[Touch-packages] [Bug 1649431] Re: several missing include local/foo
** Description changed: It is surprising that /etc/apparmor.d/local/usr.bin.webbrowser.app exists, but is impotent because no other file includes it. There are several such files on my 16.04 system: $ cd /etc/apparmor.d && for i in local/*; do find . -type f | xargs sudo grep "include.*$i" >/dev/null || echo "$i is not included anywhere"; done | grep -v README local/usr.bin.ubuntu-core-launcher is not included anywhere local/usr.bin.webbrowser-app is not included anywhere local/usr.lib.snapd.snap-confine is not included anywhere local/usr.sbin.ippusbxd is not included anywhere + + The impact of this bug is that it is not possible to add site-specific + rules to some AppArmor profiles in an Ubuntu system. Note that this + should not be a problem with profiles shipped in the apparmor-profiles + packages (since the upstream apparmor build system checks for the + existence of such include rules) and likely only affects other packages + which ship their own AppArmor profiles. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1649431 Title: several missing include local/foo Status in AppArmor: Invalid Status in ippusbxd package in Ubuntu: Confirmed Status in snap-confine package in Ubuntu: Confirmed Status in webbrowser-app package in Ubuntu: Confirmed Bug description: It is surprising that /etc/apparmor.d/local/usr.bin.webbrowser.app exists, but is impotent because no other file includes it. There are several such files on my 16.04 system: $ cd /etc/apparmor.d && for i in local/*; do find . -type f | xargs sudo grep "include.*$i" >/dev/null || echo "$i is not included anywhere"; done | grep -v README local/usr.bin.ubuntu-core-launcher is not included anywhere local/usr.bin.webbrowser-app is not included anywhere local/usr.lib.snapd.snap-confine is not included anywhere local/usr.sbin.ippusbxd is not included anywhere The impact of this bug is that it is not possible to add site-specific rules to some AppArmor profiles in an Ubuntu system. Note that this should not be a problem with profiles shipped in the apparmor-profiles packages (since the upstream apparmor build system checks for the existence of such include rules) and likely only affects other packages which ship their own AppArmor profiles. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1649431/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1649431] Re: several missing include local/foo
I'm not going to add a task for ubuntu-core-launcher because that package was replaced by snap-confine. I'm marking the apparmor task as Invalid because this bug only applies to profiles that are not shipped by the apparmor or apparmor-profiles packages. The upstream apparmor project has an install-time check that verifies that all of the profiles have an "#include " rule. ** Also affects: ippusbxd (Ubuntu) Importance: Undecided Status: New ** Changed in: ippusbxd (Ubuntu) Importance: Undecided => Low ** Changed in: ippusbxd (Ubuntu) Status: New => Confirmed ** Also affects: snap-confine (Ubuntu) Importance: Undecided Status: New ** Changed in: snap-confine (Ubuntu) Status: New => Confirmed ** Changed in: snap-confine (Ubuntu) Importance: Undecided => Low ** Also affects: webbrowser-app (Ubuntu) Importance: Undecided Status: New ** Changed in: webbrowser-app (Ubuntu) Status: New => Confirmed ** Changed in: webbrowser-app (Ubuntu) Importance: Undecided => Low ** Changed in: apparmor Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1649431 Title: several missing include local/foo Status in AppArmor: Invalid Status in ippusbxd package in Ubuntu: Confirmed Status in snap-confine package in Ubuntu: Confirmed Status in webbrowser-app package in Ubuntu: Confirmed Bug description: It is surprising that /etc/apparmor.d/local/usr.bin.webbrowser.app exists, but is impotent because no other file includes it. There are several such files on my 16.04 system: $ cd /etc/apparmor.d && for i in local/*; do find . -type f | xargs sudo grep "include.*$i" >/dev/null || echo "$i is not included anywhere"; done | grep -v README local/usr.bin.ubuntu-core-launcher is not included anywhere local/usr.bin.webbrowser-app is not included anywhere local/usr.lib.snapd.snap-confine is not included anywhere local/usr.sbin.ippusbxd is not included anywhere The impact of this bug is that it is not possible to add site-specific rules to some AppArmor profiles in an Ubuntu system. Note that this should not be a problem with profiles shipped in the apparmor-profiles packages (since the upstream apparmor build system checks for the existence of such include rules) and likely only affects other packages which ship their own AppArmor profiles. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1649431/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
