touch-packages team mailing list archive

Thread
Date
[Bug 1459771] Re: Apparmor enforce mode not enforcing all profiles

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1459771@xxxxxxxxxxxxxxxxxx>
Date: Thu, 28 May 2015 18:35:20 -0000
Reply-to: Bug 1459771 <1459771@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
*** This bug is a duplicate of bug 1378095 ***
    https://bugs.launchpad.net/bugs/1378095

A fix for this issue is in progress:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1449769

In the meantime you can hand-edit the policies to remove the complain
flag and reload them with apparmor_parser --replace /etc/apparmor.d/...

Sorry for the inconvenience.

** Information type changed from Private Security to Public

** This bug has been marked a duplicate of bug 1378095
   aa-complain traceback when marking multiple profiles

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1459771

Title:
  Apparmor enforce mode not enforcing all profiles

Status in apparmor package in Ubuntu:
  New

Bug description:
  I'm having difficulties transferring over all my apparmor profiles
  into enforcing mode, (sudo aa-enforce /etc/apparmor.d/*) For some
  reason, when I enter them in manually one at a time it works however
  its still buggy with certain profiles that are listed in complain
  mode.  Any help would be appreciated.  I've copied over the terminal
  error messages with codes.  See below.

  netuser-pc@netuser-pc:~$ sudo aa-enforce /etc/apparmor.d/*
  Profile for /etc/apparmor.d/abstractions not found, skipping
  Traceback (most recent call last):
    File "/usr/sbin/aa-enforce", line 30, in <module>
      tool.cmd_enforce()
    File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 153, in cmd_enforce
      apparmor.read_profiles()
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2564, in read_profiles
      read_profile(profile_dir + '/' + file, True)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2590, in read_profile
      profile_data = parse_profile_data(data, file, 0)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2843, in parse_profile_data
      store_list_var(filelist[file]['lvar'], list_var, value, var_operation)
    File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3274, in store_list_var
      raise AppArmorException(_('An existing variable redefined: %s') % list_var)
  apparmor.common.AppArmorException: 'An existing variable redefined: @{MOZ_LIBDIR}'

  
  Copy of 20 profiles in complain mode that need to be altered to enforce.  See below.

  20 profiles are in complain mode.
     /sbin/klogd
     /sbin/syslog-ng
     /sbin/syslogd
     /usr/lib/chromium-browser/chromium-browser
     /usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox
     /usr/lib/chromium-browser/chromium-browser//lsb_release
     /usr/lib/chromium-browser/chromium-browser//xdgsettings
     /usr/lib/dovecot/deliver
     /usr/lib/dovecot/dovecot-auth
     /usr/lib/dovecot/imap
     /usr/lib/dovecot/imap-login
     /usr/lib/dovecot/managesieve-login
     /usr/lib/dovecot/pop3
     /usr/lib/dovecot/pop3-login
     /usr/sbin/dovecot
     /usr/sbin/identd
     /usr/sbin/mdnsd
     /usr/sbin/nscd
     /usr/{sbin/traceroute,bin/traceroute.db}
     /{usr/,}bin/ping

  
  Any ideas?

  -Newaye

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1459771/+subscriptions