AppArmor

logprof creates duplicate profile

Bug #925894 reported by Jeroen Ooms
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Won't Fix
Undecided
Unassigned

Bug Description

I have a hat profile defined in the /etc/apparmor.d/apache2.d/ directory. However when saving changes, aa-logprof creates a new profile with the same hatname in usr.lib.apache2.mpm-prefork.apache2 anyway, resulting in a "duplicate profile" error on next restart. Instead I think it should append it to the existing profile in /etc/apparmor.d/apache2.d.

To reproduce

- install libapache2-mod-apparmor and apache2-mpm-prefork
- create a file e.g. /etc/apparmor.d/apache2.d/mysite:

^mysite flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
}

And assign it to some directory in Apache2:

<Directory /var/www/mysite>
    Options Indexes FollowSymLinks
    AAHatName mysite
</Directory>

Then load the site in your browser.

- Run aa-logprof, and save some changes.
- logprof will have created an additional ^mysite inside the usr.lib.apache2.mpm-prefork.apache2 resulting in apparmor failing to load next time.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The perl tools have been deprecated. Please try with the newer python tools in 2.9 and file a new bug if this issue still affects you.

Changed in apparmor:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.