Ubuntu
apparmor package

/etc/apparmor.d/abstractions/base missing /usr/share/zoneinfo/ r,

Bug #709340 reported by Edy Corak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Won't Fix
Low
Unassigned
Natty
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: apparmor

I was update following packages on Ubuntu Server 8.04.4 LTS

apparmor 2.1+1075-0ubuntu9.2 -> 2.1+1075-0ubuntu9.3
apparmor-docs 2.1+1075-0ubuntu9.2 -> 2.1+1075-0ubuntu9.3
apparmor-profiles 2.1+1075-0ubuntu9.2 -> 2.1+1075-0ubuntu9.3
apparmor-utils 2.1+1075-0ubuntu9.2 -> 2.1+1075-0ubuntu9.3

Before I start the update the file /etc/apparmor.d/abstractions/base contains

/usr/share/zoneinfo/ r,
/usr/share/zoneinfo/** r,

After update it contains only

/usr/share/zoneinfo/** r,

and this causes many errors if the profile is started in enforced mode

kernel: [4430583.358293] audit(1296221771.972:275): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=
"::r" name="/usr/share/zoneinfo/" pid=20149 profile="/usr/sbin/lighttpd" namespace="default"

After inserting the missing /usr/share/zoneinfo/ r, in /etc/apparmor.d/abstractions/base everything works fine again.

Kind regards

Edy Corak

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This bug does not affect Natty.

Changed in apparmor (Ubuntu Natty):
status: New → Invalid
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

@Edy,

It looks like you added the rule to your base abstraction manually since the rule is not in the default apparmor packages for 2.1+1075-0ubuntu9.2 and you should have been prompted by dpkg for the conffile change on upgrade. This issue was fixed Ubuntu 10.04 LTS.

Changed in apparmor (Ubuntu Hardy):
importance: Undecided → Low
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.