I added the print command I proposed, and it fails at the newly created profile - print output:
/etc/apparmor.d/usr.bin.true /usr/bin/true /usr/bin/true
The autodep code fills "filename" with a wrong structure with a level missing.
For comparison see the (heavily formatted) output of print(filelist)
'/etc/apparmor.d/usr.bin.true': defaultdict (
<function hasher at 0x7f32630b8d08>, {'profiles': defaultdict (
<function hasher at 0x7f32630b8d08>, {'/usr/bin/true': True}
), 'include': defaultdict (
<function hasher at 0x7f32630b8d08>, {'tunables/global': True}
)}
),
'/etc/apparmor.d/usr.lib.dovecot.dict': defaultdict (
<function hasher at 0x7f32630b8d08>, {'profiles': defaultdict (
<function hasher at 0x7f32630b8d08>, {'/usr/lib/dovecot/dict': defaultdict ( <function hasher at 0x7f32630b8d08>, {'/usr/lib/dovecot/dict': True}
)}
), 'include': defaultdict (
<function hasher at 0x7f32630b8d08>, {'tunables/global': True}
)}
),
(we really need to document the internal structure of our more interesting[tm] variables ;-)
Now that we know what is wrong, fixing it (in aa.py / autodep) is easy - even at 3 am ;-)
Interesting news - I'm able to reproduce this now. The trick is to create a new profile:
rm /etc/apparmor. d/usr.bin. true
aa-genprof true
press "s"
I added the print command I proposed, and it fails at the newly created profile - print output: apparmor. d/usr.bin. true /usr/bin/true /usr/bin/true
/etc/
The autodep code fills "filename" with a wrong structure with a level missing.
For comparison see the (heavily formatted) output of print(filelist)
'/etc/apparmor. d/usr.bin. true': defaultdict (
<function hasher at 0x7f32630b8d08>, {'profiles': defaultdict (
<function hasher at 0x7f32630b8d08>, {'/usr/bin/true': True}
), 'include': defaultdict (
<function hasher at 0x7f32630b8d08>, {'tunables/global': True}
)}
),
'/etc/apparmor. d/usr.lib. dovecot. dict': defaultdict ( lib/dovecot/ dict': defaultdict (
<function hasher at 0x7f32630b8d08>, {'/usr/ lib/dovecot/ dict': True}
<function hasher at 0x7f32630b8d08>, {'profiles': defaultdict (
<function hasher at 0x7f32630b8d08>, {'/usr/
)}
), 'include': defaultdict (
<function hasher at 0x7f32630b8d08>, {'tunables/global': True}
)}
),
(we really need to document the internal structure of our more interesting[tm] variables ;-)
Now that we know what is wrong, fixing it (in aa.py / autodep) is easy - even at 3 am ;-)
Can you please test the following patch?
=== modified file 'utils/ apparmor/ aa.py' aa.py 2014-04-26 11:05:55 +0000 aa.py 2014-05-19 00:51:04 +0000
filelist[ file] = hasher()
filelist[ file][' include' ]['tunables/ global' ] = True file][' profiles' ][pname] = True file][' profiles' ][pname] = hasher() file][' profiles' ][pname] [pname] = True profile_ ui_feedback( pname)
--- utils/apparmor/
+++ utils/apparmor/
@@ -583,7 +583,8 @@
if not filelist.get(file, False):
- filelist[
+ filelist[
+ filelist[
write_
def get_profile_ flags(filename, program):
Funnily I added the line to blame myself - but without it, autodep was even more buggy ;-) (bzr log -r2396 if you are interested in details)