apparmor makes it impossible to install postgresql-common on Precise
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
High
|
John Johansen | ||
lxc (Ubuntu) |
Confirmed
|
High
|
Unassigned |
Bug Description
Repro:
$ sudo lxc-create -t ubuntu -n precise -f /etc/lxc/local.conf -- -r precise -a i686 -b gary
$ sudo lxc-start -n precise
[log in as root]
root@precise:~# apt-get install postgresql-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
openssl postgresql-
Suggested packages:
ca-certificates openssl-blacklist
The following NEW packages will be installed:
openssl postgresql-
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 643 kB of archives.
After this operation, 1618 kB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://
Get:2 http://
Get:3 http://
Get:4 http://
Fetched 643 kB in 1s (482 kB/s)
Preconfiguring packages ...
Selecting previously unselected package openssl.
(Reading database ... 12500 files and directories currently installed.)
Unpacking openssl (from .../openssl_
Selecting previously unselected package postgresql-
Unpacking postgresql-
Selecting previously unselected package ssl-cert.
Unpacking ssl-cert (from .../ssl-
Selecting previously unselected package postgresql-common.
Unpacking postgresql-common (from .../postgresql-
Adding 'diversion of /usr/bin/pg_config to /usr/bin/
dpkg: unrecoverable fatal error, aborting:
failed to fstat previous diversions file: No such file or directory
E: Sub-process /usr/bin/dpkg returned an error code (2)
Workaround (thanks to wgrant):
sudo ln -s /etc/apparmor.
sudo apparmor_parser -R /etc/apparmor.
Then it should work.
Ideally we'd be able to keep apparmor involved.
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
ArecordDevices:
**** List of CAPTURE Hardware Devices ****
card 0: NVidia [HDA NVidia], device 0: Cirrus Analog [Cirrus Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
Card0.Amixer.info:
Card hw:0 'NVidia'/'HDA NVidia at 0xe7480000 irq 21'
Mixer name : 'Cirrus Logic CS4206'
Components : 'HDA:10134206,
Controls : 18
Simple ctrls : 9
CurrentDmesg:
Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied
dmesg: write failed: Broken pipe
DistroRelease: Ubuntu 12.04
MachineType: Apple Inc. MacBookPro5,3
NonfreeKernelMo
Package: lxc 0.7.5-3ubuntu16
PackageArchitec
ProcEnviron:
PATH=(custom, user)
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=
ProcVersionSign
Tags: precise running-unity precise running-unity
Uname: Linux 3.2.0-12-generic x86_64
UpgradeStatus: Upgraded to precise on 2012-01-23 (9 days ago)
UserGroups: libvirtd sudo
WifiSyslog:
dmi.bios.date: 06/15/09
dmi.bios.vendor: Apple Inc.
dmi.bios.version: MBP53.88Z.
dmi.board.
dmi.board.name: Mac-F22587C8
dmi.board.vendor: Apple Inc.
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: Apple Inc.
dmi.chassis.
dmi.modalias: dmi:bvnAppleInc
dmi.product.name: MacBookPro5,3
dmi.product.
dmi.sys.vendor: Apple Inc.
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
tags: | added: bot-stop-nagging |
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
tags: | added: rls-p-tracking |
Changed in lxc (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in linux (Ubuntu): | |
status: | Confirmed → In Progress |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Released |
[16034.570611] type=1400 audit(132812382 0.845:116) : apparmor="ALLOWED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 parent=14666 profile= "/usr/bin/ lxc-start/ /lxc_container" name="/ var/lib/ dpkg/diversions " pid=14707 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
This doesn't really make sense to me. 1. the policy does not do anything with /var. 2. this message actually happened after I set the lxc-start profile to 'complain.'