← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #91640

[Bug 1453088] Re: isc-dhcp-server apparmor include

  Thread PreviousDate PreviousThread Next 
Hi Simon. Sorry for the difficulty you encountered. The specific
traceback issue you encountered with aa-complain has been addressed in
trusty in apparmor-utils and python3-apparmor 2.8.95~2430-0ubuntu5.2, so
I'm closing this bug (it was also fixed upstream in the 2.9.2 and 2.10
releases).

Yes, the use of c-style #include and shell style # prefix for comments
is a bit confusing. AppArmor 2.10 which will be in ubuntu 15.10 includes
support for just using the keyword 'include' instead of "#include'
(though the latter will still work).

The "dhcpd.d" include is assuming the base path to look for included
files and directories is /etc/apparmor.d/. In this case, the include
references the directory /etc/apparmor.d/dhcpd.d/ which tells apparmor
to include any files in that directory into the profile. However, the
aa-complain tool before 2.8.95~2430-0ubuntu5.2 did not support including
directories, which is why it crashed.

Thanks!

** Changed in: apparmor (Ubuntu)
       Status: New => Fix Released

** Changed in: apparmor
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1453088

Title:
  isc-dhcp-server apparmor include

Status in AppArmor:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  I tried to put isc-dhcp-server in to complain mode due to issues with
  /run and /var/run PID flags.

  It gave me an error

  root@here:/etc/apparmor.d# aa-complain usr.sbin.dhcpd 
  Setting /etc/apparmor.d/usr.sbin.dhcpd to complain mode.
  Traceback (most recent call last):
    File "/usr/sbin/aa-complain", line 30, in <module>
      tool.cmd_complain()
    File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 184, in cmd_complain
      raise apparmor.AppArmorException(cmd_info[1])
  apparmor.common.AppArmorException: "AppArmor parser error for /etc/apparmor.d/usr.sbin.dhcpd in /etc/apparmor.d/usr.sbin.dhcpd at line 69: Could not open 'dhcpd.d'\n"

  due to #include <dhcpd.d> in usr.sbin.dhcpd

  Two things confuse me.  The use of '#' and '# ' to mean include and
  for commenting respectively.  Is this not going to make bug fixing
  more difficult ?

  and two should dhcpd.d include a full path ?

  Why is app armour complain complaining with a standard file ?

  Cheers
  Simon

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1453088/+subscriptions

References

  Thread PreviousDate PreviousThread Next