[apparmor] lxc/lxc-default contains syntax errors. Line [ capability, ]

Me Self wmsopou at gmail.com
Wed Mar 30 11:35:05 UTC 2016 

I restored the apparmor.d folder and now it works except I have to delete
anything related to lxc.

On Wed, Mar 30, 2016 at 10:33 AM, Me Self <wmsopou at gmail.com> wrote:

> Well I must have corrupted it by running make, aa-genprof seems to be
> looking into the source folder. This is what happens after removing the
> /etc/apparmor.d/lxc* stuff:
>
> $ sudo aa-genprof /usr/local/tomcat/bin/catalina.sh
>
> apparmor-2.7.102/README contains syntax errors. Line [------------]
>
>
> On Wed, Mar 30, 2016 at 10:13 AM, Me Self <wmsopou at gmail.com> wrote:
>
>> Judging by file dates I have not overwritten the binaries by running make:
>>
>> $ ll /usr/sbin/aa-genprof
>> -rwxr-xr-x 1 root root 6355 aug 11  2014 /usr/sbin/aa-genprof*
>>
>> $ ll /usr/lib/libapp*
>> -rw-r--r-- 1 root root 56990 aug 11  2014 /usr/lib/libapparmor.a
>> -rw-r--r-- 1 root root   961 aug 11  2014 /usr/lib/libapparmor.la
>> lrwxrwxrwx 1 root root    20 aug 11  2014 /usr/lib/libapparmor.so ->
>> libapparmor.so.1.0.2
>> lrwxrwxrwx 1 root root    20 aug 11  2014 /usr/lib/libapparmor.so.1 ->
>> libapparmor.so.1.0.2
>> -rw-r--r-- 1 root root 39664 aug 11  2014 /usr/lib/libapparmor.so.1.0.2
>> lrwxrwxrwx 1 root root    25 mar  7  2013 /usr/lib/libappindicator3.so.1
>> -> libappindicator3.so.1.0.0
>> -rw-r--r-- 1 root root 52048 mar  7  2013
>> /usr/lib/libappindicator3.so.1.0.0
>> lrwxrwxrwx 1 root root    24 mar  7  2013 /usr/lib/libappindicator.so.1
>> -> libappindicator.so.1.0.0
>> -rw-r--r-- 1 root root 52048 mar  7  2013
>> /usr/lib/libappindicator.so.1.0.0
>>
>> On Wed, Mar 30, 2016 at 9:54 AM, Me Self <wmsopou at gmail.com> wrote:
>>
>>> I also installed the source for libapache2-mod-apparmor to build the
>>> tomcat changehat. I followed these steps from the README to build the
>>> library before building the Java stuff. I hope I skipped the last step to
>>> install, but if i didnt could that have corrupted the ubuntu installation?
>>>
>>> libapparmor:
>>> $ cd ./libraries/libapparmor
>>> $ sh ./autogen.sh
>>> $ sh ./configure --prefix=/usr --with-perl      # see below
>>> $ make
>>> $ make check
>>> $ make install
>>>
>>>
>>>
>>>
>>> On Wed, Mar 30, 2016 at 4:02 AM, Seth Arnold <seth.arnold at canonical.com>
>>> wrote:
>>>
>>>> On Tue, Mar 29, 2016 at 05:10:39PM -0700, John Johansen wrote:
>>>> > >> lxc/lxc-default contains syntax errors. Line [  capability,]
>>>> > >> Ubuntu 12.04
>>>>
>>>> > > Hello; I wasn't able to recreate this locally. Do you get any
>>>> errors when
>>>>
>>>> > hrmmm IIRC (and I haven't taken the time to check) a bare capability
>>>> rule
>>>> > ie.
>>>> >    capability,
>>>> >
>>>> > is not valid to the version of apparmor in 12.04
>>>>
>>>> That's what I expected to find when I went investigating, but the file
>>>> looks like this out of the box:
>>>>
>>>> sarnold at sec-precise-amd64:~$ cat /etc/apparmor.d/lxc/lxc-default
>>>> # Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers,
>>>> which
>>>> # will source all profiles under /etc/apparmor.d/lxc
>>>>
>>>> profile lxc-container-default
>>>> flags=(attach_disconnected,mediate_deleted) {
>>>>   network,
>>>>   capability,
>>>>   file,
>>>>   umount,
>>>> ...
>>>>
>>>> $ sudo grep lxc /sys/kernel/security/apparmor/profiles
>>>> lxc-container-default (enforce)
>>>> /usr/bin/lxc-start (enforce)
>>>>
>>>> That's how I came to wondering if the file was corrupted.
>>>>
>>>> Thanks
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160330/ddd9405d/attachment.html>

More information about the AppArmor mailing list