Public bug reported:
On my artful system running 4.13.0-36-generic I noticed that there are
dangling symlinks for "raw_data", "raw_sha1" and "raw_abi" files in the
sysfs path containing loaded apparmor profiles.
Sample of profiles that had dangling symlinks:
/sys/kernel/security/apparmor/policy/profiles/snap.core.hook.configure.35/raw_data
/sys/kernel/security/apparmor/policy/profiles/snap.core.hook.configure.35/raw_abi
/sys/kernel/security/apparmor/policy/profiles/snap.core.hook.configure.35/raw_sha1
The following command can be used to find such files:
find /sys/kernel/security/apparmor/policy/profiles -type l -exec sh -c
"file -b {} | grep -q ^broken" \; -print
It seems that neither xenial (4.4 kernel) nor bionic (4.15 kernel) is
affected though I didn't perform an extensive investigation.
I'm reporting this because according to the apaprmor developer it seems
"racy" and should not happen.
<jjohansen> zyga-ubuntu: no, there shouldn't be a way to remove profiles wrong,
there is the potential for a race of sorts because the symlink doesn't have the
same hard reference, but that isn't something you should be seeing
<jjohansen> zyga-ubuntu: the raw_data file should not be going away as long as
that profile directory exists
It is likely that this problem occurs when snapd generates profiles for
refreshed snaps or removes profiles for removed snaps but I was not able
to determine that yet.
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: linux-image-4.13.0-36-generic 4.13.0-36.40
ProcVersionSignature: Ubuntu 4.13.0-36.40-generic 4.13.13
Uname: Linux 4.13.0-36-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: zyga 2431 F.... pulseaudio
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 13 19:04:50 2018
InstallationDate: Installed on 2018-02-02 (39 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20180105.1)
MachineType: VMware, Inc. VMware Virtual Platform
ProcFB: 0 svgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.13.0-36-generic
root=UUID=7e995ac2-1858-40bd-8f15-1f291f0c365e ro find_preseed=/preseed.cfg
auto noprompt priority=critical locale=en_US quiet
RelatedPackageVersions:
linux-restricted-modules-4.13.0-36-generic N/A
linux-backports-modules-4.13.0-36-generic N/A
linux-firmware 1.169.3
RfKill:
0: hci0: Bluetooth
Soft blocked: no
Hard blocked: no
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/19/2017
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.version: N/A
dmi.modalias:
dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd05/19/2017:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A:
dmi.product.name: VMware Virtual Platform
dmi.product.version: None
dmi.sys.vendor: VMware, Inc.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug artful
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755563
Title:
dangling symlinks to loaded apparmor policy
Status in linux package in Ubuntu:
New
Bug description:
On my artful system running 4.13.0-36-generic I noticed that there are
dangling symlinks for "raw_data", "raw_sha1" and "raw_abi" files in
the sysfs path containing loaded apparmor profiles.
Sample of profiles that had dangling symlinks:
/sys/kernel/security/apparmor/policy/profiles/snap.core.hook.configure.35/raw_data
/sys/kernel/security/apparmor/policy/profiles/snap.core.hook.configure.35/raw_abi
/sys/kernel/security/apparmor/policy/profiles/snap.core.hook.configure.35/raw_sha1
The following command can be used to find such files:
find /sys/kernel/security/apparmor/policy/profiles -type l -exec sh -c
"file -b {} | grep -q ^broken" \; -print
It seems that neither xenial (4.4 kernel) nor bionic (4.15 kernel) is
affected though I didn't perform an extensive investigation.
I'm reporting this because according to the apaprmor developer it
seems "racy" and should not happen.
<jjohansen> zyga-ubuntu: no, there shouldn't be a way to remove profiles
wrong, there is the potential for a race of sorts because the symlink doesn't
have the same hard reference, but that isn't something you should be seeing
<jjohansen> zyga-ubuntu: the raw_data file should not be going away as long
as that profile directory exists
It is likely that this problem occurs when snapd generates profiles
for refreshed snaps or removes profiles for removed snaps but I was
not able to determine that yet.
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: linux-image-4.13.0-36-generic 4.13.0-36.40
ProcVersionSignature: Ubuntu 4.13.0-36.40-generic 4.13.13
Uname: Linux 4.13.0-36-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: zyga 2431 F.... pulseaudio
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 13 19:04:50 2018
InstallationDate: Installed on 2018-02-02 (39 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20180105.1)
MachineType: VMware, Inc. VMware Virtual Platform
ProcFB: 0 svgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.13.0-36-generic
root=UUID=7e995ac2-1858-40bd-8f15-1f291f0c365e ro find_preseed=/preseed.cfg
auto noprompt priority=critical locale=en_US quiet
RelatedPackageVersions:
linux-restricted-modules-4.13.0-36-generic N/A
linux-backports-modules-4.13.0-36-generic N/A
linux-firmware 1.169.3
RfKill:
0: hci0: Bluetooth
Soft blocked: no
Hard blocked: no
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/19/2017
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.version: N/A
dmi.modalias:
dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd05/19/2017:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A:
dmi.product.name: VMware Virtual Platform
dmi.product.version: None
dmi.sys.vendor: VMware, Inc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755563/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
