aa-status in apparmor-2.10 depends on python3-apparmor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The apparmor 2.10-0ubuntu1 package did not migrate from wily-proposed due to the content-hub autopkgtests failing. This turned out to be due to the dh_apparmor postinst snippet failing to load the content-hub test apparmor profiles because aa-status failed to run due to python3-apparmor not being installed. The dependency was added in the apparmor 2.10 cycle due to wanting to get fancier tracebacks that contain more diagnostic information when errors occur. In a minimal ubuntu environment, python-utils and python3-apparmor are not installed by default (which is also why aa-status is included in the main apparmor package).
There are a couple of possible short term solutions to this:
1) make the apparmor package depend on python3-apparmor
2) make aa-status function even when python3-apparmor isn't installed, either by reverting the added import entirely, or catching the exception and continuing even when it fails.
Long term, aa-status could be re-written (again), this time in C to help minimal environments become even more minimal by getting rid of the dependency on python.
Related branches
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
Here is a proposed patch that makes aa-status(8) keep working if python3-apparmor is not available, but uses the fancier exception handling if it is available.