init script returns 0 even after parsing failure

Bug #1370228 reported by Felix Geyer on 2014-09-16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Jamie Strandboge

Bug Description

The apparmor init script (and likely the upstart job, but haven't checked) returns exit code 0 even when a profile can't be loaded.

In /lib/apparmor/functions foreach_configured_profile first loads profiles from /etc/apparmor.d and then from /var/lib/apparmor/profiles.
Parsing errors in the first dir are ignored.

The attached patch returns the first non-zero return code or zero if there are no errors.

Felix Geyer (debfx) wrote :
Felix Geyer (debfx) wrote :

Tested with apparmor 2.8.96~2652-0ubuntu4.

tags: added: patch
Changed in apparmor (Ubuntu):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.96~2652-0ubuntu5

apparmor (2.8.96~2652-0ubuntu5) utopic; urgency=medium

  [ Jamie Strandboge ]
  * sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
  * 10-lp1371771.patch: don't exit prematurely and fail to load remaining
    policy if encounter a corrupt cache file (LP: #1371771)
  * 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
    (LP: #1371765)
  * debian/lib/apparmor/functions:
    - don't return 0 on parsing failure. Patch thanks to Felix Geyer
      (LP: #1370228)
    - use xargs -n1 when we don't have cache files, but omit it when we do.
      This allows taking full advantage of xargs -P when we need it most,
      without the cost when we don't.

  [ Steve Beattie ]
  * update_socketpair_tests_for_af_unix.patch,
    fix_socketpair_tests.patch: update socketpair regression tests for
    af_unix socket mediation
 -- Jamie Strandboge <email address hidden> Mon, 22 Sep 2014 09:39:10 -0500

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers