aa-logprof unusable with latest lxc templates

Bug #1036393 reported by Zgth on 2012-08-13
40
This bug affects 11 people
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned
apparmor (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Saucy
Undecided
Unassigned

Bug Description

aa-loprof fails on a Precice system with LXC installed:

user@ubuntu:~$ sudo aa-logprof

lxc/lxc-default contains syntax errors. Line [ capability,]

The only workaround I've discovered is removing everything related to LXC from /etc/apparmor.d/ or the entire LXC package.
The logs attached are taken from a fresh Precise Server installation on a VirtualBox virtual machine, but the bug can be reproduced on a virtual Precise Desktop as well, AFAIK.

Zgth (zygoth) wrote :
Zgth (zygoth) wrote :
Matt Willsher (mawi) wrote :

I'm running precise desktop i686 and get the exact same error.

webrat (irc-webratz) wrote :

same issue here (Ubuntu 12.04.1, 64bit)

Tyler Hicks (tyhicks) wrote :

A workaround was committed upstream:

http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/2159

It makes aa-logprof/aa-genprof ignore rules valid AppArmor rules that they do not yet support. While it is not the most ideal fix, it is probably appropriate to SRU so that those tools are no longer broken when LXC is installed.

Changed in apparmor:
status: New → Fix Committed
Jamie Strandboge (jdstrand) wrote :

This was fixed in 2.8.0-0ubuntu25 on Ubuntu 13.10.

Changed in apparmor (Ubuntu Saucy):
status: New → Fix Released
Jamie Strandboge (jdstrand) wrote :

To be clear, the workaround was implemented in 2.8.0-0ubuntu25 on Ubuntu 13.10.

Changed in apparmor (Ubuntu Precise):
status: New → Confirmed
Tyler Hicks (tyhicks) wrote :

An IRC discussion about the upstream workaround has me second guessing that patch. I'm looking at this a little more to determine if there's a better solution.

sles (slesru) wrote :

Hello!

is it possible to apply this workaround and release update for 12.04? :-)

Thank you!

Changed in apparmor:
milestone: none → 2.9.0
Steve Beattie (sbeattie) wrote :

Apparmor 2.9.0 has been released; closing.

Changed in apparmor:
status: Fix Committed → Fix Released
Changed in apparmor (Ubuntu Precise):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers