Thanks John!
I've changed the bug tasks back to lintian as it sounds like the most
reasonable short-term option would be to patch lintian to pick a
predictable directory and update the apparmor profiles; later, we will
have new apparmor to deal with this situation more elegantly
--
You received
@Seth: I was only using /tmp/output to not write to the current dir; the
typical case is lintian creating a safe tmpdir.
** Also affects: lintian (Ubuntu)
Importance: Undecided
Status: New
** Changed in: lintian (Ubuntu)
Status: New => Confirmed
** No longer affects: groff
So the answer, is most likely not great atm.
Option 1: unconfined
If you are coming from an unconfined bash/lintian then object delegation will
take care of this for you (more on that below). However since you are seeing
file_inherit messages that isn't the case. And you would need to change
Loïc, it's possible the 'fix' (really a work-around) is to add
`flags=(attach_disconnected)` to the profile in question. (I'm guessing
that would be enough to prevent AppArmor from replacing the file.)
In your logs it looks like it's already trying to use /tmp/output. This
might be unsafe,
I got the same issue days ago when debugging a package in s390x, so it
is not architecture-specific.
ubuntu@devnoble1:~/libica-noble/libica-4.3.0$ lintian -I --pedantic
--tag-display-limit 0
W: libica-utils: groff-message command exited with status 2:
/usr/libexec/man-db/zsoelim |
I'm not sure how to properly fix this, we allow the shell to write
anywhere, then file_inherit is triggered because we don't want man to
write anywhere, which seems to be what we typically want to achieve with
the apparmor profile.
Should we teach lintian and perhaps every other tool to use a
This is due to the apparmor profile and the man pipeline trying to flush
and stat the output file which can be anywhere in the fs
[Thu Feb 29 11:23:53 2024] audit: type=1400 audit(1709205849.791:651):
apparmor="DENIED" operation="file_inherit" class="file"
namespace="root//lxd-daily_"
** Description changed:
- Hello,
+ groff crash when redirecting output to a file
- I was trying to run lintian on some deb packages an run onto some errors
- messages from groff.
-
- Steps to reproduce:
-
- 1. Setup a LXD container with mantic or Noble:
-
- lxc launch ubuntu-daily:noble #or
** No longer affects: lintian (Ubuntu)
** No longer affects: ubuntu
** Changed in: groff (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055402
Title:
** Description changed:
Hello,
I was trying to run lintian on some deb packages an run onto some errors
messages from groff.
Steps to reproduce:
1. Setup a LXD container with mantic or Noble:
lxc launch ubuntu-daily:noble #or lxc launch ubuntu:mantic
- 2. Install
** Description changed:
Hello,
I was trying to run lintian on some deb packages an run onto some errors
messages from groff.
Steps to reproduce:
1. Setup a LXD container with mantic or Noble:
lxc launch ubuntu-daily:noble #or lxc launch ubuntu:mantic
2. Install
11 matches
Mail list logo
