Alban, I'd be interested in seeing what you patch to sd_load_buffer() looks like. We have just landed a patch upstream to fix the multiple write problem for 2.8, 29, and dev.
There are two things to note about profile loads that have multiple profiles in them. 1. Older kernels don't actually support it. 2. The load is treated as an atomic set. That is either all profiles within the set must load/replace successfully or none of them will -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1317545 Title: AppArmor: general protection fault: 0000 [#1] SMP Status in “linux” package in Ubuntu: Confirmed Bug description: How to reproduce it: 1. Create a concatenated cache: (it might not be a correct thing to do, but the kernel is not supposed to crash anyway) . /lib/apparmor/functions recache_profiles rm -f "${PROFILES}"/cache/.ubercache for i in "${PROFILES}"/cache/*; do cat "$i" >> "${PROFILES}"/cache/.ubercache done 2. sudo /etc/init.d/apparmor teardown 3. sudo /sbin/apparmor_parser --add -B /etc/apparmor.d/cache/.ubercache => $?=239 (EEXIST) The issue with EEXIST is how apparmor_parser uploads the binary profiles to the kernel in parser/parser_interface.c sd_load_buffer(). If /etc/apparmor.d/cache/.ubercache contains n profiles, sd_load_buffer() was performing n write() to /sys/kernel/security/apparmor/.load in this way: 1. write() with all profiles in the range [1, n] 2. write() with all profiles in the range [2, n] 3. write() with all profiles in the range [3, n] ... n. write() with the n-th profile The first write() is successful and the n-1 other write() return EEXIST because the profiles is already uploaded in the first write(). Comment near parser/parser_interface.c sd_load_buffer(): /* bleah the kernel should just loop and do multiple load, but to support * older systems we need to do this 4. sudo /sbin/apparmor_parser --replace -B /etc/apparmor.d/cache/.ubercache => segmentation fault (because of the kernel crash) 5. sudo /sbin/apparmor_parser --replace -B /etc/apparmor.d/cache/.ubercache => freeze in state "D" ProblemType: KernelOops DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-24-generic 3.13.0-24.47 ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9 Uname: Linux 3.13.0-24-generic x86_64 Annotation: Your system might become unstable now and might need to be restarted. ApportVersion: 2.13.3-0ubuntu1 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. Date: Thu May 8 15:43:47 2014 Failure: oops HibernationDevice: RESUME=UUID=ae00639c-b206-4387-b731-1a52e58547cf InstallationDate: Installed on 2014-03-21 (48 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140321) IwConfig: eth0 no wireless extensions. lo no wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: innotek GmbH VirtualBox ProcFB: 0 VESA VGA ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-24-generic root=UUID=1ec94169-4f22-4000-90d6-c14f61a59998 ro quiet splash vt.handoff=7 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RelatedPackageVersions: kerneloops-daemon 0.12+git20090217-3ubuntu6 RfKill: SourcePackage: linux Title: general protection fault: 0000 [#1] SMP UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 12/01/2006 dmi.bios.vendor: innotek GmbH dmi.bios.version: VirtualBox dmi.board.name: VirtualBox dmi.board.vendor: Oracle Corporation dmi.board.version: 1.2 dmi.chassis.type: 1 dmi.chassis.vendor: Oracle Corporation dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr: dmi.product.name: VirtualBox dmi.product.version: 1.2 dmi.sys.vendor: innotek GmbH To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1317545/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
