docker-support generates invalid AppArmor profile on Ubuntu Touch
Bug #2042889 reported by
Alfred E. Neumayer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
New
|
Undecided
|
Unassigned |
Bug Description
Currently on Ubuntu Touch (based on 20.04) snapd creates an AppArmor profile incompatible with various kernel generations (confirmed on 4.9, 4.14 & 4.19).
Seemingly conflicting rules cause apparmor_parser to back out with:
profile has merged rule with conflicting x modifiers
ERROR processing regexs for profile snap.docker.
One way to fix this is by removing the rules dictating the paths /s**, /sn**, and /sna**. The rationale behind these rules existing in their current incarnation is not yet clear to me.
The diff to fix this as tested on 4.14 (with upstream AppArmor patches applied on top) is attached.
To post a comment you must log in.
Hi, thanks for raising this. /github. com/snapcore/ snapd/blob/ master/ debug-tools/ snap-debug- info.sh
Could you please attach the output of this script? https:/