Public bug reported:
Trusty with apparmor 2.8.95~2430-0ubuntu5
Log entries with operation="signal" send aa-logprof into an infinite loop.
With LOGPROF_DEBUG=3 I get the following in /var/log/apparmor/logprof.log, then
aa-logprof is in busy loop.
[...]
2014-04-14 21:02:12,315 - ReadLog - read_log: type=AVC
msg=audit(1397430151.932:5592): apparmor="DENIED" operation="signal"
profile="/usr/lib/postfix/master" pid=23348 comm="master" requested_mask="send"
denied_mask="send" signal=term peer="/usr/lib/postfix/smtp"
2014-04-14 21:02:12,315 - ReadLog - read_log: seenmark = True
2014-04-14 21:02:12,315 - ReadLog - parse_log_record: type=AVC
msg=audit(1397430151.932:5592): apparmor="DENIED" operation="signal"
profile="/usr/lib/postfix/master" pid=23348 comm="master"
requested_mask="send" denied_mask="send" signal=term
peer="/usr/lib/postfix/smtp"
2014-04-14 21:02:12,315 - ReadLog - parse_event: type=AVC
msg=audit(1397430151.932:5592): apparmor="DENIED" operation="signal"
profile="/usr/lib/postfix/master" pid=23348 comm="master"
requested_mask="send" denied_mask="send" signal=term
peer="/usr/lib/postfix/smtp"
Even if logprof doesn't know how to handle these entries, it shouldn't fail in
this way - just ignore those lines...
(Of course, proper support for those entries would be preferred because it's a
PITA to add them manually to profiles).
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: trusty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1307665
Title:
signal entries in audit.log send aa-logprof in infinite loop
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1307665/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
