Ubuntu
apparmor package

apparmor-utils: missing CAP_CHECKPOINT_RESTORE in /etc/apparmor/severity.db

  1. Hirsute (21.04)
  2. Bug #1923432
Bug #1923432 reported by Andrea Righi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Unassigned
Hirsute
New
Undecided
Unassigned

Bug Description

It looks like /etc/apparmor/severity.db is missing the new capability CAP_CHECKPOINT_RESTORE.

This causes the following regression test failure:

  ERROR: capability CAP_CHECKPOINT_RESTORE not found in severity.db
  make: *** [Makefile:81: check_severity_db] Error 1

This new capability is correctly supported by the parser already (see d/p/ubuntu/parser-Add-support-for-cap-checkpoint-restore.patch), so we probably need to update severity.db as well.

Tags: patch
Revision history for this message
Steve Beattie (sbeattie) wrote : Re: [Bug 1923432] [NEW] apparmor-utils: missing CAP_CHECKPOINT_RESTORE in /etc/apparmor/severity.db

This is https://gitlab.com/apparmor/apparmor/-/merge_requests/656
upstream, and was addressed in
https://gitlab.com/apparmor/apparmor/-/merge_requests/656/diffs?commit_id=2c2dbdc3a3012ce06371edc1e9be6f58711d8565
on the master branch and was cherrypicked to the apparmor 3.0 branch in
https://gitlab.com/apparmor/apparmor/-/commit/80efc15e18a6bb0d0abd2821cb03bf6be51cc517
This should be safe to cherrypick for hirsute.

(Similar cherrypicks occurred for prior AppArmor branches.)

--
Steve Beattie
<email address hidden>

Revision history for this message
Andrea Righi (arighi) wrote :
Revision history for this message
Andrea Righi (arighi) wrote :

@sbeattie sorry I didn't notice your comment, I can post another debdiff that includes the proper upstream commit.

Revision history for this message
Steve Beattie (sbeattie) wrote : Re: [Bug 1923432] Re: apparmor-utils: missing CAP_CHECKPOINT_RESTORE in /etc/apparmor/severity.db

On Mon, Apr 12, 2021 at 03:07:45PM -0000, Andrea Righi wrote:
> @sbeattie sorry I didn't notice your comment, I can post another debdiff
> that includes the proper upstream commit.

Probably would be for the best for when we do a merge in the I
cycle, to make identifying which patches can be dropped that much
easier. Thanks.

--
Steve Beattie
<email address hidden>

Revision history for this message
Andrea Righi (arighi) wrote :

New debdiff that contains a proper reference to the upstream patch. Thanks!

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 3.0.0-0ubuntu8

---------------
apparmor (3.0.0-0ubuntu8) impish; urgency=medium

  [ Andrea Righi ]
  * add support for CAP_CHECKPOINT_RESTORE in /etc/apparmor/severity.db
   (LP: #1923432):
    - d/p/ubuntu/Add-CAP_CHECKPOINT_RESTORE-to-severity.db.patch

  [ Steve Beattie ]
  * fix adt compile-test to handle the changed name of the tcpdump
    apparmor profile (LP: #1925411)
    - d/t/compile-test: test against usr.bin.tcpdump

 -- Andrea Righi <email address hidden> Mon, 12 Apr 2021 15:51:45 +0000

Changed in apparmor (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.