/etc/init.d/apparmor reload complains if /var/lib/apparmor/profiles doesn't have profiles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Low
|
Jamie Strandboge |
Bug Description
On a new trusty install with click-apparmor installed:
$ sudo /etc/init.
* Reloading AppArmor profiles
Skipping profile in /etc/apparmor.
Skipping profile in /etc/apparmor.
Warning from stdin (line 1): /sbin/apparmor_
Add ing 'set -x' to /lib/apparmor/
+ [ ! -d /var/lib/
+ wc -l
+ find /var/lib/
+ num=2
+ [ 2 = 0 ]
+ cache_args=
+ [ /var/lib/
+ [ -d /var/cache/apparmor ]
+ cache_args=
+ getconf _NPROCESSORS_ONLN
+ + read profile
egrep+ -v (\.dpkg-
ls -1 /var/lib/
+ xargs -n1 -d\n -P1 /sbin/apparmor_
Warning from stdin (line 1): /sbin/apparmor_
The two files that are there are:
$ ls -a /var/lib/
/var/lib/
/var/lib/
but these are state files, not profiles. Ideally they wouldn't exist and this will go away when we revamp policy load, but we should probably do this:
num=`find "$pdir" -type f ! -regex '.*\.md5sums$' | wc -l`
instead of:
num=`find "$pdir" -type f | wc -l`
Related branches
- Seth Arnold: Approve
-
Diff: 27 lines (+8/-1)2 files modifieddebian/changelog (+7/-0)
debian/lib/apparmor/functions (+1/-1)
Changed in apparmor (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Low |
summary: |
- /etc/init.d/apparmor reload complains if /var/lib/apparmor/profiles is - empty + /etc/init.d/apparmor reload complains if /var/lib/apparmor/profiles + doesn't have profiles |
description: | updated |
Changed in apparmor (Ubuntu): | |
milestone: | none → ubuntu-14.04 |
Changed in apparmor (Ubuntu): | |
status: | Triaged → In Progress |
description: | updated |
Changed in apparmor (Ubuntu): | |
status: | In Progress → Fix Committed |
assignee: | nobody → Jamie Strandboge (jdstrand) |
This bug was fixed in the package apparmor - 2.8.95~ 2430-0ubuntu3
--------------- 2430-0ubuntu3) trusty; urgency=medium
apparmor (2.8.95~
[ Jamie Strandboge ] lib/apparmor/ functions: properly calculate number of profiles in lib/apparmor/ profiles (LP: #1295816) notify/ 90apparmor- notify notify/ apparmor- notify. desktop apparmor- notify. install: adjust for the above apparmor- notify. maintscript to remove 90apparmor-notify notify/ notify. conf: use_group should be set to "sudo" instead of
* debian/
/var/
* autostart aa-notify via /etc/xdg/autostart instead of /etc/X11/Xsession.d
(LP: #1288241)
- remove debian/
- add debian/
- debian/
- add debian/
* debian/
"admin" (LP: #1009666)
[ Tyler Hicks ] patches/ initialize- mount-flags. patch: Initialize the variables patches/ fix-typo- in-dbus_ write.patch: Fix a bug in the patches/ limited- mount-rule- support. patch: Fix a bug in the patches/ bare-capability -rule-support. patch: Fix a bug in the patches/ check-config- for-sysctl. patch, patches/ increase- swap-size. patch: Fix bugs in the regression test patches/ test-v6- policy. patch, patches/ test-mount- mediation. patch: Improve the regression tests
* debian/
containing mount rule flags to zero. Otherwise, the parser may set
unexpected bits in the mount flags field for rules that do not specify
mount flags. The uninitialized mount flag variables may have caused
unexpected AppArmor denials during mount mediation. (LP: #1296459)
* debian/
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to write out network rules instead of dbus rules
* debian/
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a mount rule (LP: #1294825)
* debian/
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a bare capability rule
(LP: #1294819)
* debian/
debian/
suite that caused errors when running on ppc64el
* debian/
debian/
by increasing the mount rule test coverage
-- Tyler Hicks <email address hidden> Thu, 27 Mar 2014 14:12:29 -0500