# We run privileged, so be fanatical about what we include and don't use
# any abstractions
/etc/ld.so.cache r,
[...]
However, it does not seem to handle this well when we use some of the associated utilities:
$ sudo aa-complain foo
ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15:
include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
$ sudo aa-disable foo
ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15:
include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
Ok this seems to be an issue with some of the basic apparmor commands not preprocessing the profiles when working on them.
If we ask apparmor to parse the file in question it is happy to do so:
apparmor_parser -p -Q /etc/apparmor. d/snap. core.3440. usr.lib. snapd.snap- confine /forum. snapcraft. io/t/snapd- vs-upstream- kernel- vs-apparmor /forum. snapcraft. io/t/snaps- and-nfs- home/
[...]
# Those are discussed on https:/
# and https:/
##included "/var/lib/ snapd/apparmor/ snap-confine. d"
# We run privileged, so be fanatical about what we include and don't use ld.so.cache r,
# any abstractions
/etc/
[...]
However, it does not seem to handle this well when we use some of the associated utilities:
$ sudo aa-complain foo
ERROR: Syntax Error: Unknown line found in file /etc/apparmor. d/snap. core.3440. usr.lib. snapd.snap- confine line 15: snapd/apparmor/ snap-confine. d" /etc/ld.so.cache r,
include "/var/lib/
$ sudo aa-disable foo
ERROR: Syntax Error: Unknown line found in file /etc/apparmor. d/snap. core.3440. usr.lib. snapd.snap- confine line 15: snapd/apparmor/ snap-confine. d" /etc/ld.so.cache r,
include "/var/lib/