Public bug reported:
In Questing and Resolute,
When I install openldap
$ sudo apt install slapd
The /etc/apparmor.d/local/usr.sbin.slapd is missing and this breaks
apparmor at restart:
$ sudo systemctl restart apparmor
Oct 30 23:45:45 massive-spitz apparmor.systemd[15857]: Restarting AppArmor
Oct 30 23:45:45 massive-spitz apparmor.systemd[15857]: Reloading AppArmor
profiles
Oct 30 23:45:46 massive-spitz apparmor.systemd[16010]: AppArmor parser error
for /etc/apparmor.d in profile /etc/apparmor.d/usr.sbin.slapd at line 60: Could
n>
Oct 30 23:45:46 massive-spitz apparmor.systemd[15857]: Error: At least one
profile failed to load
Explanation
---
In the debian/rules of openldap, we invoke dh_apparmor to install the
slapd apparmor profile
This will generate this snippet in the postinst:
# Automatically added by dh_apparmor/4.0.1really4.0.1-0ubuntu0.24.04.3
if [ "$1" = "configure" ]; then
APP_PROFILE="/etc/apparmor.d/usr.sbin.slapd"
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.sbin.slapd"
test -e "$LOCAL_APP_PROFILE" || {
mkdir -p `dirname "$LOCAL_APP_PROFILE"`
install --mode 644 /dev/null "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if aa-enabled --quiet 2>/dev/null; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
But in Questing/Resolute, this snippet is missing because dh_apparmor does not
work as expected, we can see it in the openldap build log in Questing:
...
dh_apparmor -pslapd --profile-name=usr.sbin.slapd
dh_apparmor: warning: All requested packages have been excluded (e.g. via a
Build-Profile or due to architecture restrictions).
...
** Affects: openldap (Ubuntu)
Importance: Undecided
Assignee: Hector CAO (hectorcao)
Status: New
** Changed in: openldap (Ubuntu)
Assignee: (unassigned) => Hector CAO (hectorcao)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130392
Title:
openldap breaks apparmor due to missing local/usr.sbin.slapd profile
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2130392/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
