Ubuntu
apparmor package

apparmor failing to be purged when /var/lib/apparmor/profiles or /var/lib/apparmor doesn't exist

  1. Trusty (14.04)
  2. Bug #1661406
Bug #1661406 reported by Michael Baker
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Medium
Tyler Hicks
Trusty
Fix Released
Medium
Tyler Hicks

Bug Description

[Impact]

The apparmor package cannot be successfully purged when /var/lib/apparmor/profiles or /var/lib/apparmor do not exist. This is the case in default installs of the apparmor 2.10.95-0ubuntu2.5~14.04.1 package in Ubuntu 14.04 LTS.

[Test Case]

Ensure that /var/lib/apparmor/profiles does not exist and then `apt-get purge apparmor`.

[Regression Potential]

Very low. The only real regression potential comes from rebuilding the package itself. To counter this risk, I'll be going through the AppArmor Test Plan with the package once it is built in trusty-proposed:

  https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor

[Original Report]

Version: 2.10.95-0ubuntu2.5~14.04.1

When executing apt -y purge apparmor.

The purge run but has errors as files do not exist and the rmdir fails to execute.

rmdir: failed to remove '/var/lib/apparmor/profiles': No such file or directory

Steps to reproduce:
apt-get update
apt-get -y install apparmor
apt -y purge apparmor

I will put workarounds in place for now in puppet but this is making puppet not like it..

See original description

CVE References

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Thanks for the bug report! This only seems to affect the apparmor package that was SRU'ed to trusty from xenial. Xenial doesn't look to be affected.

Changed in apparmor (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Changed in apparmor (Ubuntu Trusty):
status: New → Confirmed
importance: Undecided → Medium
Changed in apparmor (Ubuntu):
status: Confirmed → Invalid
Tyler Hicks (tyhicks)
Changed in apparmor (Ubuntu Trusty):
assignee: nobody → Tyler Hicks (tyhicks)
status: Confirmed → Triaged
Tyler Hicks (tyhicks)
Changed in apparmor (Ubuntu Trusty):
status: Triaged → In Progress
Revision history for this message
Tyler Hicks (tyhicks) wrote :

All releases are technically affected but, in practice, this only shows up on 14.04. I'm going to upload a fix to Zesty and then prepare a SRU for 14.04. I don't plan on fixing any other stable releases as the risk/reward trade-off from rebuilding the apparmor package just doesn't make sense.

summary: - apparmor failing to be purged on trusty
+ apparmor failing to be purged when /var/lib/apparmor/profiles or
+ /var/lib/apparmor doesn't exist
Changed in apparmor (Ubuntu):
status: Invalid → In Progress
assignee: nobody → Tyler Hicks (tyhicks)
Tyler Hicks (tyhicks)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.11.0-2ubuntu2

---------------
apparmor (2.11.0-2ubuntu2) zesty; urgency=medium

  * debian/apparmor.postrm: Ensure that a purge of the apparmor package does
    not fail if the /var/lib/apparmor/profiles or /var/lib/apparmor
    directories do not exist. This purge operation should be considered
    successful in that situation. (LP: #1661406)

 -- Tyler Hicks <email address hidden> Thu, 02 Mar 2017 00:21:14 +0000

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.6~14.04.1

---------------
apparmor (2.10.95-0ubuntu2.6~14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Merge from xenial-security to get fix for CVE-2017-6507
  * debian/apparmor.postrm: Ensure that a purge of the apparmor package does
    not fail if the /var/lib/apparmor/profiles or /var/lib/apparmor
    directories do not exist. This purge operation should be considered
    successful in that situation. (LP: #1661406)

 -- Tyler Hicks <email address hidden> Thu, 16 Mar 2017 01:20:13 +0000

Changed in apparmor (Ubuntu Trusty):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.