aa-genprof: don't crash if setting printk_ratelimit fails

When running aa-genprof in a lxd instance, printk_ratelimit is readonly and writing to it fails. Instead of crashing with a backtrace, only print a warning. References: https://bugs.launchpad.net/apparmor/+bug/1785391 (cherry picked from commit 961e69afe5) Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-03-04 16:35:02 +01:00 · 2018-08-05 14:46:13 +02:00 · 2018-08-05 14:46:13 +02:00 · fccfaa6bfc
commit fccfaa6bfc
parent 1aaffa6e1b
1 changed files with 10 additions and 2 deletions
--- a/utils/aa-genprof
+++ b/utils/aa-genprof
@ -55,7 +55,11 @@ def last_audit_entry_time():
    return logmark

 def restore_ratelimit():
-    sysctl_write(ratelimit_sysctl, ratelimit_saved)
+    try:
+        sysctl_write(ratelimit_sysctl, ratelimit_saved)
+    except PermissionError:
+        if ratelimit_saved != sysctl_read(ratelimit_sysctl):
+            raise  # happens only if a) running under lxd and b) something changed the ratelimit since starting aa-genprof

 parser = argparse.ArgumentParser(description=_('Generate profile for the given program'))
 parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
@ -120,7 +124,11 @@ if apparmor.helpers[program] == 'enforce':
 # the printk ratelimit, and restore it on exit.
 ratelimit_sysctl = '/proc/sys/kernel/printk_ratelimit'
 ratelimit_saved = sysctl_read(ratelimit_sysctl)
-sysctl_write(ratelimit_sysctl, 0)
+
+try:
+    sysctl_write(ratelimit_sysctl, 0)
+except PermissionError:  # will fail in lxd
+    warn("Can't set printk_ratelimit, some events might be lost")

 atexit.register(restore_ratelimit)