[Bug 668311] New: AppArmor profile generation can't handle *x (execute permissions) - please release a patch - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 476376] apparmor-parser fails...

[Bug 668311] New: AppArmor profile generation can't handle *x (execute permissions) - please release a patch

older
[Bug 546618] New: logprof/genprof...

bugzilla_noreply＠novell.com

31 Jan 2011 31 Jan '11

12:03

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c0 Summary: AppArmor profile generation can't handle *x (execute permissions) - please release a patch Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: suse-beta@cboltz.de QAContact: qa@suse.de CC: security-team@suse.de, maintenance@opensuse.org Found By: Beta-Customer Blocker: --- AppArmor logprof and genprof on openSUSE 11.3 (and IIRC on 11.2 also) can't handle *x (execute) permissions because of a changed audit.log format. Instead, they create a totally useless profile with ^null_xy hats. See bug 546618 for all the technical details, especially comment #2 there. The AppArmor utils in AppArmor 2.5.1 (now in Factory) fix this. I recommend to release a patch that updates AppArmor to 2.5.1 on openSUSE 11.3. I tested the 2.5.1 utils on 11.3 (see bug 546618#c12) and it looks like they are fully backward-compatible to AppArmor 2.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠novell.com

7 Apr 7 Apr

16:18

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c1 Jeff Mahoney changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #1 from Jeff Mahoney 2011-04-07 16:18:55 UTC --- Even though I expect 2.5.1 to be compatible, we can't just update the version mid-release. I've backported the patch that handles this and it's fixed properly now. SR 66428 for 11.3 SR 66453 for 11.2 NEEDINFO maintenance@opensuse.org -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

8 Apr 8 Apr

08:43

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c2 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@novell.com --- Comment #2 from Marcus Meissner 2011-04-08 08:43:04 UTC --- for what it is worth, opensuse is not that strict with version updates anymore. everything should just continue to work after the update. ,) ok for update +1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

10:04

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c3 Christian Dengler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |cdengler@novell.com InfoProvider|maintenance@opensuse.org | --- Comment #3 from Christian Dengler 2011-04-08 10:04:18 UTC --- +1 okay -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

10:04

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c4 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:40061:low --- Comment #4 from Swamp Workflow Management 2011-04-08 10:04:37 UTC --- The SWAMPID for this issue is 40061. This issue was rated as low. Please submit fixed packages until 2011-05-06. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/40061 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

13 Apr 13 Apr

19:53

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c5 Jeff Mahoney changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #5 from Jeff Mahoney 2011-04-13 19:53:25 UTC --- Updates have been checked in for both 11.2 and 11.3. Closing as FIXED. Thanks for prodding on this one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15 Apr 15 Apr

07:26

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:40061:low |. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

28 Apr 28 Apr

11:52

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c6 --- Comment #6 from Bernhard Wiedemann 2011-04-28 13:52:32 CEST --- This is an autogenerated message for OBS integration: This bug (668311) was mentioned in https://build.opensuse.org/request/show/66428 https://build.opensuse.org/request/show/66453 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

2 May 2 May

14:10

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c7 Andrej Semen changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |asemen@novell.com Resolution|FIXED | --- Comment #7 from Andrej Semen 2011-05-02 14:10:36 UTC --- On qa maintenace testing of apparmor could not see fix and bug number not mentioned mentioned in changelog. rpm -q apparmor-parser apparmor-profiles apparmor-utils libapparmor-devel libapparmor1 libapparmor1-32bit libapparmor1-x86 perl-libapparmor -l --changelog | head -n 17 * Mon Jan 10 2011 jeffm@suse.de - Fix two x transition conflict bugs (bnc#662928). * Fri Apr 30 2010 jeffm@suse.de - Newer kernels don't require separate removal of hats (bnc#588248) - Fixed compilation of debug mode * Thu Mar 25 2010 jeffm@suse.de - Update to final translation files * Mon Mar 15 2010 jeffm@suse.de - Fix handling of removing profiles with whitespace (bnc#510740) - Provide meaningful line numbers in error reports (bnc#520013) - Support dry-run mode - Fix recognition of non-inet net domains (bnc#588185) * Wed Mar 04 2009 jeffm@suse.de after update to testing package: rpm -q apparmor-parser apparmor-profiles apparmor-utils libapparmor-devel libapparmor1 libapparmor1-32bit libapparmor1-x86 perl-libapparmor apparmor-parser-2.3.1-8.18.1 apparmor-profiles-2.3-48.5.1 apparmor-utils-2.3.1-9.8.2 libapparmor-devel-2.3-51.16.1 libapparmor1-2.3-51.16.1 package libapparmor1-32bit is not installed package libapparmor1-x86 is not installed perl-libapparmor-2.3-51.16.1 Is this ok? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:12

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c8 Andrej Semen changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |jeffm@novell.com --- Comment #8 from Andrej Semen 2011-05-02 14:12:30 UTC --- Testing SLE-11-SP1 maintenace update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

10 May 10 May

21:28

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c9 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|. |. maint:released:11.2:40137 --- Comment #9 from Swamp Workflow Management 2011-05-10 21:28:50 UTC --- Update released for: apparmor-utils Products: openSUSE 11.2 (i586) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

16 May 16 May

11:19

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c Michal Kubeček changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |693722 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:17

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c11 Jeff Mahoney changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED InfoProvider|jeffm@novell.com | --- Comment #11 from Jeff Mahoney 2011-05-16 14:17:16 UTC --- That fix was delayed waiting on a fix for a misapplied patch in bnc#691398. I've just submitted that fix and there should now be nothing holding up the apparmor update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

14:45

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c12 --- Comment #12 from Marcus Meissner 2011-05-16 14:45:53 UTC --- i resubmitted the patchinfo. ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

19:00

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c13 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|. maint:released:11.2:40137 |. maint:released:11.2:40137 | |maint:released:11.3:40158 --- Comment #13 from Swamp Workflow Management 2011-05-16 19:00:31 UTC --- Update released for: apparmor-utils Products: openSUSE 11.3 (i586) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

25 May 25 May

13:14

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c14 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #14 from Marcus Meissner 2011-05-25 13:14:48 UTC --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

16:14

New subject: [Bug 668311] AppArmor profile generation can't handle *x (execute permissions) - please release a patch

https://bugzilla.novell.com/show_bug.cgi?id=668311 https://bugzilla.novell.com/show_bug.cgi?id=668311#c15 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|. maint:released:11.2:40137 |. maint:released:11.2:40137 |maint:released:11.3:40158 |maint:released:11.3:40158 | |maint:released:sle11-sp1:40 | |948 --- Comment #15 from Swamp Workflow Management 2011-05-25 16:14:15 UTC --- Update released for: apparmor-parser, apparmor-parser-debuginfo, apparmor-parser-debugsource, apparmor-profiles, apparmor-utils, libapparmor-devel, libapparmor1, libapparmor1-32bit, libapparmor1-debuginfo, libapparmor1-debuginfo-32bit, libapparmor1-debuginfo-x86, libapparmor1-debugsource, libapparmor1-x86, perl-libapparmor Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

4722

Age (days ago)

4836

Last active (days ago)

Download

16 comments

1 participants

tags

participants (1)

bugzilla_noreply＠novell.com