Incorrect warning from apparmor_parser on force complained profiles

This is addressed by upstream https://gitlab.com/apparmor/apparmor/-/merge_requests/649

FYI, this is part of the groovy upload in unapproved.

This bug was fixed in the package apparmor - 3.0.0-0ubuntu1

---------------
apparmor (3.0.0-0ubuntu1) groovy; urgency=medium

  [ Alex Murray ]
  * Update to the final AppArmor 3.0 upstream release
    - d/apparmor.install:
      + install new aa-features-abi binary to /usr/bin
    - d/apparmor.manpages:
      + install new aa-features-abi.1 man page
    - d/apparmor-profiles.install:
      + install new usr.lib.dovecot.script-login
      + adjust for renamed postfix profiles
    - d/tests/test-installed:
      + include libraries/ in workdir so tests have access to private
        headers
    - Drop the following patches that were originally backported from
      upstream but are now incorporated in the final release:
      + d/p/parser-fix_cap_match.patch
      + d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch
      + d/p/parser-add-abi-warning-flags.patch
      + d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch
      + d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch
      + d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch
      + d/p/fix-change-profile-stack-abstraction.patch
      + d/p/ubuntu/stop-loading-snapd-profiles.patch

  [ Emilia Torino ]
  * d/control: adjust apparmor-notify to depends on python3-psutil and
    python3-apparmor (LP: #1899046)

  [ Steve Beattie ]
  * d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
    Provide better message about caching not happening due to a profile
    being in force-complain mode. (LP: #1899218)

 -- Alex Murray <email address hidden> Sun, 11 Oct 2020 16:26:32 -0700

Just saw this in bionic, I guess it's not important enough for an SRU?

# apparmor_parser -r -T -W --Complain /etc/apparmor.d/pam_roles /etc/apparmor.d/usr.sbin.sshd
Warning failed to create cache: pam_roles
Warning failed to create cache: usr.sbin.sshd

+1 Ubuntu 20.04 LTS server

Just getting that warning while upgrading apparmor:

Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode
Warning from /etc/apparmor.d (/etc/apparmor.d/usr.sbin.sssd line 60): Caching disabled for: 'usr.sbin.sssd' due to force complain

(kinetic Mate )

It seems not fixed:
Setting up libapparmor1:amd64 (3.0.4-2ubuntu2.2) ...
Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode
Warning from /etc/apparmor.d (/etc/apparmor.d/usr.sbin.sssd line 60): Caching disabled for: 'usr.sbin.sssd' due to force complain

Ubuntu 22.04.2 LTS

Also confirm. I'm seeing the same error on an "apt upgrade":

Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode
Warning from /etc/apparmor.d (/etc/apparmor.d/usr.sbin.sssd line 60): Caching disabled for: 'usr.sbin.sssd' due to force complain
Setting up docker-buildx-plugin (0.10.4-1~ubuntu.22.04~jammy) ...
Setting up libsnmp40:amd64 (5.9.1+dfsg-1ubuntu2.6) ...

This bug is fixed and the behaviour you are seeing is expected - ie. it is expected that AppArmor prints a warning about forcing complain mode for the usr.sbin.sssd profile and that it then also prints a warning about caching being disabled for that due to it being in force complain mode. This is expected and normal behaviour.

However, if you feel this expected behaviour is a bug, please file a separate bug report for that and describe what you think is incorrect about this behaviour and how instead you feel it should behave.