud-built servers and effectively prevents usage of systemd- analyze verify in Ansible, Puppet etc. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1817627 Title: systemd-analyze verify reports failure Status in Ubuntu Manpage Repository: Invalid Status in systemd package in Ubuntu: Confirmed Bug description: Version 237 and 238 of systemd-analyze have a known issue: https://github.com/systemd/systemd/issues/8592 When will a fix be posted? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-manpage-repository/+bug/1817627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1243932] Re: aa-logprof: Log contains unknown mode senw
The fix I implemented in my system was to add the following check to /usr/lib/python2.7/dist-packages/apparmor/logparser.py, in lines 124: if rmask and rmask not in [ 'send', 'receive', 'send receive' ]: Originally it was: if rmask: The same in line 130 for dmask. This file comes from python-apparmor package 2.9.2~2886-0ubuntu0.14.04.41 installed from the PPA. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1243932 Title: aa-logprof: Log contains unknown mode senw Status in AppArmor Linux application security framework: Confirmed Status in apparmor package in Ubuntu: Fix Released Bug description: [Impact] * aa-logprof does not work when dbus rule denials are present in the logs [Automated Test Case] * test_lp1243932_send, test_lp1243932_receive, and test_lp1243932_bind have been added to QRT's test-apparmor.py test script [Manual Test Case] * Load a profile that does not grant D-Bus access and create a D-Bus denial. Then, test aa-logprof. $ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq $ aa-exec -p lp1243932 -- dbus-send --print-reply --system \ --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames Failed to open connection to "system" message bus: An AppArmor policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus) $ aa-logprof -f /dev/null Reading log entries from /dev/null. Updating AppArmor profiles in /etc/apparmor.d. An unpatched aa-logprof will print similar output followed by: Log contains unknown mode senw. [Regression Potential] * The regression potential is low since aa-logprof currently refuses to work when D-Bus denials are present. The fix is minimal and has been reviewed by upstream. [Original Bug Report] since saucy aa-logprof does not work anymore: $ aa-logprof Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Log contains unknown mode senw. the issues seem to be caused by dbus send denies: Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined" 23:16 my guess is the denial of a dbus send 23:16 senw is awful close to send 23:17 parse_event() in AppArmor.pm does this: 23:18 $rmask =~ s/d/w/g; 23:18 followed by: 23:18 fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask)); ubuntu 13.10 amd64. apparmor-utils: Installed: 2.8.0-0ubuntu31 Candidate: 2.8.0-0ubuntu31 Version table: *** 2.8.0-0ubuntu31 0 500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1243932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1243932] Re: aa-logprof: Log contains unknown mode senw
I have the 2.9 package but this bug still seems to affect me: ii apparmor-utils 2.9.2~2880-0ubun amd64Utilities for controlling AppArmor # aa-logprof Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Traceback (most recent call last): File "/usr/sbin/aa-logprof", line 54, in apparmor.do_logprof_pass(logmark) File "/usr/lib/python2.7/dist-packages/apparmor/aa.py", line 2279, in do_logprof_pass log = log_reader.read_log(logmark) File "/usr/lib/python2.7/dist-packages/apparmor/logparser.py", line 349, in read_log event = self.parse_log_record(line) File "/usr/lib/python2.7/dist-packages/apparmor/logparser.py", line 88, in parse_log_record record_event = self.parse_event(record) File "/usr/lib/python2.7/dist-packages/apparmor/logparser.py", line 128, in parse_event raise AppArmorException(_('Log contains unknown mode %s') % rmask) apparmor.common.AppArmorException: 'Log contains unknown mode senw' -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1243932 Title: aa-logprof: Log contains unknown mode senw Status in AppArmor Linux application security framework: Fix Released Status in apparmor package in Ubuntu: Fix Released Bug description: [Impact] * aa-logprof does not work when dbus rule denials are present in the logs [Automated Test Case] * test_lp1243932_send, test_lp1243932_receive, and test_lp1243932_bind have been added to QRT's test-apparmor.py test script [Manual Test Case] * Load a profile that does not grant D-Bus access and create a D-Bus denial. Then, test aa-logprof. $ echo "profile lp1243932 { file, }" | sudo apparmor_parser -rq $ aa-exec -p lp1243932 -- dbus-send --print-reply --system \ --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames Failed to open connection to "system" message bus: An AppArmor policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus) $ aa-logprof -f /dev/null Reading log entries from /dev/null. Updating AppArmor profiles in /etc/apparmor.d. An unpatched aa-logprof will print similar output followed by: Log contains unknown mode senw. [Regression Potential] * The regression potential is low since aa-logprof currently refuses to work when D-Bus denials are present. The fix is minimal and has been reviewed by upstream. [Original Bug Report] since saucy aa-logprof does not work anymore: $ aa-logprof Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Log contains unknown mode senw. the issues seem to be caused by dbus send denies: Oct 23 19:52:56 ubuntu dbus[2594]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=3552 profile="/usr/bin/smuxi-frontend-gnome" peer_profile="unconfined" 23:16 my guess is the denial of a dbus send 23:16 senw is awful close to send 23:17 parse_event() in AppArmor.pm does this: 23:18 $rmask =~ s/d/w/g; 23:18 followed by: 23:18 fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $rmask)); ubuntu 13.10 amd64. apparmor-utils: Installed: 2.8.0-0ubuntu31 Candidate: 2.8.0-0ubuntu31 Version table: *** 2.8.0-0ubuntu31 0 500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1243932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp