It should be fixed as of the AppArmor 3.0 release. With 3.0 the handling
of jobs doesn't stop with an error unless --abort-on-error is specified.
Instead the parser will keep track of the last error and return that
there was an error, but it will keep processing the rest of the jobs.
We did not
I'm a bit confused:
* On the one hand, this bug is *not* marked is fixed in AppArmor
upstream; the only reason it was marked as "Fix Released" for Ubuntu is
the pile of kludges added in /lib/apparmor/functions, that I migrated to
rc.apparmor.functions upstream a few years back.
* On the other
Along with LP: #1488179, this is one source of ugliness in current
Debian/Ubuntu initscript, that makes it harder than needed to port it to
systemd.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Tags added: aa-parser
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1377338
Title:
apparmor may fail to load some profiles if one is corrupted
Status in “apparmor”
14.10 had workaround in place in 2.8.98-0ubuntu2
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor
Status: New = Triaged
** Changed in: apparmor
Importance: Undecided = Medium
** Changed in: apparmor (Ubuntu)
Status: Triaged = Fix
The cause of the corruption is believed to be an interaction between the
click-system-hooks and the apparmor upstart jobs. click-apparmor will be
adjusted to use a blocking lockfile to avoid the corruption. As such,
the apparmor task priority can be reduced.
After discussing with the apparmor
Upon further investigation, python3-apparmor-click and python3-apparmor-
easyprof both use shutil.move() to put a temp file into place.
shutil.move() will use os.rename() if the files reside on the same file,
but will use shutil.copy2() followed by an unlink otherwise. Since the
tempfile.mkstemp()
For rtm I can add a workaround to /lib/apparmor/functions to fallback to
using -n1 if tha parser fails on the profile set. This is a minimal
change and retains the performance improvements of not using -n1 in the
normal case of things being ok. However, we want to remove this and rely
on the
This bug was fixed in the package click-apparmor - 0.2.11.1
---
click-apparmor (0.2.11.1) utopic; urgency=medium
* aa-clickhook: don't remove the lock file so we can properly handle 3 or
more processes contending for the lock
click-apparmor (0.2.11) utopic; urgency=medium
*
This bug was fixed in the package click-apparmor - 0.2.11.1
---
click-apparmor (0.2.11.1) utopic; urgency=medium
* aa-clickhook: don't remove the lock file so we can properly handle 3 or
more processes contending for the lock
click-apparmor (0.2.11) utopic; urgency=medium
*
This bug was fixed in the package apparmor - 2.8.96~2652-0ubuntu5.1
---
apparmor (2.8.96~2652-0ubuntu5.1) 14.09; urgency=medium
* debian/apparmor.{upstart,init}: check if click-apparmor md5sums changed so
we regenerate the policy if it changes too (LP: #1371574)
*
** Changed in: apparmor (Ubuntu)
Status: New = In Progress
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Tags added: rtm14 touch-2014-10-09
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
** Also affects: apparmor (Ubuntu RTM)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu RTM)
Status: New = In Progress
** Changed in: apparmor (Ubuntu RTM)
Importance: Undecided = Critical
** Changed in: apparmor (Ubuntu RTM)
Assignee: (unassigned) =
13 matches
Mail list logo