However if I just run the code from the apparmor apport hook on that
system then it doesn't reproduce:
root@sec-noble-amd64:/usr/share/apport/package-hooks# python3
Python 3.12.3 (main, Sep 11 2024, 14:17:37) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import source_apparmor
/usr/share/apport/package-hooks/source_apparmor.py:61: SyntaxWarning: invalid
escape sequence '\('
sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE)
>>> import re
>>> source_apparmor.recent_kernlog(re.compile('audit\(|apparmor|selinux|security',
>>> re.IGNORECASE))
<stdin>:1: SyntaxWarning: invalid escape sequence '\('
'2024-12-05T03:41:19.462683+00:00 sec-noble-amd64 kernel: audit: type=1400
audit(1733370079.461:132): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="/usr/lib/snapd/snap-confine" pid=923
comm="apparmor_parser"\n2024-12-05T03:41:19.464668+00:00 sec-noble-amd64
kernel: audit: type=1400 audit(1733370079.463:133): apparmor="STATUS"
operation="profile_replace" profile="unconfined"
name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=923
comm="apparmor_parser"\n2024-12-05T03:43:09.680677+00:00 sec-noble-amd64
kernel: audit: type=1400 audit(1733370189.678:134): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="/usr/sbin/mysqld" pid=2006
comm="apparmor_parser"\n'
Somehow this is the fault of the source_mysql-8.0.py script though as
(conveniently) it contains a __main__ which allows it to be run, and if
we do that we can reproduce it:
root@sec-noble-amd64:/usr/share/apport/package-hooks# python3
source_mysql-8.0.py
Logs.var.log.daemon.log:
Logs.var.log.mysql.error.log: 2024-12-05T03:42:34.690011Z 0 [System]
[MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.40-0ubuntu0.24.04.1)
initializing of server in progress as process 1842
KernLog: apparmor
ProcVersionSignature: Ubuntu 6.8.0-47.47-generic 6.8.12
ProcCmdline: BOOT_IMAGE=/vmlinuz-6.8.0-47-generic
root=UUID=15a6fbdd-2b57-4890-803d-c6a103a6a00f ro console=tty1 console=ttyS0
.etc.apparmor.d.usr.sbin.mysqld: # vim:syntax=apparmor
MySQLConf.etc.mysql.my.cnf: my.cnf links to /etc/mysql/mysql.cnf
MySQLConf.etc.mysql.mysql.cnf: #
MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql]
MySQLConf.etc.mysql.conf.d.mysqldump.cnf: [mysqldump]
MySQLConf.etc.mysql.mysql.conf.d.mysqld.cnf: #
MySQLConf.etc.mysql.mysql.conf.d.mysql.cnf: #
MySQLVarLibDirListing: ['#ib_16384_1.dblwr', 'binlog.000003', 'mysql.ibd',
'binlog.index', '#ib_16384_0.dblwr', 'server-key.pem', 'binlog.000001', 'sys',
'#innodb_temp', 'public_key.pem', 'mysql', 'ca.pem', '#innodb_redo',
'server-cert.pem', 'undo_002', 'ibdata1', 'undo_001', 'ca-key.pem',
'binlog.000002', 'performance_schema', 'private_key.pem', 'ib_buffer_pool',
'debian-5.7.flag', 'client-key.pem', 'auto.cnf', 'sec-noble-amd64.pid',
'ibtmp1', 'client-cert.pem']
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2090887
Title:
apport hook source_apparmor.py shows only one word per line
Status in apparmor package in Ubuntu:
New
Bug description:
As can be seen in some bugs collecting KernLog.txt, such as
https://launchpadlibrarian.net/755520804/KernLog.txt from LP:
#2085412, or https://launchpadlibrarian.net/748024373/KernLog.txt from
LP: #2079912, only one word of each line is being shown:
Security
AppArmor
AppArmor
audit(
AppArmor
AppArmor
AppArmor
AppArmor
security
selinux
security
security
security
security
security
apparmor
I haven't reproduced this behavior myself locally, so wonder if the
reporters' kern.log files are odd, but I've seen this in several bug
reports. I thought it might be the stringify() routine but running
the apport hook manually on my own system, it works fine. Looking
through the source_apparmor.py file I notice the words are ones
matching the regular expression:
sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE)
report['KernLog'] = recent_kernlog(sec_re)
That can't be a coincidence. However, I don't see how the code would
produce this behavior, so no idea how to fix it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2090887/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
