/usr/lib/python3/dist-packages/apparmor/tools.py implement optional reload profile method
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Undecided
|
Christian Boltz | ||
2.9 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
There are various "# FIXME: this should be a profile_reload function/method" entries in /usr/lib/
Profile reload should be optional for aa-enforce etc. so that one can use those utils in chroot without raising exceptions all the time.
The thing is: Those utils work in chroot, just "/sys/kernel/
In case of aa-enforce the profiles are set in enforce mode, just reloading the profile in the kernel fails, because after "apparmor.
There should be an call option for aa-enfore and the similar utils, to skip reloading the profile.
This is particularly interesting if install your system using chroot/debootstrap, where you configure everything in chroot and once finished boot the system for real.
tags: | added: aa-tools |
Changed in apparmor: | |
milestone: | 2.9.3 → 2.10 |
Example of the exception in case of aa-enforce:
Traceback: aa-enforce" , line 30, in <module> cmd_enforce( ) python3/ dist-packages/ apparmor/ tools.py" , line 166, in cmd_enforce AppArmorExcepti on(cmd_ info[1] ) common. AppArmorExcepti on: 'Warning: unable to find a suitable fs in /proc/mounts, is it mounted?\nUse --subdomainfs to override.\n'
Traceback (most recent call last):
File "/usr/sbin/
tool.
File "/usr/lib/
raise apparmor.
apparmor.