[Bug 408818] New: apparmor parser hangs when started after updating to 11.0
https://bugzilla.novell.com/show_bug.cgi?id=408818 Summary: apparmor parser hangs when started after updating to 11.0 Product: openSUSE 11.0 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: AppArmor AssignedTo: jjohansen@novell.com ReportedBy: poeml@novell.com QAContact: qa@suse.de Found By: --- I updated from 10.1 to 11.0, and to be safe I disabled apparmor on first boot, so to make sure that everything else works first. Now, time to start apparmor and see if the profiles still work / adjust / update them. Problem: it doesn't start; it hangs when parsing a profile: root@doozer ~ # rcapparmor start Mounting securityfs on /sys/kernel/security done Loading AppArmor profiles Found reference to variable PROC, but is never declared Profile /etc/apparmor.d/bin.hostname failed to load [hanging here] root 2107 0.0 0.1 6236 1132 ? Ss Jul11 0:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid root 21717 0.0 0.2 8820 2692 ? Ss 10:38 0:00 \_ sshd: root@pts/1 root 21719 0.6 0.3 6000 3480 pts/1 Ss 10:38 0:00 | \_ -zsh root 21761 0.0 0.1 3180 1516 pts/1 S+ 10:38 0:00 | \_ /bin/sh /sbin/rcapparmor start root 21801 101 14.4 150008 148432 pts/1 R+ 10:38 0:19 | \_ /sbin/apparmor_parser -I/etc/apparmor.d --add /etc/apparmor.d/usr.sbin.httpd2-prefork The httpd2-prefork profile (I can attach it privately) contains some hats for vhosts, and I must admit that I always had problems to get the profile right with 10.1; the logging was known to be difficult with 10.1, so that it was hard to get it right; I was looking forward to finish the profile after the 11.0 update ;) however, the profile could well be broken. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=408818 User poeml@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=408818#c1 --- Comment #1 from Peter Poeml <poeml@novell.com> 2008-07-14 02:46:41 MDT --- In view of the hang, it seems it was smart to disable boot.apparmor for the update of this server. (Although the parallel start done by our boot scheme might mitigate the problem) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=408818 User jjohansen@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=408818#c3 John Johansen <jjohansen@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #3 from John Johansen <jjohansen@novell.com> 2008-07-14 17:32:30 MDT --- Actually it should load, and it is definitely a bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=408818 User jjohansen@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=408818#c4 --- Comment #4 from John Johansen <jjohansen@novell.com> 2008-09-09 08:25:53 MDT --- Peter, can you give me anymore information on this bug. I haven't been able to reproduce. The rcapparmor process is killable correct? If you could it would also be good to send me the offending profile. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=408818 User poeml@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=408818#c5 --- Comment #5 from Peter Poeml <poeml@novell.com> 2008-09-09 18:29:21 MDT --- I attached the offending profile earlier, see above. I would assume that the process was killable - because I assume I would have noticed otherwise. I can't say this for sure anymore. But I can't remember anything strange, that I didn't report here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=408818 User jeffm@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=408818#c7 Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |poeml@novell.com --- Comment #7 from Jeff Mahoney <jeffm@novell.com> 2009-02-10 14:09:59 MST --- Peter, are you able to reproduce this with 11.1? I am unable to. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=408818 User jeffm@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=408818#c8 --- Comment #8 from Jeff Mahoney <jeffm@novell.com> 2009-03-06 09:50:51 MST --- Created an attachment (id=277732) --> (https://bugzilla.novell.com/attachment.cgi?id=277732) [PATCH] AppArmor: Fix outputting of loaded profiles > PAGE_SIZE The basics of the bug are as follows The profile listing in apparmorfs is broken, so that it will only output entries that fit on a single page, if there are more profiles than can be listed in a page worth of memory it bails but when it bails it leaves some spinlocks held. :( This breaks, profile listing, replacement and removal if done from the init scripts. Manual profile replacement and removal as done by the utils will still work as long a profile listing has not been done previously. Fortunately for this bug only surfaces when a rather large number of profiles are present, somewhere in the 60-70 profile/hat range. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=408818 User jeffm@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=408818#c9 Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|poeml@novell.com | Resolution| |FIXED --- Comment #9 from Jeff Mahoney <jeffm@novell.com> 2009-03-06 09:52:04 MST --- I've committed the fix to the repo and it will be part of the next release. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com