Ubuntu
click package

old click packages are not always cleaned out

Bug #1342858 reported by Jamie Strandboge
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
click (Ubuntu)
Fix Released
High
Colin Watson

Bug Description

/var/lib/apparmor/clicks still has a lot of symlinks pointing to security manifests for click packages that are no longer installed. I haven't verified this, but I think it might have something to do with preinstalled packages and system-image updates. Eg:

$ ls -1 /var/lib/apparmor/clicks/*json | wc -l
157

$ click list | wc -l
85

$ sudo click list | wc -l
19

None of the symlinks in /var/lib/apparmor/clicks are dangling, so while this doesn't actively harm the system AFAICT, the 70+ additional and unneeded apparmor profiles means a slower first boot when policy regeneration is required.

See original description
Tags: rtm14

Related branches

lp:~cjwatson/click/system-hook-gc
Michael Vogt: Approve
PS Jenkins bot (community): Approve (continuous-integration)
Diff: 240 lines (+51/-57)
6 files modified
click/install.py (+7/-0)
click/tests/test_database.py (+2/-12)
debian/changelog (+9/-0)
doc/manpage.rst (+6/-0)
lib/click/database.vala (+26/-45)
lib/click/hooks.vala (+1/-0)
lp:ubuntu/utopic-proposed/click
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm going to mark this 'High' for now with the rtm14 tag. Please adjust as necessary.

tags: added: rtm14
Changed in click (Ubuntu):
importance: Undecided → High
description: updated
Revision history for this message
Michael Vogt (mvo) wrote :

I don't quite see the same here on my n4, I only have:

$ ls -l /var/lib/apparmor/clicks/*json |wc -l
33
$ click list|wc -l
30
$ sudo click list|wc -l
22

And when further investigating I see that filemanager is in two versions installed (one for phablet, one for root):

$ ls -l /var/lib/apparmor/clicks/*json |grep filemanager
lrwxrwxrwx 1 root root 74 Jul 15 15:43 /var/lib/apparmor/clicks/com.ubuntu.filemanager_filemanager_0.3.211.json -> /usr/share/click/preinstalled/com.ubuntu.filemanager/0.3.211/apparmor.json
lrwxrwxrwx 1 root root 66 Jul 15 20:07 /var/lib/apparmor/clicks/com.ubuntu.filemanager_filemanager_0.3.223.json -> /opt/click.ubuntu.com/com.ubuntu.filemanager/0.3.223/apparmor.json

# click list|grep filemanager
com.ubuntu.filemanager 0.3.211

# sudo -u phablet click list|grep filemanager
com.ubuntu.filemanager 0.3.223

Then there is dropping-letters and fastmail.fm installed for root but not phablet.

So I don't quite see the numbers you report. Could you please attach the output of the click list, sudo clist list and the ls -l of the apparmor profiles for further analysis ?

Changed in click (Ubuntu):
status: New → Incomplete
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Sorry I didn't see this until just now. Attached are the files you requested.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in click (Ubuntu):
status: Incomplete → New
Colin Watson (cjwatson)
Changed in click (Ubuntu):
status: New → Triaged
Revision history for this message
dobey (dobey) wrote :

I've also noticed cases where installing app updates separately from the system image, for pre-installed apps, can lead to older versions being preferred. This seems to happen more when using the promoted image channels, as it can be a much longer time between system image updates, so it is more likely that app updates will be installed outside the system image update, for pre-installed apps.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Attached is the output of 'find /opt/click.ubuntu.com -ls'.

Also, from IRC:
11:38 < jdstrand> cjwatson: fyi, I currently have 252 json files in /var/lib/apparmor/clicks but only 113 apps listed with 'click list'. so, some apps do ship multiple profiles, but most apps do not.

Colin Watson (cjwatson)
Changed in click (Ubuntu):
assignee: nobody → Colin Watson (cjwatson)
status: Triaged → In Progress
Colin Watson (cjwatson)
Changed in click (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package click - 0.4.33

---------------
click (0.4.33) utopic; urgency=medium

  [ Pete Woods ]
  * Add scope-facing APIs to chroot build (LP: #1370727).

  [ Colin Watson ]
  * Warn that "click install" without a registration may result in later
    garbage-collection.
  * Rearrange garbage-collection to remove versions of packages that have no
    user registrations and are not running, rather than using the artificial
    @gcinuse registration which never really worked properly.
  * Run garbage-collection immediately before running system hooks on system
    startup (LP: #1342858).
  * Add new -n/--name option to "click chroot", defaulting to "click"
    (LP: #1364327).

  [ Michael Vogt ]
  * Make click destroy more robust by unmounting any mounted filesystem
    inside the schroot first (LP: #1346723).
  * Stop apps if necessary when uninstalling them (LP: #1232130).
  * Add new "click framework {info,get-field}" subcommands.
 -- Ubuntu daily release <email address hidden> Mon, 29 Sep 2014 14:18:41 +0000

Changed in click (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.