[Bug 539441] Re: aa-logprof doesn't generate policy due to missing abstractions/apache2-common

Jamie Strandboge Thu, 11 Nov 2010 13:31:41 -0800

Upgraded to 2.5.1-0ubuntu0.10.10.2 and this issue is resolved.

** Description changed:


+ SRU Justification
+ 
+ 1. impact of the bug is medium for stable releases since aa-logprof is
+ rendered inoperable when apparmor-profiles is installed
+ 
+ 2. This has been addressed in the development branch
+ 
+ 3. Patch is in packaging and consists of shipping apache2-common in
+ apparmor.
+ 
+ 4. TEST CASE:
+ $ sudo apt-get remove --purge apparmor # only if downgraded first
+ $ sudo apt-get install apparmor apparmor-profiles
+ $ sudo aa-logprof
+ Can't find include file abstractions/apache2-common: No such file or directory
+ 
+ A fixed package will not have the above error.
+ 
+ 5. The regression potential of the patch is very low, as it only moves
+ apache2-common to the apparmor package.
+ 
+ 
+ Initial Report:
+ 
  Binary package hint: apparmor
  
  aa-logprof doesn't generate (or modify) policies due to missing
  abstractions/apache2-common
  
- ~# aa-logprof 
+ ~# aa-logprof
  Can't find include file abstractions/apache2-common: No such file or directory
  ~#
  
  Audit messages are present in the log file:
  
  ~# grep audit /var/log/messages | tail -n 10
  Mar 16 09:53:57 panopticon kernel: [ 2117.122866] type=1502 
audit(1268729637.896:3405):  operation="file_perm" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 
name="/etc/cups/cupsd.conf"
  Mar 16 09:53:57 panopticon kernel: [ 2117.122978] type=1502 
audit(1268729637.896:3406):  operation="open" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 
name="/etc/papersize"
  Mar 16 09:53:57 panopticon kernel: [ 2117.122989] type=1502 
audit(1268729637.896:3407):  operation="file_perm" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 
name="/etc/papersize"
  Mar 16 09:54:28 panopticon kernel: [ 2147.329908] type=1502 
audit(1268729668.105:3738):  operation="rename_src" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="rw::" denied_mask="rw::" fsuid=0 
ouid=0 name="/etc/cups/printers.conf"
  Mar 16 09:54:28 panopticon kernel: [ 2147.329916] type=1502 
audit(1268729668.105:3739):  operation="rename_dest" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="wc::" denied_mask="wc::" fsuid=0 
ouid=0 name="/etc/cups/printers.conf.O"
  Mar 16 09:54:28 panopticon kernel: [ 2147.329970] type=1502 
audit(1268729668.105:3740):  operation="mknod" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="c::" denied_mask="c::" fsuid=0 ouid=0 
name="/etc/cups/printers.conf"
  Mar 16 09:54:28 panopticon kernel: [ 2147.329987] type=1502 
audit(1268729668.105:3741):  operation="open" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="wc::" denied_mask="wc::" fsuid=0 
ouid=0 name="/etc/cups/printers.conf"
  Mar 16 09:54:28 panopticon kernel: [ 2147.330006] type=1502 
audit(1268729668.105:3742):  operation="chown" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 
name="/etc/cups/printers.conf"
  Mar 16 09:54:28 panopticon kernel: [ 2147.330021] type=1502 
audit(1268729668.105:3743):  operation="chmod" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 
name="/etc/cups/printers.conf"
  Mar 16 09:54:28 panopticon kernel: [ 2147.330062] type=1502 
audit(1268729668.105:3744):  operation="file_perm" pid=2983 parent=1 
profile="/usr/sbin/cupsd" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 
name="/etc/cups/printers.conf"
  
  ~# lsb_release  -a
  LSB Version:  
core-2.0-ia32:core-2.0-noarch:core-3.0-ia32:core-3.0-noarch:core-3.1-ia32:core-3.1-noarch:core-3.2-ia32:core-3.2-noarch:core-4.0-ia32:core-4.0-noarch
  Distributor ID:       Ubuntu
  Description:  Ubuntu lucid (development branch)
  Release:      10.04
  Codename:     lucid
  
  ~# dpkg -l |grep appar
  ii  apparmor                                   2.5-0ubuntu1                   
                            User-space parser utility for AppArmor
  ii  apparmor-profiles                          2.5-0ubuntu1                   
                            Profiles for AppArmor Security policies
  ii  apparmor-utils                             2.5-0ubuntu1                   
                            Utilities for controlling AppArmor
  ii  libapparmor-perl                           2.5-0ubuntu1                   
                            AppArmor library Perl bindings
  ii  libapparmor1                               2.5-0ubuntu1                   
                            changehat AppArmor library

-- 
aa-logprof doesn't generate policy due to missing abstractions/apache2-common
https://bugs.launchpad.net/bugs/539441
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 539441] Re: aa-logprof doesn't generate policy due to missing abstractions/apache2-common

Reply via email to