AppArmor

aa-logprof unusable with latest lxc templates

Bug #1036393 reported by Zgth on 2012-08-13

This bug affects 11 people

	Status	Importance	Assigned to	Milestone
AppArmor	Fix Released	Undecided	Unassigned	AppArmor 2.9.0
apparmor (Ubuntu)	Fix Released	Undecided	Unassigned
Precise	Fix Released	Undecided	Unassigned
Saucy	Fix Released	Undecided	Unassigned

Bug Description

aa-loprof fails on a Precice system with LXC installed:

user@ubuntu:~$ sudo aa-logprof

lxc/lxc-default contains syntax errors. Line [ capability,]

The only workaround I've discovered is removing everything related to LXC from /etc/apparmor.d/ or the entire LXC package.
The logs attached are taken from a fresh Precise Server installation on a VirtualBox virtual machine, but the bug can be reproduced on a virtual Precise Desktop as well, AFAIK.

Revision history for this message

Zgth (zygoth) wrote on 2012-08-13:

dmesg output Edit (26.5 KiB, text/plain)

Revision history for this message

Zgth (zygoth) wrote on 2012-08-13:

dpkg -l output Edit (48.7 KiB, text/plain)

Revision history for this message

Matt Willsher (mawi) wrote on 2012-09-01:

I'm running precise desktop i686 and get the exact same error.

Revision history for this message

webrat (irc-webratz) wrote on 2012-11-20:

same issue here (Ubuntu 12.04.1, 64bit)

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-09-03:

A workaround was committed upstream:

http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/2159

It makes aa-logprof/aa-genprof ignore rules valid AppArmor rules that they do not yet support. While it is not the most ideal fix, it is probably appropriate to SRU so that those tools are no longer broken when LXC is installed.

Changed in apparmor:
status:	New → Fix Committed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-09-03:

This was fixed in 2.8.0-0ubuntu25 on Ubuntu 13.10.

Changed in apparmor (Ubuntu Saucy):
status:	New → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-09-03:

To be clear, the workaround was implemented in 2.8.0-0ubuntu25 on Ubuntu 13.10.

Changed in apparmor (Ubuntu Precise):
status:	New → Confirmed

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2013-09-03:

An IRC discussion about the upstream workaround has me second guessing that patch. I'm looking at this a little more to determine if there's a better solution.

Revision history for this message

sles (slesru) wrote on 2013-11-22:

Hello!

is it possible to apply this workaround and release update for 12.04? :-)

Thank you!

Jamie Strandboge (jdstrand) on 2014-10-10

Changed in apparmor:
milestone:	none → 2.9.0

Revision history for this message

Steve Beattie (sbeattie) wrote on 2014-10-17:

#10

Apparmor 2.9.0 has been released; closing.

Changed in apparmor:
status:	Fix Committed → Fix Released
Changed in apparmor (Ubuntu Precise):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1061537

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.