Ubuntu
apparmor package

Cannot Add Request Hat or Use Default Hat in aa-logprof and mod_apparmor

Bug #1752365 reported by Gold Star
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

After installing apparmor, apparmor-utils, and libapache2-mod-apparmor and enabling a virtual host that uses the changehat feature, it is impossible to "(A)dd Requested Hat" or "(U)se Default Hat" because there isinconsistent use of q.promptUser() call in the " elif type == 'unknown_hat' block on line 1097 in aa.py

Changing
  ans = q.promptUser()
to
  ans = q.promptUser()[0].strip()
OR
  ans, selected = q.promptUser()
OR
  ans, arg = q.promptUser()
resolves this problem because ans is no longer assigned a tuple data type and can be evaluated against CMD_* variables

Further execution of code is buggy due to collection.defaultdict(hasher(), {}) not having certain methods but that is not within the scope of this bug report.

---

Debugging info:

uname -a:
Linux hostname 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/issue
Ubuntu 16.04.3 LTS \n \l

apt-cache policy apparmor-utils
apparmor-utils:
  Installed: 2.10.95-0ubuntu2.8
  Candidate: 2.10.95-0ubuntu2.8
 *** 2.10.95-0ubuntu2.8 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        100 /var/lib/dpkg/status

apt-cache policy apparmor
apparmor:
  Installed: 2.10.95-0ubuntu2.6
  Candidate: 2.10.95-0ubuntu2.8
  Version table:
     2.10.95-0ubuntu2.8 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages

apt-cache policy libapache2-mod-apparmor
libapache2-mod-apparmor:
  Installed: 2.10.95-0ubuntu2.8
  Candidate: 2.10.95-0ubuntu2.8
  Version table:
 *** 2.10.95-0ubuntu2.8 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        100 /var/lib/dpkg/status

See original description
Gold Star (goldstar611)
description: updated
Gold Star (goldstar611)
description: updated
Revision history for this message
Christian Boltz (cboltz) wrote :

For the records: this is already fixed upstream (checked in master and the latest 2.11 branch), so Ubuntu "just" needs to pick up the fix.

commit e2039f021e42793e07c1838499eae9c22e1ea8f2
Author: Christian Boltz <email address hidden>
Date: Mon Aug 15 22:02:55 2016 +0200

See https://bugs.launchpad.net/apparmor/+bug/1538306 for details.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.12-4ubuntu1

---------------
apparmor (2.12-4ubuntu1) bionic; urgency=medium

  [ Tyler Hicks ]
  * Merge from Debian to get gbp-pq related packaging improvements. Thanks to
    intrigeri for making those improvements! Remaining Ubuntu changes:
    - debian/gbp.conf: Use ubuntu/master as the debian-branch
    - Update package maintainer to be Ubuntu Developers in the control file
    - Call handle_system_policy_package_updates in apparmor.init.
      This is needed for snappy and system-images. Note that this prevents
      using a remove /var.
    - Apply Ubuntu-specific patches
      + parser-include-usr-share-apparmor.patch
      + profiles-grant-access-to-systemd-resolved.patch
      + add-chromium-browser.patch
    - Install Ubuntu chromium-browser profile and abstraction
    - Feature pinning is not used in Ubuntu

  [ intrigeri ]
  * Adjust the Vcs-{Browser,Git} control fields to reflect the branch where
    the Ubuntu packaging is maintained.

apparmor (2.12-4) unstable; urgency=medium

  * Migrate patch handling to gbp-pq (Closes: #888244).
  * Merge 2.12-3ubuntu1 (dropping the Ubuntu delta):
    - upstream-commit-46f88f5-properly-identify-empty-ouid-fsuid-fields.patch:
      new patch, properly identify empty ouid/fsuid fields in logs.
    - upstream-commit-130958a-allow-shell-helper-read-locale.patch:
      new patch, allow the shell helper regression test program read
      the locale.

 -- Tyler Hicks <email address hidden> Mon, 19 Mar 2018 16:24:57 +0000

Changed in apparmor (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.