Hi John, On Tue, Sep 22, 2015 at 12:11 AM, John Johansen <[email protected]> wrote: > On 09/21/2015 07:33 AM, Robert Munteanu wrote: >> Hi, >> >> I'm running apparmor 2.9.1, Kernel 3.16.7-24-default on openSUSE 13.2 >> x86_64. During my attempts to configure and enable apparmor I hit a >> roadblock which I can't get out of. I created a >> usr.sbin.httpd2-prefork profile to match the apache installation from >> openSUSE. ( see diff at the end, I can find nothing relevant ). >> >> Trying to put the module into enforce mode leads to an error parsing >> /etc/apparmor.d/tunables/home: >> >> # aa-enforce usr.sbin.httpd2-prefork >> Setting /etc/apparmor.d/usr.sbin.httpd2-prefork to enforce mode. >> Traceback (most recent call last): >> File "/usr/sbin/aa-enforce", line 30, in <module> >> tool.cmd_enforce() >> File "/usr/lib/python3.4/site-packages/apparmor/tools.py", line 166, >> in cmd_enforce >> raise apparmor.AppArmorException(cmd_info[1]) >> apparmor.common.AppArmorException: 'AppArmor parser error for >> /etc/apparmor.d/usr.sbin.httpd2-prefork in >> /etc/apparmor.d/tunables/home at line 16: syntax error, unexpected >> TOK_EQUALS, expecting TOK_MODE\n' >> >> The tunables/home file is unchanged. >> >> This looks a lot like >> https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1487536 , but >> I don't have an ubuntu machine to use apport for adding more >> information. >> >> How can I debug/fix this issue? >> > Hi Robert I am not sure what is going on from the provided info. However > we can manually work around this if needed. > > if you do > sudo apparmor_parser -r usr.sbin.httpd2-prefork > > does it succeed?
No, same error: # apparmor_parser -r usr.sbin.httpd2-prefork AppArmor parser error for usr.sbin.httpd2-prefork in /etc/apparmor.d/tunables/home at line 16: syntax error, unexpected TOK_EQUALS, expecting TOK_MODE > > To manually put the profile in enforce mode, you need to make sure it is > not tagged as being in complain mode. This can be done by setting a > symlink in /etc/apparmor.d/force-complain or by directly setting the > flag in the profile file. Eg. > > /etc/apparmor.d/usr.sbin.httpd2-prefork I guess I would break more stuff my manually putting the profile in enforce mode if it's not parseable ... Thanks, Robert -- http://robert.muntea.nu/ -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
