2010-10-04 21:04:40 |
Steve Atwell |
bug |
|
|
added bug |
2010-10-05 22:39:38 |
Steve Beattie |
apparmor (Ubuntu): status |
New |
Confirmed |
|
2010-10-05 22:39:42 |
Steve Beattie |
apparmor (Ubuntu): importance |
Undecided |
Medium |
|
2010-10-14 18:30:34 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Maverick |
|
2010-10-14 18:30:34 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu Maverick) |
|
2010-10-14 18:30:34 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Natty |
|
2010-10-14 18:30:34 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu Natty) |
|
2010-10-14 18:30:43 |
Jamie Strandboge |
apparmor (Ubuntu Maverick): status |
New |
In Progress |
|
2010-10-14 18:30:46 |
Jamie Strandboge |
apparmor (Ubuntu Natty): status |
Confirmed |
Triaged |
|
2010-10-14 18:30:49 |
Jamie Strandboge |
apparmor (Ubuntu Maverick): importance |
Undecided |
Medium |
|
2010-10-14 18:30:52 |
Jamie Strandboge |
apparmor (Ubuntu Maverick): assignee |
|
Jamie Strandboge (jdstrand) |
|
2010-10-14 18:30:56 |
Jamie Strandboge |
apparmor (Ubuntu Natty): assignee |
|
Jamie Strandboge (jdstrand) |
|
2010-10-14 18:30:57 |
Jamie Strandboge |
apparmor (Ubuntu Maverick): milestone |
|
maverick-updates |
|
2010-10-14 19:59:37 |
Steve Atwell |
nominated for series |
|
Ubuntu Lucid |
|
2010-10-15 16:53:07 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2010-10-15 17:30:12 |
Launchpad Janitor |
apparmor (Ubuntu Natty): status |
Triaged |
Fix Released |
|
2010-10-15 20:52:08 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu Lucid) |
|
2010-10-15 20:52:15 |
Jamie Strandboge |
apparmor (Ubuntu Lucid): status |
New |
In Progress |
|
2010-10-15 20:52:20 |
Jamie Strandboge |
apparmor (Ubuntu Lucid): importance |
Undecided |
Medium |
|
2010-10-15 20:52:24 |
Jamie Strandboge |
apparmor (Ubuntu Lucid): assignee |
|
Jamie Strandboge (jdstrand) |
|
2010-10-15 20:52:29 |
Jamie Strandboge |
apparmor (Ubuntu Lucid): milestone |
|
lucid-updates |
|
2010-10-16 02:48:21 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/apparmor |
|
2010-10-22 07:53:44 |
Martin Pitt |
apparmor (Ubuntu Maverick): status |
In Progress |
Fix Committed |
|
2010-10-22 07:53:48 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
2010-10-22 07:53:51 |
Martin Pitt |
tags |
|
verification-needed |
|
2010-10-22 08:17:26 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/maverick-proposed/apparmor |
|
2010-11-03 18:05:39 |
Jamie Strandboge |
description |
Binary package hint: apparmor
# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# apt-cache policy apparmor apparmor-utils
apparmor:
Installed: 2.5-0ubuntu3
Candidate: 2.5-0ubuntu3
[...]
apparmor-utils:
Installed: 2.5-0ubuntu3
Candidate: 2.5-0ubuntu3
Expected Results:
Running "/etc/init.d/apparmor status" after stopping apparmor should have a non-zero exit status to indicate that apparmor is not enabled.
Actual Results:
Running "/etc/init.d/apparmor status" always result in an exit code of 0, even after running "/etc/init.d/apparmor stop".
Looks like this is caused by a simple error in /etc/init.d/apparmor. The status function looks for the existence of /usr/bin/aa-status. However, aa-status is in /usr/sbin, not /usr/bin. So the status function falls back to displaying the contents of /sys/kernel/sercurity/apparmor/profiles and uses the exit status of the cat command as its exit status.
If the init script correctly calls aa-status, the status function has a more useful exit status. |
SRU
1. Impact: affects monitoring systems that depend on the exit code of status
2. Bug has not been fixed in the development branch (natty is not open)
3. Patch is a 2 character patch to adjust the path to aa-status from /usr/bin to /usr/sbin in two places
4. TEST CASE
$ sudo /etc/init.d/apparmor teardown
$ sudo /etc/init.d/apparmor status && echo "FAIL (exited with $?)"
5. Regression potential is extremely low, as the patch only adjusts the path for a command in the initscript that is not used as part of the boot or shutdown process
Binary package hint: apparmor
# lsb_release -rd
Description: Ubuntu 10.04.1 LTS
Release: 10.04
# apt-cache policy apparmor apparmor-utils
apparmor:
Installed: 2.5-0ubuntu3
Candidate: 2.5-0ubuntu3
[...]
apparmor-utils:
Installed: 2.5-0ubuntu3
Candidate: 2.5-0ubuntu3
Expected Results:
Running "/etc/init.d/apparmor status" after stopping apparmor should have a non-zero exit status to indicate that apparmor is not enabled.
Actual Results:
Running "/etc/init.d/apparmor status" always result in an exit code of 0, even after running "/etc/init.d/apparmor stop".
Looks like this is caused by a simple error in /etc/init.d/apparmor. The status function looks for the existence of /usr/bin/aa-status. However, aa-status is in /usr/sbin, not /usr/bin. So the status function falls back to displaying the contents of /sys/kernel/sercurity/apparmor/profiles and uses the exit status of the cat command as its exit status.
If the init script correctly calls aa-status, the status function has a more useful exit status.
|
|
2010-11-15 10:05:46 |
Martin Pitt |
tags |
verification-needed |
verification-done |
|
2010-11-17 12:58:27 |
Launchpad Janitor |
apparmor (Ubuntu Maverick): status |
Fix Committed |
Fix Released |
|
2010-12-03 17:23:14 |
Martin Pitt |
apparmor (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
2010-12-03 17:23:23 |
Martin Pitt |
tags |
verification-done |
|
|
2010-12-03 17:23:25 |
Martin Pitt |
tags |
|
verification-needed |
|
2010-12-14 20:47:42 |
Martin Pitt |
tags |
verification-needed |
verification-done |
|
2010-12-15 11:50:58 |
Launchpad Janitor |
apparmor (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2011-09-19 21:32:26 |
Ubuntu Foundations Team Bug Bot |
tags |
verification-done |
testcase verification-done |
|