After an upgrade to libfuse 3.17.1-rc0, autopkgtests started to fail
due to a missing x permission for /usr/bin/mount. After looking at the
source code for fusermount, I noticed that it does call /bin/mount and
/bin/umount in certain cases. These uses were already there in
previous versions of libfuse but I'm still not sure why it hasn't
triggered before.
To reproduce it:
sudo autopkgtest-buildvm-ubuntu-cloud -v -r questing
autopkgtest archivemount -U --apt-pocket=proposed=src:fuse3 --shell-fail -- qemu autopkgtest-questing-amd64.img
After the test fails, enter the vm by
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 10022 ubuntu@localhost
You can reproduce the test by running
cd /tmp/autopkgtest.*/build.*/src/
/tmp/autopkgtest.*/build.*/src/debian/tests/test
Note that ix for mount and umount were enough to make the autopkgtest
failures to start passing, but there could be issues in the future
regarding the use of fs specific mount binaries like
/usr/sbin/mount.fuse
Fixes: http://bugs.launchpad.net/bugs/2111845
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
@jjohansen had mentioned to me when he suggested this profile that there was smth he noticed about john that gave him the impression it was a good candidate for confinement. I think that would be the only thing I'd want to call out - wondering whether something like this captures that spirit or if there's something else worth including.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1662
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Merged-by: Maxime Bélair <maxime.belair@canonical.com>
This is a small improvement that makes sure lsusb is able to read some
properties of the virtual USB devices provisioned for the test.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
AppArmor profile for the lsusb binary, developed and tested on Ubuntu 22.04.
Signed-off-by: Federico Quattrin <federico.quattrin@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1433
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
... but don't get a new value assigned.
Found by pyflakes 3.3.2 / python 3.13.3
While on it, remove some obsolete, commented out debugging code.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1708
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
Otherwise tst_regex would log as being from parser_common.c instead of
being from the actual source of parser_regex.c
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1707
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
Parsing mount options (also) accepted partial matches as long as the
option started with the right characters. For example, 'options=syncfoo'
was parsed as 'sync'. This is also the reason why the list of mount
options was re-ordered so that 'r' and 'w' came last to give longer
options a chance to match (otherwise, 'rw' would be interpreted as 'r').
Fix parsing by adding a lookahead match so that the regex enforces that
the mount option is followed by whitespace, or is at the end of
rule_details.
Note that this issue only affected the options=foo syntax.
options=(foo) worked correctly even without this fix.
Now that this is fixed, move 'r' and 'w' back to their original position
in the list of mount options.
Also add a test where a mount rule ends with 'options=rw,' to ensure
that the '$' lookahead works.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1712
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>
Parsing mount options (also) accepted partial matches as long as the
option started with the right characters. For example, 'options=syncfoo'
was parsed as 'sync'. This is also the reason why the list of mount
options was re-ordered so that 'r' and 'w' came last to give longer
options a chance to match (otherwise, 'rw' would be interpreted as 'r').
Fix parsing by adding a lookahead match so that the regex enforces that
the mount option is followed by whitespace, or is at the end of
rule_details.
Note that this issue only affected the options=foo syntax.
options=(foo) worked correctly even without this fix.
Now that this is fixed, move 'r' and 'w' back to their original position
in the list of mount options.
Also add a test where a mount rule ends with 'options=rw,' to ensure
that the '$' lookahead works.
Parsing `mount options=x` results in "Passed unknown options keyword to
MountRule: x", while parsing `mount options=xy` results in "Can't parse mount rule".
This difference happens because the code checks (besides the list of
known options) for a regex `([A-Za-z0-9])` which only matched a
single-character unknown option.
Change that regex to also match multiple characters, and also allow to
match `-` (used in some known mount options, so it's likely that it also
gets used in so far unknown mount options)
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1710
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>
The whole pattern already has `(...)*`, therefore there's no need to
make option_pattern optional.
Before this change, mount_condition_pattern could have matched
- on empty strings (it still can, thanks to the trailing `*` which can
also mean "zero matches") or
- whitespace-only strings (which is covered by the two regexes using
mount_condition_pattern - they both have `\s*` and/or `\s+` around it)
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1709
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Christian Boltz <apparmor@cboltz.de>
Parsing `mount options=x` results in "Passed unknown options keyword to
MountRule: x", while parsing `mount options=xy` results in "Can't parse mount rule".
This difference happens because the code checks (besides the list of
known options) for a regex `([A-Za-z0-9])` which only matched a
single-character unknown option.
Change that regex to also match multiple characters, and also allow to
match `-` (used in some known mount options, so it's likely that it also
gets used in so far unknown mount options)
The whole pattern already has `(...)*`, therefore there's no need to
make option_pattern optional.
Before this change, mount_condition_pattern could have matched
- on empty strings (it still can, thanks to the trailing `*` which can
also mean "zero matches") or
- whitespace-only strings (which is covered by the two regexes using
mount_condition_pattern - they both have `\s*` and/or `\s+` around it)
Otherwise tst_regex would log as being from parser_common.c instead of
being from the actual source of parser_regex.c
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
The hwctl profile is being carried upstream, so we can keep it in
sync, but is being packaged from the regular profile set so that it
can be part of a package that is SRUed (ubuntu stable release update)
separate from the rest of apparmor, and its profiles.
Provide backwards compat with older parser to reduce the amount of
distro patching that is needed.
Signed-off-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1705
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Merged-by: John Johansen <john@jjmx.net>
The permissive flags should be revisited once we have rule delegation
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1704
Approved-by: John Johansen <john@jjmx.net>
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Merged-by: John Johansen <john@jjmx.net>
The hwctl profile is being carried upstream, so we can keep it in
sync, but is being packaged from the regular profile set so that it
can be part of a package that is SRUed (ubuntu stable release update)
separate from the rest of apparmor, and its profiles.
Provide backwards compat with older parser to reduce the amount of
distro patching that is needed.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Many profile MRs created with aa-logprof come with abstractions
unrelated to the confined application. This MR allow to restrict
proposed abstractions to related profiles.
Improve #LOGPROF-SUGGEST metadata to support a set of space-separated
regexes. If this tag is present, the abstraction is only proposed to
aa-logprof if one of the regexes is matched.
If this abstraction should not be proposed to any profile, it is
possible to tell #LOGPROF-SUGGEST: no
Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1696
Approved-by: Christian Boltz <apparmor@cboltz.de>
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Christian Boltz <apparmor@cboltz.de>
Improve #LOGPROF-SUGGEST metadata to support a set of space-separated
regexes. If this tag is present, the abstraction is only proposed to
aa-logprof if one of the regexes is matched.
If this abstraction should not be proposed to any profile, it is
possible to tell #LOGPROF-SUGGEST: no
Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
