Hello, sometimes fixing a bug is easy ;-)
write_net_rules() creates invalid rules for network rules with one parameter (for example "network bluetooth"). Add a trailing comma to create valid rules. This is another bug uncovered by playing with the LibreOffice profile ("why does the profile have invalid syntax after an aa-logprof run?!") I propose this patch for trunk and 2.9 [ 34-fix-writing-network-rules.diff ] === modified file utils/apparmor/aa.py --- utils/apparmor/aa.py 2015-04-08 00:09:02.931423160 +0200 +++ utils/apparmor/aa.py 2015-04-08 22:24:23.556993393 +0200 @@ -3401,7 +3402,7 @@ if prof_data[allow]['netdomain']['rule'][fam] is True: if prof_data[allow]['netdomain']['audit'][fam]: audit = 'audit' - data.append('%s%s%snetwork %s' % (pre, audit, allowstr, fam)) + data.append('%s%s%snetwork %s,' % (pre, audit, allowstr, fam)) else: for typ in sorted(prof_data[allow]['netdomain']['rule'][fam].keys()): if prof_data[allow]['netdomain']['audit'][fam].get(typ, False): Regards, Christian Boltz -- für die Bewertung des Risikos gilt Martins Hypothese: Das Risiko ist proportional zur Größe der Schlagzeile in der BILD-Zeitung. [Martin zu http://blog.koehntopp.de/archives/3211-Wieso-wir-uns-veroeffentlichen.html] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor