Public bug reported:
[ Impact ]
* Currently there is a bug in apparmor where executing the aa-
enforce command causes the apparmor to crash with:
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name).
Traceback (most recent call last):
File "/usr/sbin/aa-enforce", line 33, in <module>
tool.cmd_enforce()
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 134, in
cmd_enforce
for (program, prof_filename, output_name) in self.get_next_for_modechange():
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 97, in
get_next_for_modechange
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: 'NoneType' object is not callable
An unexpected error occurred!
* Users have been unable to roll out their intended CIS hardening
policies to production as they are blocked by this issue
* This bug was reported in LP #2078467:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2078467, and
upstream apparmor at https://gitlab.com/apparmor/apparmor/-/issues/387
* The bug reporter indicated that they worked around the problem by
manually applying the upstream fix at:
https://gitlab.com/apparmor/apparmor/-/merge_requests/1218. However,
this bug was reported internally by a customer who cannot manually apply
the fix to every affected machine.
[Test Plan]
* Deploy a fresh Ubuntu Noble VM, install apparmor/apparmor-utils,
and run: sudo aa-enforce /etc/apparmor.d/* This will produce the same
traceback as seen the bug report
* Apply the patch, and run sudo aa-enforce /etc/apparmor.d/*,
observing that no errors were produced
[What can go wrong]
* The bug was introduced essentially due to a refactorization of a
function which originally returned two values. One of which, the return
value 'profile', was ambiguously either a profile name or a profile
filename. The restructuring in the previous patch ensured the function
always returned 3 values, each of which being explicitly defined to
remove the ambiguous nature of the "profile" return value. It's possible
that there will be subsequent changes similar to this one due to the
original change.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2102246
Title:
[SRU] App armor crashes on aa-enforce due to "Profile not found"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2102246/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
