Ubuntu
apparmor package

aa-genprof fails if profiles are in a subdirectory of /etc/apparmor.d

Bug #401935 reported by Jamie Strandboge on 2009-07-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Fix Released	Undecided	Jamie Strandboge

Bug Description

Binary package hint: apparmor

aa-genprof fails if there are profiles in a subdirectory of /etc/apparmor.d.

Reproducer:

$ sudo mkdir /etc/apparmor.d/foo
$ sudo cp /etc/apparmor.d/usr.sbin.cupsd /etc/apparmor.d/foo
$ sudo aa-genprof /usr/bin/gedit

include <foo/usr.sbin.cupsd> contains syntax errors.

ProblemType: Bug
ApparmorStatusOutput:
Error: command /usr/sbin/apparmor_status failed with exit code 4: You do not have enough privilege to read the profile set.
apparmor module is loaded.
Architecture: amd64
Date: Mon Jul 20 16:12:57 2009
DistroRelease: Ubuntu 9.10
Package: apparmor 2.3.1+1403-0ubuntu5
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-3.19-generic
SourcePackage: apparmor
Uname: Linux 2.6.31-3-generic x86_64

Tags:

Related branches

lp:ubuntu/karmic/apparmor

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-07-20:

ApparmorPackages.txt Edit (374 bytes, text/plain; charset="utf-8")
Dependencies.txt Edit (192 bytes, text/plain; charset="utf-8")
KernLog.txt Edit (23.5 KiB, text/plain; charset="utf-8")
PstreeP.txt Edit (17.5 KiB, text/plain; charset="utf-8")

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-07-20:

401935.patch Edit (1.3 KiB, text/plain)

Attached file is the patch committed in r995 of ubuntu-core-dev/apparmor/ubuntu

Changed in apparmor (Ubuntu):
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-07-20:

This bug was fixed in the package apparmor - 2.3.1+1403-0ubuntu6

---------------
apparmor (2.3.1+1403-0ubuntu6) karmic; urgency=low

  [ Kees Cook ]
  * parser/parser_policy.c: return errors instead of exiting.
  * debian/apparmor.init: skip more suffixes.
  * parser/parser_lex.l: define file suffixes to ignore.
  * parser/parser_main.c: disable cache for parsing reports.
  * debian/apparmor.init: also remove unparsed profiles.

  [ Jamie Strandboge ]
  * update gnome abstraction for /var/run/gdm/auth*/database
  * utils/SubDomain.pm: parse profiles in subdirectories, not just include
    files (LP: #401935)

-- Jamie Strandboge <email address hidden> Mon, 20 Jul 2009 11:45:24 -0500