edubuntu-bugs team mailing list archive

Thread
Date
[Bug 2109937] Re: syntax error in apparmor profile

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Robert Krátký <2109937@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Oct 2025 17:55:45 -0000
Reply-to: Bug 2109937 <2109937@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
** Description changed:

+ [SRU]
+ 
+ [ Impact ]
+ 
+  * AppArmor profile for 'marble' misformatted, which causes:
+ 
+    - Profile fails to load on package installation.
+    - AppArmor cannot be restarted (profiles cannot be reloaded because of the faulty profile installed by marble).
+ 
+  * The suggested upload [1] includes a simple fix to the profile.
+ 
+ [ Test Plan ]
+ 
+  * Reproducing the bug:
+ 
+    1. Install the latest avail. version of package 'marble':
+ 
+       - 4:24.12.3-0ubuntu1 on Plucky, or
+       - 4:25.08.1-0ubuntu1 on Questing/Resolute
+ 
+ Output on Plucky:
+ 
+ $ sudo apt update
+ $ sudo apt install marble
+ [snip]
+ Setting up marble (4:24.12.3-0ubuntu1) ...
+ Installing new version of config file /etc/apparmor.d/usr.bin.marble ...
+ AppArmor parser error for /etc/apparmor.d/usr.bin.marble in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE
+ 
+    2. Try to restart AppArmor:
+ 
+ $ sudo systemctl restart apparmor
+ Job for apparmor.service failed because the control process exited with error code.
+ See "systemctl status apparmor.service" and "journalctl -xeu apparmor.service" for details.
+ 
+ $ sudo systemctl status apparmor.service
+ × apparmor.service - Load AppArmor profiles
+ [snip]
+ Oct 16 16:40:42 marble2510 systemd[1]: Starting apparmor.service - Load AppArmor profiles...
+ Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Restarting AppArmor
+ Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Reloading AppArmor profiles
+ Oct 16 16:40:42 marble2510 apparmor.systemd[15780]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting>
+ Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Error: At least one profile failed to load
+ Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
+ Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Failed with result 'exit-code'.
+ Oct 16 16:40:42 marble2510 systemd[1]: Failed to start apparmor.service - Load AppArmor profiles.
+ 
+  * Fix:
+ 
+    * Modifying the AppArmor profile as suggested in the prepared MPs
+ against Plucky [3], Questing [2], and Resolute [1], fixes the problem:
+ marble installs without errors, and AppArmor can (re)load all profiles
+ as expected.
+ 
+    * That the fix works can be tested by following the above
+ instructions for reproducing after installing:
+ 
+      - 4:24.12.3-0ubuntu2 from plucky-proposed (when [3] is merged)
+      - 4:25.08.1-0ubuntu2 from questing-proposed (when [2] is merged)
+      - 4:25.08.1-0ubuntu2 from devel-proposed (when [1] is merged)
+ 
+ [ Where problems could occur ]
+ 
+  * A faulty AppArmor profile (that can be loaded and allows the app to
+ run) could introduce a security problem. Given that the suggested fix
+ does not modify the access control (i.e. does not add, remove, or change
+ the defined rules in the profile, which had already been merged before)
+ and only fixes syntax, I believe this potential problem does not apply
+ in this case.
+ 
+    Also, this profile is the same as a working profile in a number of
+ other packages that already are a part of the distribution. For example:
+ 
+    - plasma-welcome: https://git.launchpad.net/ubuntu/+source/plasma-welcome/tree/debian/plasma-welcome-apparmor
+    - digikam: https://git.launchpad.net/ubuntu/+source/digikam/tree/debian/digikam-apparmor
+    - cantor: https://git.launchpad.net/ubuntu/+source/cantor/tree/debian/cantor-apparmor
+    - and others
+ 
+ [ Other Info ]
+ 
+  * Tested with the same results (both the bug and the fix) on Plucky and
+ Questing.
+ 
+  * PPA with the fix for testing purposes is at [3].
+ 
+  * The package has one autopkgtest, but it's disabled
+ (control.disabled), so not reporting on that.
+ 
+ [1] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494463
+ [2] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494466
+ [3] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494465
+ [4] https://launchpad.net/~rkratky/+archive/ubuntu/marble-fix-lp2109937-apparmor
+ 
+ [ Original Description ]
+ 
  Hi,
  
  here is the problem:
  
  $ journalctl | grep marble
  May 03 21:33:06 vougeot apparmor.systemd[1385]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE
  
  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: marble 4:24.12.3-0ubuntu1
  Uname: Linux 6.14.4-061404-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Sun May  4 23:14:23 2025
  SourcePackage: marble
  UpgradeStatus: No upgrade log present (probably fresh install)

** Summary changed:

- syntax error in apparmor profile
+ [SRU] syntax error in apparmor profile

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to marble in Ubuntu.
https://bugs.launchpad.net/bugs/2109937

Title:
  [SRU] syntax error in apparmor profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/marble/+bug/2109937/+subscriptions
References

[Bug 2109937] [NEW] syntax error in apparmor profile
From: Laurent Bonnaud, 2025-05-04