aa-genprof crashed with PermissionError in _mkstemp_inner(): [Errno 13] Permission denied: '/etc/apparmor.d/tmphtnhuikm~'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Triaged
|
Low
|
Unassigned | ||
apparmor (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
running aa-genprof <application> without sudo made the crash.
ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: apparmor-utils 2.8.95~
ProcVersionSign
Uname: Linux 3.13.0-19-generic x86_64
ApportVersion: 2.13.3-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Apr 1 20:45:07 2014
ExecutablePath: /usr/sbin/
InstallationDate: Installed on 2014-03-24 (8 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64+mac (20131016.1)
InterpreterPath: /usr/bin/python3.4
ProcCmdline: /usr/bin/python3 /usr/sbin/
ProcKernelCmdline: BOOT_IMAGE=
PythonArgs: ['/usr/
SourcePackage: apparmor
Syslog:
Title: aa-genprof crashed with PermissionError in _mkstemp_inner(): [Errno 13] Permission denied: '/etc/apparmor.
UpgradeStatus: Upgraded to trusty on 2014-03-29 (3 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo vboxusers
tags: | removed: need-duplicate-check |
Changed in apparmor (Ubuntu): | |
importance: | Undecided → Medium |
information type: | Private → Public |
Changed in apparmor (Ubuntu): | |
status: | New → Triaged |
Changed in apparmor (Ubuntu): | |
importance: | Medium → Low |
tags: | added: aa-tools |
Changed in apparmor: | |
importance: | Undecided → Low |
status: | New → Triaged |
A normal user has to run an application using sudo just to build a profile. This is ludicrous and counter-productive. The profile generated should optionally be saved elsewhere.
For example:
$ aa-genprof /usr/games/ armagetronad
Will fail because /etc/apparmor.d is not writeable. The workaround is horrible:
$ sudo aa-genprof /usr/games/ armagetronad
I really don't want to run something like armagetronad as the super-user. :-/