** Description changed: [SRU] [ Impact ] - * AppArmor profile for 'marble' misformatted, which causes: + * AppArmor profile for 'marble' misformatted, which causes: - - Profile fails to load on package installation. - - AppArmor cannot be restarted (profiles cannot be reloaded because of the faulty profile installed by marble). + - Profile fails to load on package installation. + - AppArmor cannot be restarted (profiles cannot be reloaded because of the faulty profile installed by marble). - * The suggested upload [1] includes a simple fix to the profile. + * The suggested upload [1] includes a simple fix to the profile. [ Test Plan ] - * Reproducing the bug: + * Reproducing the bug: - 1. Install the latest avail. version of package 'marble': + 1. Install the latest avail. version of package 'marble': - - 4:24.12.3-0ubuntu1 on Plucky, or - - 4:25.08.1-0ubuntu1 on Questing/Resolute + - 4:24.12.3-0ubuntu1 on Plucky, or + - 4:25.08.1-0ubuntu1 on Questing/Resolute Output on Plucky: $ sudo apt update $ sudo apt install marble [snip] Setting up marble (4:24.12.3-0ubuntu1) ... Installing new version of config file /etc/apparmor.d/usr.bin.marble ... AppArmor parser error for /etc/apparmor.d/usr.bin.marble in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE - 2. Try to restart AppArmor: + 2. Try to restart AppArmor: $ sudo systemctl restart apparmor Job for apparmor.service failed because the control process exited with error code. See "systemctl status apparmor.service" and "journalctl -xeu apparmor.service" for details. $ sudo systemctl status apparmor.service × apparmor.service - Load AppArmor profiles [snip] Oct 16 16:40:42 marble2510 systemd[1]: Starting apparmor.service - Load AppArmor profiles... Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Restarting AppArmor Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Reloading AppArmor profiles Oct 16 16:40:42 marble2510 apparmor.systemd[15780]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting> Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Error: At least one profile failed to load Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Failed with result 'exit-code'. Oct 16 16:40:42 marble2510 systemd[1]: Failed to start apparmor.service - Load AppArmor profiles. - * Fix: + * Fix: - * Modifying the AppArmor profile as suggested in the prepared MPs + * Modifying the AppArmor profile as suggested in the prepared MPs against Plucky [3], Questing [2], and Resolute [1], fixes the problem: marble installs without errors, and AppArmor can (re)load all profiles as expected. - * That the fix works can be tested by following the above + * That the fix works can be tested by following the above instructions for reproducing after installing: - - 4:24.12.3-0ubuntu2 from plucky-proposed (when [3] is merged) - - 4:25.08.1-0ubuntu2 from questing-proposed (when [2] is merged) - - 4:25.08.1-0ubuntu2 from devel-proposed (when [1] is merged) + - 4:24.12.3-0ubuntu1.1 from plucky-proposed (when [3] is merged) + - 4:25.08.1-0ubuntu1.1 from questing-proposed (when [2] is merged) + - 4:25.08.1-0ubuntu2 from devel-proposed (when [1] is merged) [ Where problems could occur ] - * A faulty AppArmor profile (that can be loaded and allows the app to + * A faulty AppArmor profile (that can be loaded and allows the app to run) could introduce a security problem. Given that the suggested fix does not modify the access control (i.e. does not add, remove, or change the defined rules in the profile, which had already been merged before) and only fixes syntax, I believe this potential problem does not apply in this case. - Also, this profile is the same as a working profile in a number of + Also, this profile is the same as a working profile in a number of other packages that already are a part of the distribution. For example: - - plasma-welcome: https://git.launchpad.net/ubuntu/+source/plasma-welcome/tree/debian/plasma-welcome-apparmor - - digikam: https://git.launchpad.net/ubuntu/+source/digikam/tree/debian/digikam-apparmor - - cantor: https://git.launchpad.net/ubuntu/+source/cantor/tree/debian/cantor-apparmor - - and others + - plasma-welcome: https://git.launchpad.net/ubuntu/+source/plasma-welcome/tree/debian/plasma-welcome-apparmor + - digikam: https://git.launchpad.net/ubuntu/+source/digikam/tree/debian/digikam-apparmor + - cantor: https://git.launchpad.net/ubuntu/+source/cantor/tree/debian/cantor-apparmor + - and others [ Other Info ] - * Tested with the same results (both the bug and the fix) on Plucky and + * Tested with the same results (both the bug and the fix) on Plucky and Questing. - * PPA with the fix for testing purposes is at [3]. + * PPA with the fix for testing purposes is at [3]. - * The package has one autopkgtest, but it's disabled + * The package has one autopkgtest, but it's disabled (control.disabled), so not reporting on that. [1] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494463 [2] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494466 [3] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494465 [4] https://launchpad.net/~rkratky/+archive/ubuntu/marble-fix-lp2109937-apparmor [ Original Description ] Hi, here is the problem: $ journalctl | grep marble May 03 21:33:06 vougeot apparmor.systemd[1385]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE ProblemType: Bug DistroRelease: Ubuntu 25.04 Package: marble 4:24.12.3-0ubuntu1 Uname: Linux 6.14.4-061404-generic x86_64 ApportVersion: 2.32.0-0ubuntu5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Sun May 4 23:14:23 2025 SourcePackage: marble UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2109937 Title: [SRU] syntax error in apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/marble/+bug/2109937/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
