Hi, These problems were reported shortly after the 4.1.0-1+b1 binNMU, which was built against linux-libc-dev 6.17.9-1, while 4.1.1-0 was built against 6.12.21-1, while I see Tomáš is running 6.17.8, so I think we're hit by the problem documented in the upstream FAQ, namely "apparmor_parser [built] against newer kernel headers than the currently running kernel":
https://gitlab.com/apparmor/apparmor/-/wikis/FAQ#what-causes-the-error-profile-doesnt-conform-to-protocol However C.W. is running 6.17.9 which does not track. C.W., can you please confirm you can still reproduce this bug on current sid's kernel? In terms of solutions, I suppose we could make the apparmor binary package depend on a version of the kernel at least as recent as the one it was built against (not sure how but this could be worth researching). This should help in some cases; but it's not going to help in all cases, and for example this would not have helped Tomáš, because we don't have a way to express a versioned dependency about the *currently running* kernel, and in the most symptomatic case (src:linux update quickly followed by src:apparmor rebuild), the user is going to upgrade the kernel and apparmor at the same time, before a reboot can occur. I'm curious how other distros handle this. Cheers, -- intrigeri
