[Bug 2090887] Re: apport hook source_apparmor.py shows only one word per line

Wed, 04 Dec 2024 21:05:48 -0800 

And if we add the same snippet to source_apparmor.py so we can run it
directly then we also don't reproduce this:

root@sec-noble-amd64:/usr/share/apport/package-hooks# tail
source_apparmor.py  -n6

if __name__ == '__main__':
    report = {}
    add_info(report, None)
    for key in report:
        print('%s: %s' % (key, report[key].split('\n', 1)[0]))
root@sec-noble-amd64:/usr/share/apport/package-hooks# python3 
source_apparmor.py 
/usr/share/apport/package-hooks/source_apparmor.py:61: SyntaxWarning: invalid 
escape sequence '\('
  sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE)
ProcVersionSignature: Ubuntu 6.8.0-47.47-generic 6.8.12
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.8.0-47-generic 
root=UUID=15a6fbdd-2b57-4890-803d-c6a103a6a00f ro console=tty1 console=ttyS0
KernLog: 2024-12-05T03:41:19.462683+00:00 sec-noble-amd64 kernel: audit: 
type=1400 audit(1733370079.461:132): apparmor="STATUS" 
operation="profile_replace" profile="unconfined" 
name="/usr/lib/snapd/snap-confine" pid=923 comm="apparmor_parser"
Syslog: 
ApparmorPackages: apparmor 4.0.1really4.0.1-0ubuntu0.24.04.3
ApparmorStatusOutput: apparmor module is loaded.
PstreeP: systemd(1)-+-ModemManager(7969)-+-{ModemManager}(7973)


But actually it is not a bug in apparmor - it is in apport itself - it has its 
own version of the AppArmor log capturing bits in hookutils.py in 
attach_mac_events() - the same regex is used there BUT it is used with 
re.findall() which only returns the matching part of the regex - so these regex 
patterns need to be updated to capture the rest of the line - something like:

    mac_regex = r"^audit\(.*|apparmor.*|selinux.*|security.*"
    mac_re = re.compile(mac_regex, re.IGNORECASE)
    aa_regex = 'apparmor="DENIED".+?profile=([^ ]+?)[ ].*'

Should hopefully dtrt.

So I think this is bug is actually in the mysql-8.0 not apparmor (but am
not sure exactly how it is occurring as I am not that familiar with the
apport hook mechanism etc)

** Package changed: apparmor (Ubuntu) => apport (Ubuntu)

** Summary changed:

- apport hook source_apparmor.py shows only one word per line
+ apport hookutils.py only captures first word per line for KernLog

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2090887

Title:
  apport hookutils.py only captures first word per line for KernLog

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/2090887/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to