[Bug 446449] [NEW] [Karmic] Apparmor does not allow the generation of new profiles

Rookcifer rookcifer at gmail.com
Thu Oct 8 15:52:42 UTC 2009 

Public bug reported:

Binary package hint: apparmor

When I attempt to create a new profile with the "aa-genprof" command, I
find that none of the changes I make through the interactive apparmor
log parser stick (I am using the auditd, by the way).  If I try to
generate a profile for my IRC client, for example, I find that whenever
I perform "aa-logprof" that I get asked the same questions over and over
again.  They do not stick, even after restarting apparmor or even after
rebooting.  And I get the following error when I try to restart apparmor
whenever one of my generated profiles exists in /etc/apparmor.d/:

sudo /etc/init.d/apparmor restart
 * Reloading AppArmor profiles                                                      
Found reference to variable HOME, but is never declared
Found reference to variable HOME, but is never declared

The above error implies that the #include <tunables/global> line was not
included in the profile.  If I add that line, it fixes the problem
temporarily, but after I run aa-logprof again, I encounter the same
audit logs again and again.  Further, when I restart apparmor, I find
that the #include <tunables/global> line has disappeared from my
profile.

Also, when I try to put all profiles into enforce mode, I get a bit more
detailed of an error:

sudo aa-enforce /etc/apparmor.d/*
Setting /etc/apparmor.d/usr.bin.kopete to enforce mode.
/sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
Found reference to variable HOME, but is never declared

So, basically, AppArmor profile generation in Karmic is broken.

Here is my uname -a:

Linux 2.6.31-12-generic #41-Ubuntu SMP Wed Oct 7 19:37:12 UTC 2009
x86_64 GNU/Linux

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
[Karmic] Apparmor does not allow the generation of new profiles
https://bugs.launchpad.net/bugs/446449
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list