On Wed, Nov 22, 2017 at 07:32:39PM +0000, daniel curtis wrote:
> /usr/lib/snapd/snap-confine (attach_disconnected) {
> [...]
> include "/var/lib/snapd/apparmor/snap-confine.d"
>
> # We run privileged, so be fanatical about (...)
> /etc/ld.so.cache r,Hello Daniel, I'm having trouble finding this profile. Can you report where it came from? I have a vague feeling that this isn't the first bug report I've seen to include it, but I just can't find the thing to investigate further. > aa-enforce(8) command produces the same error as above. As we can see, the > error is the same. So it seems, that I'm unable to work with AppArmor > profiles! The Python-based utilities all assume that the AppArmor profiles always parse properly. Any bug in any profile makes all the Python tools useless on all profiles. We cannot address this limitiation in any reasonable way. When a profile is broken in a way that prevents the tools from parsing the profile, you have no choice but to fix the broken profile if you wish to use any of the Python tools. Of course, that may have consequences: - Debian packages often will only upgrade a "configuration file" automatically if it is unchanged. So fixing a bug in a profile that was shipped in a Debian package may mean you do not get updates to the configuration file in the future. Worse yet you will have no notification of this most of the time. - Tools that automatically modify the profile may not recognize the profile after you fix it. Hopefully this is rare. Hopefully such hypothetical tools are more resilient to small changes than this. So either you're going to be hand-editing your other profiles to do what you want or hand-editing the broken profile. I don't see other choices. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
