old click packages are not always cleaned out

Bug #1342858 reported by Jamie Strandboge on 2014-07-16
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
click (Ubuntu)
High
Colin Watson

Bug Description

/var/lib/apparmor/clicks still has a lot of symlinks pointing to security manifests for click packages that are no longer installed. I haven't verified this, but I think it might have something to do with preinstalled packages and system-image updates. Eg:

$ ls -1 /var/lib/apparmor/clicks/*json | wc -l
157

$ click list | wc -l
85

$ sudo click list | wc -l
19

None of the symlinks in /var/lib/apparmor/clicks are dangling, so while this doesn't actively harm the system AFAICT, the 70+ additional and unneeded apparmor profiles means a slower first boot when policy regeneration is required.

Related branches

Jamie Strandboge (jdstrand) wrote :

I'm going to mark this 'High' for now with the rtm14 tag. Please adjust as necessary.

tags: added: rtm14
Changed in click (Ubuntu):
importance: Undecided → High
description: updated
Michael Vogt (mvo) wrote :

I don't quite see the same here on my n4, I only have:

$ ls -l /var/lib/apparmor/clicks/*json |wc -l
33
$ click list|wc -l
30
$ sudo click list|wc -l
22

And when further investigating I see that filemanager is in two versions installed (one for phablet, one for root):

$ ls -l /var/lib/apparmor/clicks/*json |grep filemanager
lrwxrwxrwx 1 root root 74 Jul 15 15:43 /var/lib/apparmor/clicks/com.ubuntu.filemanager_filemanager_0.3.211.json -> /usr/share/click/preinstalled/com.ubuntu.filemanager/0.3.211/apparmor.json
lrwxrwxrwx 1 root root 66 Jul 15 20:07 /var/lib/apparmor/clicks/com.ubuntu.filemanager_filemanager_0.3.223.json -> /opt/click.ubuntu.com/com.ubuntu.filemanager/0.3.223/apparmor.json

# click list|grep filemanager
com.ubuntu.filemanager 0.3.211

# sudo -u phablet click list|grep filemanager
com.ubuntu.filemanager 0.3.223

Then there is dropping-letters and fastmail.fm installed for root but not phablet.

So I don't quite see the numbers you report. Could you please attach the output of the click list, sudo clist list and the ls -l of the apparmor profiles for further analysis ?

Changed in click (Ubuntu):
status: New → Incomplete
Jamie Strandboge (jdstrand) wrote :

Sorry I didn't see this until just now. Attached are the files you requested.

Jamie Strandboge (jdstrand) wrote :
Jamie Strandboge (jdstrand) wrote :
Changed in click (Ubuntu):
status: Incomplete → New
Colin Watson (cjwatson) on 2014-09-08
Changed in click (Ubuntu):
status: New → Triaged
dobey (dobey) wrote :

I've also noticed cases where installing app updates separately from the system image, for pre-installed apps, can lead to older versions being preferred. This seems to happen more when using the promoted image channels, as it can be a much longer time between system image updates, so it is more likely that app updates will be installed outside the system image update, for pre-installed apps.

Jamie Strandboge (jdstrand) wrote :

Attached is the output of 'find /opt/click.ubuntu.com -ls'.

Also, from IRC:
11:38 < jdstrand> cjwatson: fyi, I currently have 252 json files in /var/lib/apparmor/clicks but only 113 apps listed with 'click list'. so, some apps do ship multiple profiles, but most apps do not.

Colin Watson (cjwatson) on 2014-09-10
Changed in click (Ubuntu):
assignee: nobody → Colin Watson (cjwatson)
status: Triaged → In Progress
Colin Watson (cjwatson) on 2014-09-12
Changed in click (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package click - 0.4.33

---------------
click (0.4.33) utopic; urgency=medium

  [ Pete Woods ]
  * Add scope-facing APIs to chroot build (LP: #1370727).

  [ Colin Watson ]
  * Warn that "click install" without a registration may result in later
    garbage-collection.
  * Rearrange garbage-collection to remove versions of packages that have no
    user registrations and are not running, rather than using the artificial
    @gcinuse registration which never really worked properly.
  * Run garbage-collection immediately before running system hooks on system
    startup (LP: #1342858).
  * Add new -n/--name option to "click chroot", defaulting to "click"
    (LP: #1364327).

  [ Michael Vogt ]
  * Make click destroy more robust by unmounting any mounted filesystem
    inside the schroot first (LP: #1346723).
  * Stop apps if necessary when uninstalling them (LP: #1232130).
  * Add new "click framework {info,get-field}" subcommands.
 -- Ubuntu daily release <email address hidden> Mon, 29 Sep 2014 14:18:41 +0000

Changed in click (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers