Bug#928160: [pkg-apparmor] Bug#928160:
Control: reopen -1 Control: retitle -1 aa-genprof fails when apparmor-profiles is installed Control: severity -1 important Hi, miteigi: > I'd like to mention that hoxp18 (and I) encountered the bug not when > activating > these extra profiles, but when we used aa-genprof on completely unrelated > programs. In other words, it (probably) affects anyone who uses aa-genprof and > has the apparmor-profiles package installed, not only users of these profiles. Oh right, sorry I missed that part! Reopening accordingly. I'll upload a fix shortly. Cheers, -- intrigeri
Bug#928160: [pkg-apparmor] Bug#928160: apparmor-utils: aa-genprof fails with "ERROR: Include file /etc/apparmor.d/local/usr.lib.dovecot.lmtp not found"
Dear Christian Boltz Thank you for your quick support. On 4/29/19 8:00 PM, Christian Boltz wrote: As a workaround, you can simply touch /etc/apparmor.d/local/usr.lib.dovecot.lmtp (it's an include file where you can add rules specific for your system, or let it empty if you don't need additional rules) root# touch /etc/apparmor.d/local/usr.lib.dovecot.lmtp root# aa-genprof vim ERROR: Include file /etc/apparmor.d/XYZ not found and XYZ was... * /etc/apparmor.d/local/usr.lib.dovecot.manageseive-login * /etc/apparmor.d/local/usr.lib.dovecot.auto * /etc/apparmor.d/local/usr.lib.dovecot.imap * /etc/apparmor.d/local/usr.lib.dovecot.anvil * /etc/apparmor.d/local/usr.sbin.dovecot * /etc/apparmor.d/local/usr.lib.dovecot.dovecot.deliver * /etc/apparmor.d/local/usr.lib.dovecot.dovecot.imap-login * /etc/apparmor.d/local/usr.lib.dovecot.pop3 * /etc/apparmor.d/local/usr.lib.dovecot.dict * /etc/apparmor.d/local/usr.lib.dovecot.managesieve * /etc/apparmor.d/local/usr.lib.dovecot.dovecot-lda * /etc/apparmor.d/local/usr.lib.dovecot.ssl-params * /etc/apparmor.d/local/usr.lib.dovecot.dovecot-auth * /etc/apparmor.d/local/usr.lib.dovecot.log * /etc/apparmor.d/local/usr.lib.dovecot.pop3-login * /etc/apparmor.d/local/usr.lib.dovecot.config then "aa-genprof vim" finally works on my Buster testing box. BTW I did not suffer this on Stretch, and I think those "dovecot-related" profile does not necessary for every profiles such like vim. (so I "touch" them to leave them empty.) I created my personal profiles for firefox, vim, gedit, etc. on my Stretch machine and they are working under enforced modes. For me, It seems a kind of regression. Anyway, thank you, again. Regards.
Bug#928160: [pkg-apparmor] Bug#928160: apparmor-utils: aa-genprof fails with "ERROR: Include file /etc/apparmor.d/local/usr.lib.dovecot.lmtp not found"
Hello,
Am Montag, 29. April 2019, 04:39:05 CEST schrieb hoxp18:
> On Buster, "aa-genprof SOMEPROG" fails with the error message.
>
> root# aa-enabled
> Yes
> root# aa-genprof {firefox,firefox-esr,gedit,file,vim} # did each
> actually
>
> ERROR: Include file /etc/apparmor.d/local/usr.lib.dovecot.lmtp not
> found
>
> The file does not seem to exist in any package.
>
> user$ apt-file search /etc/apparmor.d/local/usr.lib.dovecot.lmtp
>
> nor in /etc
>
> root# find /etc -name usr.lib.dovecot.lmtp -print
>
> I installed apparmor-profiles and apparmor-profiles-extra, too.
/etc/apparmor.d/local/usr.lib.dovecot.lmtp typically gets included by
/etc/apparmor.d/usr.lib.dovecot.lmtp - if you don't have that profile,
please
grep -r usr.lib.dovecot.lmtp /etc/apparmor.d/
I don't know the Debian packaging ("wrong" distribution ;-) but my guess
is that you copied the dovecot profile(s) from /usr/share/apparmor/ to
/etc/apparmor.d/, or got them proposed by aa-genprof, but nobody/nothing
created the local/ includes for them.
As a workaround, you can simply
touch /etc/apparmor.d/local/usr.lib.dovecot.lmtp
(it's an include file where you can add rules specific for your system,
or let it empty if you don't need additional rules)
If you copied more dovecot profiles to /etc/apparmor.d/, you'll probably
need to create local/ include files for each of them. The error messages
will tell you what's missing ;-)
Regards,
Christian Boltz
--
with people like you for sure we would have been still living in a cave
looking for fruits in forests... Fruits are very tasty, why the hell
should we spend time hunting and cooking...
[Alin M Elena in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
