Bug#899972: bind9: apparmor profile includes local profile but does not provide it

2019-01-24 Thread Sven Mueller 
This appears to be a duplicate of
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893005
(Or the latter is a correct analysis of this one, including the fix)

Bug#899972: bind9: apparmor profile includes local profile but does not provide it

2018-06-23 Thread Bernhard Schmidt 
Control: tags -1 unreproducible

On Thu, May 24, 2018 at 10:22:11AM +0200, Laurent Bonnaud wrote:

Hi Laurent,

thanks for your report.

> Package: bind9
> Version: 1:9.11.3+dfsg-1
> Severity: normal
>
[...]
> 
> This is caused by /etc/apparmor.d/usr.sbin.named that contains this line:
> 
>   #include 
> 
> but the /etc/apparmor.d/local/usr.sbin.named file does not exist.

This is weird. The file is indeed not shipped in the package, but the
package is using dh_apparmor and the postinst code autogenerated by this
debhelper module (taken straight from the 1:9.11.3+dfsg-1 package) is

| # Automatically added by dh_apparmor/2.12-4
| aa_is_enabled() {
|if command aa-enabled >/dev/null 2>&1; then
|   # apparmor >= 2.10.95-2
|   aa-enabled --quiet 2>/dev/null
|else
|   # apparmor << 2.10.95-2
|   # (This should be removed once Debian Stretch and Ubuntu 18.04 are out.)
|   rc=0
|   aa-status --enabled 2>/dev/null || rc=$?
|   [ "$rc" = 0 ] || [ "$rc" = 2 ]
|fi
| }
| 
| if [ "$1" = "configure" ]; then
| APP_PROFILE="/etc/apparmor.d/usr.sbin.named"
| if [ -f "$APP_PROFILE" ]; then
| # Add the local/ include
| LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.sbin.named"
| 
| test -e "$LOCAL_APP_PROFILE" || {
| mkdir -p `dirname "$LOCAL_APP_PROFILE"`
| install --mode 644 /dev/null "$LOCAL_APP_PROFILE"
| }
| 
| # Reload the profile, including any abstraction updates
| if aa_is_enabled; then
| apparmor_parser -r -T -W "$APP_PROFILE" || true
| fi
| fi
| fi
| # End automatically added section

So an empty file should be installed in that location when it is
missing.

This worked in my testsystem. I wonder what's going on on your system.

Bernhard

Bug#899972: bind9: apparmor profile includes local profile but does not provide it

2018-05-24 Thread Laurent Bonnaud 
Package: bind9
Version: 1:9.11.3+dfsg-1
Severity: normal


Dear Maintainer,

here is the problem:

# aa-logprof
Reading log entries from /var/log/audit/audit.log.
Updating AppArmor profiles in /etc/apparmor.d.

ERROR: Include file /etc/apparmor.d/local/usr.sbin.named not found
[fatal error: aa-logprof stops here]


This is caused by /etc/apparmor.d/usr.sbin.named that contains this line:

  #include 

but the /etc/apparmor.d/local/usr.sbin.named file does not exist.

Could bind9 please provide this file in its package?  An empty file is enough.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
Laurent.