[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Also backported to the 2.12 and 2.13 branch, will be in 2.12.2 and 2.13.2. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Done - https://gitlab.com/apparmor/apparmor/merge_requests/131 will be part of AppArmor 3.0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
For the records - I'm just working on a different implementation of "(V)iew Changes", which will also replace the workaround with a real fix :-) This will probably be in AppArmor 3.0, and will appear as merge request on gitlab this weekend. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
** Changed in: apparmor Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
** Changed in: apparmor/2.10 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
This bug was fixed in the package apparmor - 2.10.95-0ubuntu1 --- apparmor (2.10.95-0ubuntu1) xenial; urgency=medium * Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762) - Allow Apache prefork profile to chown(2) files (LP: #1210514) - Allow deluge-gtk and deluge-console to handle torrents opened in browsers (LP: #1501913) - Allow file accesses needed by some programs using libnl-3-200 (Closes: #810888) - Allow file accesses needed on systems that use NetworkManager without resolvconf (Closes: #813835) - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492) - Fix aa-logprof(8) crash when operating on files containing multiple profiles with certain rules (LP: #1528139) - Fix log parsing crashes, in the Python utilities, caused by certain file related events (LP: #1525119, LP: #1540562) - Fix log parsing crasher, in the Python utilities, caused by certain change_hat events (LP: #1523297) - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher when Python 3 is not available (LP: #1513880) - Send aa-easyprof(8) error messages to stderr instead of stdout (LP: #1521400) - Fix aa-autodep(8) failure when the shebang line of a script contained parameters (LP: #1505775) - Don't depend on the system logprof.conf when running utils/ build tests (LP: #1393979) - Fix apparmor_parser(8) bugs when parsing profiles that use policy namespaces in the profile declaration or profile transition targets (LP: #1540666, LP: #1544387) - Regression fix for apparmor_parser(8) bug that resulted in the --namespace-string commandline option being ignored causing profiles to be loaded into the root policy namespace (LP: #1526085) - Fix crasher regression in apparmor_parser(8) when the parser was asked to process a directory (LP: #1534405) - Fix bug in apparmor_parser(8) to honor the specified bind flags remount rules (LP: #1272028) - Support tarball generation for Coverity scans and fix a number of issues discovered by Coverity - Fix regression test failures on s390x systems (LP: #1531325) - Adjust expected errno values in changeprofile regression test (LP: #1559705) - The Python utils gained support for ptrace and signal rules - aa-exec(8) received a rewrite in C - apparmor_parser(8) gained support for stacking multiple profiles, as supported by the Xenial kernel (LP: #1379535) - libapparmor gained new public interfaces, aa_stack_profile(2) and aa_stack_onexec(2), allowing applications to utilize the new kernel stacking support (LP: #1379535) * Drop the following patches since they've been incorporated upstream: - aa-status-dont_require_python3-apparmor.patch - r3209-dnsmasq-allow-dash - r3227-locale-indep-capabilities-sorting.patch - r3277-update-python-abstraction.patch - r3366-networkd.patch, - tests-fix_sysctl_test.patch - parser-fix-cache-file-mtime-regression.patch - parser-verify-cache-file-mtime.patch - parser-run-caching-tests-without-apparmorfs.patch - parser-do-cleanup-when-test-was-skipped.patch - parser-allow-unspec-in-network-rules.patch * debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update for new upstream binutils directory and aa-enabled binary - Continue installing aa-exec into /usr/sbin/ for now since click-apparmor's aa-exec-click autopkgtest expects it to be there * debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man page * debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file access needed for nscd's paranoia mode * debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the regression test build time checks, for libapparmor stacking support, to look for the 2.10.95 versioning rather than 2.11 * debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch: Remove extra slash in the parser Makefile so that debugedit(8) can work on apparmor_parser(8) (LP: #1561939) * debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file rules of the new stacking tests so that the generated profiles allow the system binaries and libraries to be tested * debian/libapparmor1.symbols: update symbols file for added symbols in libapparmor -- Tyler HicksSat, 09 Apr 2016 01:35:25 -0500 ** Changed in: apparmor (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Not really - they show that you also need some exec rules - probably something like /bin/sh ix, /usr/bin/sendmail Px, Note that I guessed the directory names (only the program's filename is shown in the messages you provided), and that you'll need a separate profile for sendmail if you use Px. You'll also need to allow "/dev/null w,", but if the profile has #include , it's already included there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
So can I ignore this entries if I profiling by hand? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
The null-* subprofiles are automatically created by the kernel if a program in complain mode executes another program, and there's no execute rule (ix, Px, Cx or Ux) for that yet. There should be a line with operation="exec" some lines above the lines you pasted that show what exactly gets executed, but the comm= part can also give you a hint. In your examples, something in your DEFAULT_URI hat executes sh and sendmail, and both want to write something to /dev/null. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
I have question: In logs I see entries like apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/apache2//DEFAULT_URI//null-d5c" name="/dev/null" comm="sh" requested_mask="w" denied_mask="w" fsuid=33 ouid=0 or apparmor="ALLOWED" operation="file_inherit" profile="/usr/sbin/apache2//DEFAULT_URI//null-d5c//null-d5d" name="/dev/null" comm="sendmail" requested_mask="w" denied_mask="w" fsuid=33 ouid=0 but there is no such profile like /usr/sbin/apache2//DEFAULT_URI//null-d5c. Why this subprofiles (I don't know how to name this) appears in logs? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Workaround patch commited to trunk r 3380 and 2.10 branch r3317 - a failing serialize_profile_from_old_profile() (which will only happen if a file contains multiple profiles, so it's hopefully a corner case) will now print an error message that recommends the clean diff instead of crashing. ** Changed in: apparmor Status: New => Fix Committed ** Changed in: apparmor Assignee: (unassigned) => Christian Boltz (cboltz) ** Changed in: apparmor Milestone: None => 2.11 ** Changed in: apparmor/2.10 Status: New => Fix Committed ** Changed in: apparmor/2.10 Assignee: (unassigned) => Christian Boltz (cboltz) ** Changed in: apparmor/2.10 Milestone: None => 2.10.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
** Branch linked: lp:apparmor ** Branch linked: lp:apparmor/2.10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Weird, I downloaded via bzr branch lp:apparmor command. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
I patched aa-.py (trunk version) but aa-logprof still crashes. python3 ./aa-logprof -f /var/log/kern.log Reading log entries from /var/log/kern.log. Updating AppArmor profiles in /etc/apparmor.d. Traceback (most recent call last): File "./aa-logprof", line 50, in apparmor.do_logprof_pass(logmark) File "/usr/local/apparmor/utils/apparmor/aa.py", line 2176, in do_logprof_pass log = log_reader.read_log(logmark) File "/usr/local/apparmor/utils/apparmor/logparser.py", line 371, in read_log self.add_event_to_tree(event) File "/usr/local/apparmor/utils/apparmor/logparser.py", line 184, in add_event_to_tree e = self.parse_event_for_tree(e) File "/usr/local/apparmor/utils/apparmor/logparser.py", line 276, in parse_event_for_tree rmask = rmask.replace('c', 'a') AttributeError: 'NoneType' object has no attribute 'replace' An unexpected error occoured! For details, see /tmp/apparmor-bugreport-tlzb_vya.txt Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Hmm, this looks like you don't have the latest trunk checkout - this is bug 1525119 which is fixed since 2015-12-12. Another detail confirms that you have an outdated checkout: rmask = rmask.replace('c', 'a') We changed 'a' to 'w' a month ago ;-) (see bzr log -r3279 for background info) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Depends on the exact traceback ;-) - I can only say that bzr trunk didn't crash anymore after applying the fix from comment 7. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
ok, I will do new bug report. But what about aa-logprof crashes from comment #12? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
I'm already downloaded branch version of apparmor and it's still doesn't see DENIED messages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Which messages exactly? (Please open a new bug for it, because that's totally unrelated to the crash reported here.) (It can't be something with a strange log format, because aa-logprof understands your log in general.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
I patched aa.py file with standard Ubuntu version (2.10) but error still occurs. sudo aa-logprof -f /var/log/kern.log Reading log entries from /var/log/kern.log. Updating AppArmor profiles in /etc/apparmor.d. Traceback (most recent call last): File "/usr/sbin/aa-logprof", line 50, in apparmor.do_logprof_pass(logmark) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2176, in do_logprof_pass log = log_reader.read_log(logmark) File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 358, in read_log self.add_event_to_tree(event) File "/usr/lib/python3/dist-packages/apparmor/logparser.py", line 263, in add_event_to_tree rmask = rmask.replace('c', 'a') AttributeError: 'NoneType' object has no attribute 'replace' An unexpected error occoured! For details, see /tmp/apparmor-bugreport-s93jfr8t.txt Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ and attach this file. I send you kern.log file on email. I noticed that sometimes aa-logprof doesn't see denied messages in logfile. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
I don't have that /usr/lib/NetworkManager/nm-dhcp-client.action file and I dont have profile for it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
I found it. After split file on two different profiles aa-logprof still crashes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Comment 9 is a different bug, see https://launchpad.net/bugs/1525119 (already fixed in bzr). Since logparser.py got quite some fixes since the 2.10 release, try replacing your logparser.py with http://bazaar.launchpad.net/~apparmor- dev/apparmor/2.10/view/head:/utils/apparmor/logparser.py (I can't guarantee it's compatible with 2.10.0, but it should be) For the /usr/lib/NetworkManager/nm-dhcp-client.action profile - it hides in your /etc/apparmor.d/sbin.dhclient ;-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
Nice, launchpad killed the whitespace in the patch. See https://lists.ubuntu.com/archives/apparmor/2015-December/009025.html for a usable version ;-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
So I have good and bad news. Let me start with the bad news: profile_data / write_prof_data (in serialize_profile_from_old_profile()) contain only one profile with its hats. This will explode if a file contains multiple profiles, as reported in this bug. Fixing this needs lots of write_prof_data[hat] -> write_prof_data[profile][hat] changes (and of course also a change in the calling code) or, better option, a full rewrite of serialize_profile_from_old_profile(). Unfortunately I don't have the time to do the rewrite at the moment (I have other things on my TODO list), and doing the write_prof_data[hat] -> write_prof_data[profile][hat] is something that might introduce more breakage, so I'm not too keen to do that. The good news - at least I have a way to avoid the crash ;-) I'll wrap the serialize_profile_from_old_profile() in try/except. If it fails, the diff will include an error message and recommend to use 'View Changes b/w (C)lean profiles' instead, which is known to work even with the testcase in this bug. === modified file ./utils/apparmor/aa.py --- utils/apparmor/aa.py2015-12-21 00:13:57.215799543 +0100 +++ utils/apparmor/aa.py2015-12-21 23:55:01.858211661 +0100 @@ -2368,7 +2368,12 @@ oldprofile = aa[which][which]['filename'] else: oldprofile = get_profile_filename(which) -newprofile = serialize_profile_from_old_profile(aa[which], which, '') + +try: +newprofile = serialize_profile_from_old_profile(aa[which], which, '') +except AttributeError: +# see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528139 +newprofile = "###\n###\n### Internal error while generating diff, please use '%s' instead\n###\n###\n" % _('View Changes b/w (C)lean profiles') display_changes_with_comments(oldprofile, newprofile) Sorry that this isn't a perfect solution, but I'm not too keen to spent lots of time on a function that needs to be rewritten anyway. For the records: this bug causes a crash in 2.10 and bzr trunk. 2.9.x "only" displays a wrong diff. ** Also affects: apparmor Importance: Undecided Status: New ** Also affects: apparmor/2.10 Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528139] Re: serialize_profile_from_old_profile() crash if file contains multiple profiles
** Summary changed: - aa-logprof crash again + serialize_profile_from_old_profile() crash if file contains multiple profiles -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528139 Title: serialize_profile_from_old_profile() crash if file contains multiple profiles To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528139/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs