several missing include local/foo
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Invalid
|
Undecided
|
Unassigned | ||
| ippusbxd (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
| snap-confine (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
| webbrowser-app (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
It is surprising that /etc/apparmor.
There are several such files on my 16.04 system:
$ cd /etc/apparmor.d && for i in local/*; do find . -type f | xargs sudo grep "include.*$i" >/dev/null || echo "$i is not included anywhere"; done | grep -v README
local/usr.
local/usr.
local/usr.
local/usr.
The impact of this bug is that it is not possible to add site-specific rules to some AppArmor profiles in an Ubuntu system. Note that this should not be a problem with profiles shipped in the apparmor-profiles packages (since the upstream apparmor build system checks for the existence of such include rules) and likely only affects other packages which ship their own AppArmor profiles.
| Tyler Hicks (tyhicks) wrote | #1 |
| Changed in ippusbxd (Ubuntu): | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| Changed in snap-confine (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Changed in webbrowser-app (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Changed in apparmor: | |
| status: | New → Invalid |
| description: | updated |
I'm not going to add a task for ubuntu-
I'm marking the apparmor task as Invalid because this bug only applies to profiles that are not shipped by the apparmor or apparmor-profiles packages. The upstream apparmor project has an install-time check that verifies that all of the profiles have an "#include <local/