** Description changed: + [SRU] + + [ Impact ] + + * AppArmor profile for 'marble' misformatted, which causes: + + - Profile fails to load on package installation. + - AppArmor cannot be restarted (profiles cannot be reloaded because of the faulty profile installed by marble). + + * The suggested upload [1] includes a simple fix to the profile. + + [ Test Plan ] + + * Reproducing the bug: + + 1. Install the latest avail. version of package 'marble': + + - 4:24.12.3-0ubuntu1 on Plucky, or + - 4:25.08.1-0ubuntu1 on Questing/Resolute + + Output on Plucky: + + $ sudo apt update + $ sudo apt install marble + [snip] + Setting up marble (4:24.12.3-0ubuntu1) ... + Installing new version of config file /etc/apparmor.d/usr.bin.marble ... + AppArmor parser error for /etc/apparmor.d/usr.bin.marble in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE + + 2. Try to restart AppArmor: + + $ sudo systemctl restart apparmor + Job for apparmor.service failed because the control process exited with error code. + See "systemctl status apparmor.service" and "journalctl -xeu apparmor.service" for details. + + $ sudo systemctl status apparmor.service + × apparmor.service - Load AppArmor profiles + [snip] + Oct 16 16:40:42 marble2510 systemd[1]: Starting apparmor.service - Load AppArmor profiles... + Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Restarting AppArmor + Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Reloading AppArmor profiles + Oct 16 16:40:42 marble2510 apparmor.systemd[15780]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting> + Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Error: At least one profile failed to load + Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE + Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Failed with result 'exit-code'. + Oct 16 16:40:42 marble2510 systemd[1]: Failed to start apparmor.service - Load AppArmor profiles. + + * Fix: + + * Modifying the AppArmor profile as suggested in the prepared MPs + against Plucky [3], Questing [2], and Resolute [1], fixes the problem: + marble installs without errors, and AppArmor can (re)load all profiles + as expected. + + * That the fix works can be tested by following the above + instructions for reproducing after installing: + + - 4:24.12.3-0ubuntu2 from plucky-proposed (when [3] is merged) + - 4:25.08.1-0ubuntu2 from questing-proposed (when [2] is merged) + - 4:25.08.1-0ubuntu2 from devel-proposed (when [1] is merged) + + [ Where problems could occur ] + + * A faulty AppArmor profile (that can be loaded and allows the app to + run) could introduce a security problem. Given that the suggested fix + does not modify the access control (i.e. does not add, remove, or change + the defined rules in the profile, which had already been merged before) + and only fixes syntax, I believe this potential problem does not apply + in this case. + + Also, this profile is the same as a working profile in a number of + other packages that already are a part of the distribution. For example: + + - plasma-welcome: https://git.launchpad.net/ubuntu/+source/plasma-welcome/tree/debian/plasma-welcome-apparmor + - digikam: https://git.launchpad.net/ubuntu/+source/digikam/tree/debian/digikam-apparmor + - cantor: https://git.launchpad.net/ubuntu/+source/cantor/tree/debian/cantor-apparmor + - and others + + [ Other Info ] + + * Tested with the same results (both the bug and the fix) on Plucky and + Questing. + + * PPA with the fix for testing purposes is at [3]. + + * The package has one autopkgtest, but it's disabled + (control.disabled), so not reporting on that. + + [1] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494463 + [2] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494466 + [3] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494465 + [4] https://launchpad.net/~rkratky/+archive/ubuntu/marble-fix-lp2109937-apparmor + + [ Original Description ] + Hi, here is the problem: $ journalctl | grep marble May 03 21:33:06 vougeot apparmor.systemd[1385]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE ProblemType: Bug DistroRelease: Ubuntu 25.04 Package: marble 4:24.12.3-0ubuntu1 Uname: Linux 6.14.4-061404-generic x86_64 ApportVersion: 2.32.0-0ubuntu5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Sun May 4 23:14:23 2025 SourcePackage: marble UpgradeStatus: No upgrade log present (probably fresh install)
** Summary changed: - syntax error in apparmor profile + [SRU] syntax error in apparmor profile -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2109937 Title: [SRU] syntax error in apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/marble/+bug/2109937/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
