Ok this seems to be an issue with some of the basic apparmor commands
not preprocessing the profiles when working on them.
If we ask apparmor to parse the file in question it is happy to do so:
apparmor_parser -p -Q /etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine
[...]
# Those are discussed on
https://forum.snapcraft.io/t/snapd-vs-upstream-kernel-vs-apparmor
# and https://forum.snapcraft.io/t/snaps-and-nfs-home/
##included "/var/lib/snapd/apparmor/snap-confine.d"
# We run privileged, so be fanatical about what we include and don't use
# any abstractions
/etc/ld.so.cache r,
[...]
However, it does not seem to handle this well when we use some of the
associated utilities:
$ sudo aa-complain foo
ERROR: Syntax Error: Unknown line found in file
/etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15:
include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
$ sudo aa-disable foo
ERROR: Syntax Error: Unknown line found in file
/etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15:
include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734038
Title:
Potential regression found with apparmor test on Xenial/Zesty
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
