I hit this bug after installing auditd to work around bug Bug #1399027.
Only in addition to the changes above I had to use:
line 123:
if rmask and rmask not in [ 'send', 'receive', 'send receive', 'send receive
connect','create' ]:
line 129:
if dmask and dmask not in [ 'send connect', ]:
Hopefully a better fix is in the newer branch and will be released to
Ubuntu 15.04 in a timely manner.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1243932
Title:
aa-logprof: Log contains unknown mode senw
Status in AppArmor Linux application security framework:
Fix Released
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
[Impact]
* aa-logprof does not work when dbus rule denials are present in the
logs
[Automated Test Case]
* test_lp1243932_send, test_lp1243932_receive, and test_lp1243932_bind
have been added to QRT's test-apparmor.py test script
[Manual Test Case]
* Load a profile that does not grant D-Bus access and create a D-Bus denial.
Then,
test aa-logprof.
$ echo profile lp1243932 { file, } | sudo apparmor_parser -rq
$ aa-exec -p lp1243932 -- dbus-send --print-reply --system \
--dest=org.freedesktop.DBus /org/freedesktop/DBus
org.freedesktop.DBus.ListNames
Failed to open connection to system message bus: An AppArmor policy
prevents this
sender from sending this message to this recipient, 0 matched rules;
type=method_call, sender=(null) (inactive)
interface=org.freedesktop.DBus
member=Hello error name=(unset) requested_reply=0
destination=org.freedesktop.DBus (bus)
$ aa-logprof -f /dev/null
Reading log entries from /dev/null.
Updating AppArmor profiles in /etc/apparmor.d.
An unpatched aa-logprof will print similar output followed by:
Log contains unknown mode senw.
[Regression Potential]
* The regression potential is low since aa-logprof currently refuses to work
when D-Bus
denials are present. The fix is minimal and has been reviewed by upstream.
[Original Bug Report]
since saucy aa-logprof does not work anymore:
$ aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Log contains unknown mode senw.
the issues seem to be caused by dbus send denies:
Oct 23 19:52:56 ubuntu dbus[2594]: apparmor=DENIED
operation=dbus_method_call bus=session
path=/org/freedesktop/DBus interface=org.freedesktop.DBus
member=Hello mask=send name=org.freedesktop.DBus pid=3552
profile=/usr/bin/smuxi-frontend-gnome peer_profile=unconfined
23:16 tyhicks my guess is the denial of a dbus send
23:16 tyhicks senw is awful close to send
23:17 tyhicks parse_event() in AppArmor.pm does this:
23:18 tyhicks $rmask =~ s/d/w/g;
23:18 tyhicks followed by:
23:18 tyhicks fatal_error(sprintf(gettext('Log contains unknown mode %s.'),
$rmask));
ubuntu 13.10 amd64.
apparmor-utils:
Installed: 2.8.0-0ubuntu31
Candidate: 2.8.0-0ubuntu31
Version table:
*** 2.8.0-0ubuntu31 0
500 http://de.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1243932/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp