| 2016-12-13 00:43:00 |
Jon W |
bug |
|
|
added bug |
| 2016-12-13 00:46:19 |
Tyler Hicks |
bug task added |
|
ippusbxd (Ubuntu) |
|
| 2016-12-13 00:46:29 |
Tyler Hicks |
ippusbxd (Ubuntu): importance |
Undecided |
Low |
|
| 2016-12-13 00:46:37 |
Tyler Hicks |
ippusbxd (Ubuntu): status |
New |
Confirmed |
|
| 2016-12-13 00:46:49 |
Tyler Hicks |
bug task added |
|
snap-confine (Ubuntu) |
|
| 2016-12-13 00:46:55 |
Tyler Hicks |
snap-confine (Ubuntu): status |
New |
Confirmed |
|
| 2016-12-13 00:46:59 |
Tyler Hicks |
snap-confine (Ubuntu): importance |
Undecided |
Low |
|
| 2016-12-13 00:48:15 |
Tyler Hicks |
bug task added |
|
webbrowser-app (Ubuntu) |
|
| 2016-12-13 00:48:22 |
Tyler Hicks |
webbrowser-app (Ubuntu): status |
New |
Confirmed |
|
| 2016-12-13 00:48:24 |
Tyler Hicks |
webbrowser-app (Ubuntu): importance |
Undecided |
Low |
|
| 2016-12-13 00:51:23 |
Tyler Hicks |
apparmor: status |
New |
Invalid |
|
| 2016-12-13 00:57:42 |
Tyler Hicks |
description |
It is surprising that /etc/apparmor.d/local/usr.bin.webbrowser.app exists, but is impotent because no other file includes it.
There are several such files on my 16.04 system:
$ cd /etc/apparmor.d && for i in local/*; do find . -type f | xargs sudo grep "include.*$i" >/dev/null || echo "$i is not included anywhere"; done | grep -v README
local/usr.bin.ubuntu-core-launcher is not included anywhere
local/usr.bin.webbrowser-app is not included anywhere
local/usr.lib.snapd.snap-confine is not included anywhere
local/usr.sbin.ippusbxd is not included anywhere |
It is surprising that /etc/apparmor.d/local/usr.bin.webbrowser.app exists, but is impotent because no other file includes it.
There are several such files on my 16.04 system:
$ cd /etc/apparmor.d && for i in local/*; do find . -type f | xargs sudo grep "include.*$i" >/dev/null || echo "$i is not included anywhere"; done | grep -v README
local/usr.bin.ubuntu-core-launcher is not included anywhere
local/usr.bin.webbrowser-app is not included anywhere
local/usr.lib.snapd.snap-confine is not included anywhere
local/usr.sbin.ippusbxd is not included anywhere
The impact of this bug is that it is not possible to add site-specific rules to some AppArmor profiles in an Ubuntu system. Note that this should not be a problem with profiles shipped in the apparmor-profiles packages (since the upstream apparmor build system checks for the existence of such include rules) and likely only affects other packages which ship their own AppArmor profiles. |
|
