apparmor init script fails to load profile with space in name

Bug #655523 reported by Steve Beattie
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)

Bug Description

Binary package hint: apparmor


  $ ls -l /etc/apparmor.d/home.ubuntu.tmp.da\ sh
  -rw-r--r-- 1 root root 122 2010-10-05 23:22 /etc/apparmor.d/home.ubuntu.tmp.da sh
  $ sudo /etc/init.d/apparmor reload
   * Reloading AppArmor profiles
  Error: Could not read profile /etc/apparmor.d/home.ubuntu.tmp.da: No such file or directory.
  Error: Could not read profile sh: No such file or directory.!

Note that the parser will handle this just fine:

  $ sudo apparmor_parser -r /etc/apparmor.d/home.ubuntu.tmp.da\ sh
  $ sudo grep "da sh" /sys/kernel/security/apparmor/profiles
  /home/ubuntu/tmp/da sh (enforce)

Probably the easiest way to fix it would be to tell xargs that newlines are the delimiter like so:

- xargs -n1 -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" --
+ xargs -n1 -d"\n" -P$(getconf _NPROCESSORS_ONLN) "$PARSER" "$@" --

though converting the echo statement to emit a \0 and invoking xargs with -0 would work as well (though you need to either use /bin/echo or ensure that /etc/apparmor/functions won't ever be sourced from a bash script due to the way bash and dash handle escaped characters like \0). However, since the rest of the loop construct assumes newline for delimiters, using nulls for delimiters to xargs is probably overkill.

Stopping and reloading profiles with spaces in the name of the file works fine.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: apparmor 2.5.1~rc1-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.35-22.33-generic-pae
Uname: Linux 2.6.35-22-generic-pae i686
Architecture: i386
Date: Tue Oct 5 23:34:58 2010
InstallationMedia: Ubuntu-Server 10.10 "Maverick Meerkat" - Alpha i386 (20100916)
 PATH=(custom, no user)
SourcePackage: apparmor

Related branches

Revision history for this message
Steve Beattie (sbeattie) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.6.0-0ubuntu1

apparmor (2.6.0-0ubuntu1) natty; urgency=low

  [ Steve Beattie ]
  * New upstream 2.6.0 release (LP: #724193)
    - Patches taken upstream and dropped:
      + 0001-ubuntu-buildd.patch
      + 0003-add-libvirt-support-to-dnsmasq.patch
      + 0004-lp698194.patch
      + 0005-aa-disable.patch
    - debian/rules: remove library path settings for mod_apparmor and
      pam_apprmor builds; upstream handles this properly now.
    - debian/apparmor-utils.install: handle upstream => renaming
  * debian/lib/apparmor/functions: handle profile names with embedded
    spaces (LP: #655523)
  * debian/rules, debian/control, debian/python-libapparmor: build
    a python-libapparmor package.

  [ Jamie Strandboge ]
  * debian/copyright: update and reformat according to DEP-5
  * debian/lib/apparmor/functions: don't unload dynamically generated libvirt
    profiles on reload, restart, and force-reload (LP: #702774)
  * debian/control: use Section: python for python-libapparmor
 -- Steve Beattie <email address hidden> Thu, 24 Feb 2011 01:41:58 -0800

Changed in apparmor (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers