AppArmor

aa-mergeprof: act() mergeprofiles.clear_common() call crashes

Bug #1382236 reported by Christian Boltz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Low
Christian Boltz
AppArmor 2.11

Bug Description

aa-mergeprof around line 120:

def act(files, merge_mode, merging_profile):
    mergeprofiles = Merge(files)
    #Get rid of common/superfluous stuff
    mergeprofiles.clear_common()

crashes with

 Traceback (most recent call last):
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 764, in <module>
     main()
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 114, in main
     act([user_file, base_file, None], 2, profile_name)
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 123, in act
     mergeprofiles.clear_common()
   File "/home/cb/apparmor/HEAD-CLEAN/utils/aa-mergeprof", line 191, in clear_common
     deleted += user_base.compare_profiles()
   File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/cleanprofile.py", line 42, in compare_profiles
     deleted += self.remove_duplicate_rules(profile)
   File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/cleanprofile.py", line 72, in remove_duplicate_rules
     deleted += delete_path_duplicates(self.profile.aa[program][hat], self.other.aa[program][hat], 'allow', self.same_file)
   File "/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/cleanprofile.py", line 107, in delete_path_duplicates
     profile_other[allow]['path'].pop(entry)
 KeyError: '/etc/postfix/ssl/certs/mail.pem'

As a workaround, I temporarily disabled the mergeprofiles.clear_common() call.

Tags: aa-tools
Steve Beattie (sbeattie)
Changed in apparmor:
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Christian Boltz (cboltz) wrote :

Fixed (calling clear_common() re-enabled) in r3542 as part of the FileRule patch series.

Changed in apparmor:
milestone: none → 2.11
assignee: nobody → Christian Boltz (cboltz)
status: Triaged → Fix Committed
Christian Boltz (cboltz)
Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.