[apparmor] [Bug 925894] [NEW] logprof creates duplicate profile

[Jeroen Ooms]

Public bug reported:

I have a hat profile defined in the /etc/apparmor.d/apache2.d/
directory. However when saving changes, aa-logprof creates a new profile
with the same hatname in usr.lib.apache2.mpm-prefork.apache2 anyway,
resulting in a "duplicate profile" error on next restart. Instead I
think it should append it to the existing profile in
/etc/apparmor.d/apache2.d.

To reproduce

- install libapache2-mod-apparmor and apache2-mpm-prefork
- create a file e.g. /etc/apparmor.d/apache2.d/mysite:

^mysite flags=(complain) { 
  #include <abstractions/base>
  #include <abstractions/nameservice>
}

And assign it to some directory in Apache2:

<Directory /var/www/mysite>
    Options Indexes FollowSymLinks
    AAHatName mysite
</Directory>

Then load the site in your browser.

- Run aa-logprof, and save some changes.
- logprof will have created an additional  ^mysite inside the 
usr.lib.apache2.mpm-prefork.apache2 resulting in apparmor failing to load next 
time.

** Affects: apparmor
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/925894

Title:
  logprof creates duplicate profile

Status in AppArmor Linux application security framework:
  New

Bug description:
  I have a hat profile defined in the /etc/apparmor.d/apache2.d/
  directory. However when saving changes, aa-logprof creates a new
  profile with the same hatname in usr.lib.apache2.mpm-prefork.apache2
  anyway, resulting in a "duplicate profile" error on next restart.
  Instead I think it should append it to the existing profile in
  /etc/apparmor.d/apache2.d.

  To reproduce

  - install libapache2-mod-apparmor and apache2-mpm-prefork
  - create a file e.g. /etc/apparmor.d/apache2.d/mysite:

  ^mysite flags=(complain) { 
    #include <abstractions/base>
    #include <abstractions/nameservice>
  }

  And assign it to some directory in Apache2:

  <Directory /var/www/mysite>
      Options Indexes FollowSymLinks
      AAHatName mysite
  </Directory>

  Then load the site in your browser.

  - Run aa-logprof, and save some changes.
  - logprof will have created an additional  ^mysite inside the 
usr.lib.apache2.mpm-prefork.apache2 resulting in apparmor failing to load next 
time.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/925894/+subscriptions

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor