2014-03-21 19:36:40 |
Jamie Strandboge |
bug |
|
|
added bug |
2014-03-21 19:36:49 |
Jamie Strandboge |
apparmor (Ubuntu): status |
New |
Triaged |
|
2014-03-21 19:36:56 |
Jamie Strandboge |
apparmor (Ubuntu): importance |
Undecided |
Low |
|
2014-03-21 19:45:43 |
Jamie Strandboge |
summary |
/etc/init.d/apparmor reload complains if /var/lib/apparmor/profiles is empty |
/etc/init.d/apparmor reload complains if /var/lib/apparmor/profiles doesn't have profiles |
|
2014-03-21 19:58:13 |
Jamie Strandboge |
description |
On a new trusty install:
$ sudo /etc/init.d/apparmor reload
* Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
Add ing 'set -x' to /lib/apparmor/functions, we can see why:
+ [ ! -d /var/lib/apparmor/profiles ]
+ wc -l
+ find /var/lib/apparmor/profiles -type f
+ num=2
+ [ 2 = 0 ]
+ cache_args=--cache-loc=/etc/apparmor.d/cache
+ [ /var/lib/apparmor/profiles = /var/lib/apparmor/profiles ]
+ [ -d /var/cache/apparmor ]
+ cache_args=--cache-loc=/var/cache/apparmor
+ getconf _NPROCESSORS_ONLN
+ + read profile
egrep+ -v (\.dpkg-(new|old|dist|bak)|~)$
ls -1 /var/lib/apparmor/profiles
+ xargs -n1 -d\n -P1 /sbin/apparmor_parser --write-cache --replace --cache-loc=/var/cache/apparmor --
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
We shouldn't process /var/lib/apparmor/profiles if it is empty. |
On a new trusty install:
$ sudo /etc/init.d/apparmor reload
* Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
Add ing 'set -x' to /lib/apparmor/functions, we can see why:
+ [ ! -d /var/lib/apparmor/profiles ]
+ wc -l
+ find /var/lib/apparmor/profiles -type f
+ num=2
+ [ 2 = 0 ]
+ cache_args=--cache-loc=/etc/apparmor.d/cache
+ [ /var/lib/apparmor/profiles = /var/lib/apparmor/profiles ]
+ [ -d /var/cache/apparmor ]
+ cache_args=--cache-loc=/var/cache/apparmor
+ getconf _NPROCESSORS_ONLN
+ + read profile
egrep+ -v (\.dpkg-(new|old|dist|bak)|~)$
ls -1 /var/lib/apparmor/profiles
+ xargs -n1 -d\n -P1 /sbin/apparmor_parser --write-cache --replace --cache-loc=/var/cache/apparmor --
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
The two files that are there are:
$ ls -a /var/lib/apparmor/profiles/.a*
/var/lib/apparmor/profiles/.apparmor-easyprof-ubuntu.md5sums
/var/lib/apparmor/profiles/.apparmor.md5sums
but these are state files, not profiles. Ideally they wouldn't exist and this will go away when we revamp policy load, but we should probably do this:
num=`find "$pdir" -type f ! -regex '.*\.md5sums$' | wc -l`
instead of:
num=`find "$pdir" -type f | wc -l` |
|
2014-03-21 20:00:39 |
Jamie Strandboge |
apparmor (Ubuntu): milestone |
|
ubuntu-14.04 |
|
2014-03-21 20:05:48 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Triaged |
In Progress |
|
2014-03-21 20:07:41 |
Jamie Strandboge |
branch linked |
|
lp:~apparmor-dev/apparmor/apparmor-ubuntu-citrain.lp1295816 |
|
2014-03-26 15:21:07 |
Jamie Strandboge |
description |
On a new trusty install:
$ sudo /etc/init.d/apparmor reload
* Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
Add ing 'set -x' to /lib/apparmor/functions, we can see why:
+ [ ! -d /var/lib/apparmor/profiles ]
+ wc -l
+ find /var/lib/apparmor/profiles -type f
+ num=2
+ [ 2 = 0 ]
+ cache_args=--cache-loc=/etc/apparmor.d/cache
+ [ /var/lib/apparmor/profiles = /var/lib/apparmor/profiles ]
+ [ -d /var/cache/apparmor ]
+ cache_args=--cache-loc=/var/cache/apparmor
+ getconf _NPROCESSORS_ONLN
+ + read profile
egrep+ -v (\.dpkg-(new|old|dist|bak)|~)$
ls -1 /var/lib/apparmor/profiles
+ xargs -n1 -d\n -P1 /sbin/apparmor_parser --write-cache --replace --cache-loc=/var/cache/apparmor --
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
The two files that are there are:
$ ls -a /var/lib/apparmor/profiles/.a*
/var/lib/apparmor/profiles/.apparmor-easyprof-ubuntu.md5sums
/var/lib/apparmor/profiles/.apparmor.md5sums
but these are state files, not profiles. Ideally they wouldn't exist and this will go away when we revamp policy load, but we should probably do this:
num=`find "$pdir" -type f ! -regex '.*\.md5sums$' | wc -l`
instead of:
num=`find "$pdir" -type f | wc -l` |
On a new trusty install with click-apparmor installed:
$ sudo /etc/init.d/apparmor reload
* Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
Add ing 'set -x' to /lib/apparmor/functions, we can see why:
+ [ ! -d /var/lib/apparmor/profiles ]
+ wc -l
+ find /var/lib/apparmor/profiles -type f
+ num=2
+ [ 2 = 0 ]
+ cache_args=--cache-loc=/etc/apparmor.d/cache
+ [ /var/lib/apparmor/profiles = /var/lib/apparmor/profiles ]
+ [ -d /var/cache/apparmor ]
+ cache_args=--cache-loc=/var/cache/apparmor
+ getconf _NPROCESSORS_ONLN
+ + read profile
egrep+ -v (\.dpkg-(new|old|dist|bak)|~)$
ls -1 /var/lib/apparmor/profiles
+ xargs -n1 -d\n -P1 /sbin/apparmor_parser --write-cache --replace --cache-loc=/var/cache/apparmor --
Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
The two files that are there are:
$ ls -a /var/lib/apparmor/profiles/.a*
/var/lib/apparmor/profiles/.apparmor-easyprof-ubuntu.md5sums
/var/lib/apparmor/profiles/.apparmor.md5sums
but these are state files, not profiles. Ideally they wouldn't exist and this will go away when we revamp policy load, but we should probably do this:
num=`find "$pdir" -type f ! -regex '.*\.md5sums$' | wc -l`
instead of:
num=`find "$pdir" -type f | wc -l` |
|
2014-03-26 15:31:07 |
Jamie Strandboge |
apparmor (Ubuntu): status |
In Progress |
Fix Committed |
|
2014-03-26 15:31:11 |
Jamie Strandboge |
apparmor (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
2014-03-28 10:53:02 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/apparmor |
|
2014-03-28 11:50:37 |
Launchpad Janitor |
apparmor (Ubuntu): status |
Fix Committed |
Fix Released |
|