ubuntu-apps-bugs team mailing list archive

Thread
Date

[Bug 1649431] Re: several missing include local/foo

To: ubuntu-apps-bugs@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Tue, 13 Dec 2016 00:51:07 -0000
Reply-to: Bug 1649431 <1649431@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm not going to add a task for ubuntu-core-launcher because that
package was replaced by snap-confine.

I'm marking the apparmor task as Invalid because this bug only applies
to profiles that are not shipped by the apparmor or apparmor-profiles
packages. The upstream apparmor project has an install-time check that
verifies that all of the profiles have an "#include
<local/profile.name>" rule.

** Also affects: ippusbxd (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: ippusbxd (Ubuntu)
   Importance: Undecided => Low

** Changed in: ippusbxd (Ubuntu)
       Status: New => Confirmed

** Also affects: snap-confine (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: snap-confine (Ubuntu)
       Status: New => Confirmed

** Changed in: snap-confine (Ubuntu)
   Importance: Undecided => Low

** Also affects: webbrowser-app (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: webbrowser-app (Ubuntu)
       Status: New => Confirmed

** Changed in: webbrowser-app (Ubuntu)
   Importance: Undecided => Low

** Changed in: apparmor
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Apps bug tracking, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1649431

Title:
  several missing include local/foo

Status in AppArmor:
  Invalid
Status in ippusbxd package in Ubuntu:
  Confirmed
Status in snap-confine package in Ubuntu:
  Confirmed
Status in webbrowser-app package in Ubuntu:
  Confirmed

Bug description:
  It is surprising that /etc/apparmor.d/local/usr.bin.webbrowser.app
  exists, but is impotent because no other file includes it.

  There are several such files on my 16.04 system:

  $ cd /etc/apparmor.d && for i in local/*; do find . -type f | xargs sudo grep "include.*$i" >/dev/null || echo "$i is not included anywhere"; done | grep -v README
  local/usr.bin.ubuntu-core-launcher is not included anywhere
  local/usr.bin.webbrowser-app is not included anywhere
  local/usr.lib.snapd.snap-confine is not included anywhere
  local/usr.sbin.ippusbxd is not included anywhere

  The impact of this bug is that it is not possible to add site-specific
  rules to some AppArmor profiles in an Ubuntu system. Note that this
  should not be a problem with profiles shipped in the apparmor-profiles
  packages (since the upstream apparmor build system checks for the
  existence of such include rules) and likely only affects other
  packages which ship their own AppArmor profiles.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1649431/+subscriptions