| 2010-08-17 22:50:41 |
John Gray |
bug |
|
|
added bug |
| 2010-08-17 22:50:41 |
John Gray |
attachment added |
|
ApparmorPackages.txt https://bugs.launchpad.net/bugs/619521/+attachment/1496580/+files/ApparmorPackages.txt |
|
| 2010-08-17 22:50:41 |
John Gray |
attachment added |
|
ApparmorStatusOutput.txt https://bugs.launchpad.net/bugs/619521/+attachment/1496581/+files/ApparmorStatusOutput.txt |
|
| 2010-08-17 22:50:41 |
John Gray |
attachment added |
|
Dependencies.txt https://bugs.launchpad.net/bugs/619521/+attachment/1496582/+files/Dependencies.txt |
|
| 2010-08-17 22:50:41 |
John Gray |
attachment added |
|
KernLog.txt https://bugs.launchpad.net/bugs/619521/+attachment/1496583/+files/KernLog.txt |
|
| 2010-08-17 22:50:41 |
John Gray |
attachment added |
|
PstreeP.txt https://bugs.launchpad.net/bugs/619521/+attachment/1496584/+files/PstreeP.txt |
|
| 2010-08-19 09:04:33 |
Steve Beattie |
apparmor (Ubuntu): status |
New |
Triaged |
|
| 2010-08-19 09:04:37 |
Steve Beattie |
apparmor (Ubuntu): importance |
Undecided |
Medium |
|
| 2010-08-19 09:04:57 |
Steve Beattie |
bug task added |
|
apparmor |
|
| 2010-08-19 09:05:12 |
Steve Beattie |
apparmor: status |
New |
Triaged |
|
| 2010-08-19 09:05:19 |
Steve Beattie |
apparmor: importance |
Undecided |
Medium |
|
| 2010-08-19 09:06:43 |
Steve Beattie |
tags |
apport-bug i386 lucid |
apport-bug i386 jaunty karmic lucid maverick |
|
| 2010-08-19 10:00:24 |
Steve Beattie |
apparmor: status |
Triaged |
In Progress |
|
| 2010-08-19 10:00:34 |
Steve Beattie |
nominated for series |
|
apparmor/2.5 |
|
| 2010-08-19 10:00:34 |
Steve Beattie |
bug task added |
|
apparmor/2.5 |
|
| 2010-08-19 10:00:51 |
Steve Beattie |
apparmor/2.5: status |
New |
In Progress |
|
| 2010-08-19 10:00:54 |
Steve Beattie |
apparmor/2.5: importance |
Undecided |
Medium |
|
| 2010-08-19 10:01:00 |
Steve Beattie |
apparmor/2.5: milestone |
|
2.5.1 |
|
| 2010-08-19 15:51:48 |
Steve Beattie |
apparmor/2.5: status |
In Progress |
Fix Committed |
|
| 2010-08-19 15:51:53 |
Steve Beattie |
apparmor: status |
In Progress |
Fix Released |
|
| 2010-09-10 21:16:26 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/apparmor |
|
| 2010-09-11 01:12:34 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Triaged |
Fix Released |
|
| 2010-09-21 09:01:14 |
Steve Beattie |
apparmor/2.5: status |
Fix Committed |
Fix Released |
|
| 2010-11-02 22:59:40 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Lucid |
|
| 2010-11-02 22:59:40 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu Lucid) |
|
| 2010-11-02 23:03:06 |
Jamie Strandboge |
apparmor (Ubuntu Lucid): importance |
Undecided |
Medium |
|
| 2010-11-02 23:03:06 |
Jamie Strandboge |
apparmor (Ubuntu Lucid): status |
New |
In Progress |
|
| 2010-11-02 23:03:06 |
Jamie Strandboge |
apparmor (Ubuntu Lucid): milestone |
|
lucid-updates |
|
| 2010-11-04 19:00:41 |
Jamie Strandboge |
description |
Binary package hint: apparmor
I have pam_apparmor set up for sshd as follows.
session optional pam_apparmor.so order=user,group,default debug
It never searches group or default. It thinks it finds a hat the user whether a hat exists for the user or not.
In complain mode, the debug messages are:
Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Using username 'gray'
Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Successfully changed to hat 'gray'
Note, there is not a hat 'gray' defined. If I put it in enforce mode:
Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Using username 'gray'
Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Unknown error occurred changing to gray hat: No such file or directory
Maybe we're doing something wrong, but I think its broken.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libpam-apparmor 2.5-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic-pae 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic-pae i686
Architecture: i386
Date: Tue Aug 17 18:30:58 2010
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release i386 (20100427)
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: apparmor |
SRU Justification
1. impact of the bug is medium for stable releases and very much limits the utility of pam_apparmor, but the fix is non-intrusive. It is included here as part of the 2.5.1 update for Lucid (LP: #660077)
2. This has been fixed in natty.
3. Patch simply adjusts changehat/pam_apparmor/pam_apparmor.c to try the next hat on ENOENT rather than failing.
4. TEST CASE: run the AppArmorPAM tests in lp:qa-regression-testing/scripts/test-apparmor.py. Several tests fail with the version in Lucid and all are fixed in the 2.5.1 upload.
5. The regression potential is very low for this patch as it only adds a single ENOENT check, libpam-apparmor is in universe and it is not widely used yet. Getting this fixed would be an important step in getting pam-apparmor more widely used since LTS users are more likely to require the extra security features provided by libpam-apparmor.
Binary package hint: apparmor
I have pam_apparmor set up for sshd as follows.
session optional pam_apparmor.so order=user,group,default debug
It never searches group or default. It thinks it finds a hat the user whether a hat exists for the user or not.
In complain mode, the debug messages are:
Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Using username 'gray'
Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Successfully changed to hat 'gray'
Note, there is not a hat 'gray' defined. If I put it in enforce mode:
Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Using username 'gray'
Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Unknown error occurred changing to gray hat: No such file or directory
Maybe we're doing something wrong, but I think its broken.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libpam-apparmor 2.5-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic-pae 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic-pae i686
Architecture: i386
Date: Tue Aug 17 18:30:58 2010
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release i386 (20100427)
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: apparmor
|
|
| 2010-11-04 19:00:55 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2010-11-04 19:01:13 |
Jamie Strandboge |
bug |
|
|
added subscriber SRU Verification |
| 2010-12-03 17:20:49 |
Martin Pitt |
apparmor (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
| 2010-12-03 17:20:57 |
Martin Pitt |
tags |
apport-bug i386 jaunty karmic lucid maverick |
apport-bug i386 jaunty karmic lucid maverick verification-needed |
|
| 2010-12-14 20:48:30 |
Martin Pitt |
tags |
apport-bug i386 jaunty karmic lucid maverick verification-needed |
apport-bug i386 jaunty karmic lucid maverick verification-done |
|
| 2010-12-15 11:50:58 |
Launchpad Janitor |
apparmor (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
| 2011-09-19 21:26:39 |
Ubuntu Foundations Team Bug Bot |
tags |
apport-bug i386 jaunty karmic lucid maverick verification-done |
apport-bug i386 jaunty karmic lucid maverick testcase verification-done |
|
