** Changed in: evince (Ubuntu Cosmic)
Status: Triaged => Fix Committed
** Summary changed:
- Debian/Ubuntu AppArmor policy for evince is useless
+ Debian/Ubuntu AppArmor policy gaps in evince
** Information type changed from Private Security to Public Security
--
You received this bug
** Changed in: apparmor (Ubuntu Cosmic)
Status: In Progress => Fix Committed
** Changed in: apparmor (Ubuntu Trusty)
Status: Triaged => In Progress
** Changed in: apparmor (Ubuntu Xenial)
Status: Triaged => Fix Committed
** Changed in: apparmor (Ubuntu Bionic)
https://gitlab.com/apparmor/apparmor/merge_requests/206/ has additional
fixes.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1794848
Title:
private-files-strict and
https://gitlab.com/apparmor/apparmor/merge_requests/203/ was committed
upstream.
** Changed in: apparmor
Status: In Progress => Fix Released
** Summary changed:
- private-files-strict abstraction should also limit access to directories
+ private-files-strict and user-files abstractions
Public bug reported:
This is to track the private-files-strict and user-files portion of
https://bugs.launchpad.net/apparmor/+bug/1794820
** Affects: apparmor
Importance: Undecided
Assignee: Jamie Strandboge (jdstrand)
Status: Fix Released
** Affects: apparmor (Ubuntu
I agree with Laurent - ufw already supports gre, gufw just needs to
bubble that up.
** Package changed: ufw (Ubuntu) => gui-ufw
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
rks
+ mount -> /home/*/mnt/,
This doesn't:
- mount -> @{HOME}/mnt/,
+ mount -> @{HOME}/mnt/,
audit: type=1400 audit(1470943929.750:482): apparmor="DENIED"
operation="mount" info="failed mntpnt match" error=-13 profile="test"
nam
/home/*/mnt/,
This doesn't:
mount -> @{HOME}/mnt/,
audit: type=1400 audit(1470943929.750:482): apparmor="DENIED"
operation="mount" info="failed mntpnt match" error=-13 profile="test"
name="/home/jamie/mnt/" pid=25573 comm="fuse
This is in git master now and in the ufw snap in candidate.
** Changed in: ufw
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1204579
** Package changed: ufw (Ubuntu) => hplip (Ubuntu)
** Changed in: hplip (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1781986
We can't just enable the patches any more because it will change how
snaps that plugs 'pulseaudio' will work. Put concretely, the patches are
meant to detect if the connecting process is a snap and if it is,
unconditionally deny recording. Some snaps that 'plugs: [ pulseaudio ]'
have legitimate
Public bug reported:
>From https://launchpadlibrarian.net/377100864/buildlog_ubuntu-cosmic-
amd64.pulseaudio_1%3A12.0-1ubuntu1_BUILDING.txt.gz:
...
dh_auto_configure -- --enable-x11 --disable-hal-compat
--libdir=\${prefix}/lib/x86_64-linux-gnu
*** This bug is a duplicate of bug 953372 ***
https://bugs.launchpad.net/bugs/953372
@fathi733-gmail - this should've been fixed a long time ago. Anything
you see now should be a new bug. Can you file one at
https://bugs.launchpad.net/ufw/+filebug?
--
You received this bug notification
ned) => Jamie Strandboge (jdstrand)
** Also affects: ufw (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Also affects: ufw (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: ufw (Ubuntu Bionic)
Status: New => Triaged
** Changed in: ufw (Ubun
ke exactly what we should be doing.
Thanks for the triage!
** Changed in: ufw (Ubuntu)
Status: New => Triaged
** Changed in: ufw (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Also affects: ufw (Ubuntu Bionic)
Importance: Undecided
Status: New
** A
** Package changed: apparmor (Ubuntu) => snapd (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1773515
Title:
apparmour fails after removal of snapd
Status in
Note that this is for the chromium snap and it is the snapd package that
provides the apparmor policy for the chromium snap.
Also, the bluez accesses should not be what is preventing the chromium
snap from starting-- these are harmless denials. I've adjusted the title
of the to reflect this.
I tried to reproduce this and was unable to. The apparmor package did
added a Breaks: media-hub, mediascanner2.0, messaging-app, webbrowser-
app because of bug #1756800 and bug #1761176 so I tried upgrades with
and without these installed. Test configurations:
* Ubuntu Desktop default install
*
Looking at
https://github.com/lxc/lxd/issues/4504#issuecomment-384759354, it seems
that the system may not have had ubuntu-standard installed, so on do-
release-upgrade the final package removal step may have listed apparmor.
--
You received this bug notification because you are a member of
This should be fixed in Ubuntu 18.04 (about to be released this week).
** Package changed: chromium-browser (Ubuntu) => apparmor (Ubuntu)
** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
** Changed in: rsyslog (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1766600
Title:
[bionic] apparmor denial for
uot; fsuid=0 ouid=0
So we need to adjust this:
/{,var/}run/rsyslogd.pid rwk,
to be:
/{,var/}run/rsyslogd.pid{,.tmp} rwk,
** Affects: rsyslog (Ubuntu)
Importance: High
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Description changed:
With the new b
** Description changed:
With the new bionic upload, when the apparmor profile is enabled,
- rsyslog fails to start (and cause upgrade issues) due to:
+ rsyslog fails to start (and causes upgrade issues) due to:
AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd"
** Description changed:
With the new bionic upload, when the apparmor profile is enabled,
rsyslog fails to start (and cause upgrade issues) due to:
AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/rsyslogd"
name="/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so" pid=19949
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1712039
Title:
AppArmor profile misses entry
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1762983
Title:
communitheme snap doesn't work
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1701297
Title:
NTP reload failure (unable to read
** Changed in: apparmor (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1712039
Title:
AppArmor profile misses entry for
This looks like it might have been a transient file system issue. Is
your system still in this state? If so, please run afilesystem check and
then run 'sudo dpkg --configure -a ; sudo apt-get update ; sudo apt-get
upgrade'.
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
*** This bug is a duplicate of bug 1756800 ***
https://bugs.launchpad.net/bugs/1756800
This is almost certainly a duplicate of LP: #1756800. Please take a look
at that bug and remove the affected profiles. Do note that apparmor is a
oneshot service and it will report an error if any profiles
** Changed in: apparmor (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1762983
Title:
communitheme snap doesn't work
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1757256
Title:
Apparmor profile gajim
Status in
The initial report indicated a parser error, but then it was reported
that the apparmor package was removed, so then it would not be able to
run properly. I'm not able to reproduce with the information given. If
you are able to provide exact steps to reproduce, please do and we can
take another
Does evince not work or is this simply a noisy denial?
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
There is not enough information to process this bug report. Is your
system still in this state? Do you have steps to reproduce?
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
There is not enough information to process this bug. Is your system
still in this state? Do you have steps to reproduce?
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
There is not enough information to process this bug report. Is your
system still in this state? Do you have steps to reproduce?
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
There is not enough information to process this bug. Is your system
still affected? Do you have specific steps on how to reproduce?
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1704516
Title:
package apparmor 2.10.95-0ubuntu2 failed
There isn't enough information to process this bug. Is your system still
affected? Can you provide steps to reproduce?
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
The profile needs attach_disconnected.
** Package changed: apparmor (Ubuntu) => ntp (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1739943
Title:
apparmor ntpd
Did you use 'snap connect' to connect the shutdown interface?
** Package changed: apparmor (Ubuntu) => snapd (Ubuntu)
** Changed in: snapd (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1693953
Title:
package apparmor 2.10.95-0ubuntu2.6
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1761176 filed
for messaging-app.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1756800
Title:
Failed to start
** Summary changed:
- remove more old Touch profiles that cause profile compilation errors
+ remove one more old Touch profile that causes profile compilation errors
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you
Public bug reported:
This is an extension of
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1756800 where we
missed messaging-app.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Description changed
Actually, only messaging-app is affected by this bug, so we don't need
to remove the other two.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1756800
Title:
Failed to
"Do we need to worry about:
ubuntu-download-manager:
/etc/apparmor.d/usr.lib.ubuntu-download-manager.udm-extractor
messaging-app: /etc/apparmor.d/usr.bin.messaging-app
content-hub-testability: /etc/apparmor.d/content-hub-testability
"
Yes. I did an archive grep and found media-hub, but that
Uploaded 2.12-4ubuntu3 to address this.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1756800
Title:
Failed to start AppArmor initialization with status=123/n/a
Status
media-hub is another application that was removed in bionic that is
affected.
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Package changed: apparmor (Ubuntu) => evince (Ubuntu)
** Tags added: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1753966
Title:
apparmor interfers with
** Changed in: apparmor (Ubuntu)
Status: Won't Fix => In Progress
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: ubuntu-release-upgrader (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug not
FYI, I clarified the description that the issue is for 'aa-exec', not
everything.
** Description changed:
- Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed.
- For example, on Ubuntu 12.04 and 14.04 we have:
+ Somewhere between 3.13 and 4.4, the scrubbing behavior of ix for
These seem like counter arguments. On the one hand you seem to say that
scrubbing is ok for ix and then change to suggest modifying ix to not
scrub and introduce Ix.
This bug is really about an inconsistency between 'ix' for normal
fork/exec where there is no scrubbing and 'ix' on aa-exec where
*** This bug is a duplicate of bug 1756800 ***
https://bugs.launchpad.net/bugs/1756800
** This bug has been marked a duplicate of bug 1756800
Failed to start AppArmor initialization with status=123/n/a
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
FYI, this was discovered because of https://forum.snapcraft.io/t/2-0
-lxd-snap-fails-on-sytems-with-partial-apparmor-support/4707
** Description changed:
- Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed
- when going through aa-exec. For example, on Ubuntu 12.04 and 14.04 we
Attached is an updated reproducer that adds 'aa-exec -p env -- ...' (ie,
not unconfined). It operates the same (ie, ix still scrubs).
** Attachment added: "reproducer2.tar.gz"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1759346/+attachment/5092826/+files/reproducer2.tar.gz
**
Public bug reported:
Somewhere between 3.13 and 4.4, the scrubbing behavior of ix changed.
For example, on Ubuntu 12.04 and 14.04 we have:
* ux does not scrub
* Ux does scrub
* ix does not scrub
but in 16.04 and later we have:
* ux does not scrub
* Ux does scrub
* ix does scrub # WRONG
I
/usr.sbin.dhcpd
# vim:syntax=apparmor
# Last Modified: Mon Jan 25 11:06:45 2016
# Author: Jamie Strandboge <ja...@canonical.com>
#include
/usr/sbin/dhcpd flags=(complain) {
#include
#include
#include
capability chown,
capability net_bind_service,
capab
** Changed in: isc-dhcp (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: isc-dhcp (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed
Public bug reported:
When the dhclient profile was written, net_admin hadn't yet allowed
loading network modules. For some time it has though
(https://lwn.net/Articles/430462/) and since the dhclient profile
already allows 'net_admin', we should drop 'sys_module' from the
profile.
** Affects:
*** This bug is a duplicate of bug 1620771 ***
https://bugs.launchpad.net/bugs/1620771
This is a known issue. Please see:
*
https://forum.snapcraft.io/t/how-can-i-use-snap-when-i-dont-use-home-user/3352
* https://bugs.launchpad.net/snapcraft/+bug/1620771
** Package changed: apparmor
This isn't really a bug in apparmor-- the profiles weren't purged from
the system. We could perhaps add a Conflicts on webbrowser-app
mediascanner2.0 to apparmor, but that doesn't feel right (and wouldn't
remove the conffiles anyway (so this bug would remain)). Perhaps ubuntu-
release-upgrader
No, the script is returning non-zero because some of the profiles didn't
load, but the rest of the profiles will load fine. You can prove this to
yourself using 'sudo aa-status'.
As for those two profiles, the come from
https://launchpad.net/ubuntu/+source/webbrowser-app/ and
This is fixed in xenial 2.3.1-2.1ubuntu2~16.04.1
** Changed in: libseccomp (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
This is now merged in 2.32. Please see https://forum.snapcraft.io/t
/confined-snaps-dont-work-on-live-images-due-to-apparmor-path-
mapping/3767/9 if you want to check it out for yourself.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
/snap-
confine and then loads all the /etc/apparmor.d/*snap-confine* profiles.
So long as snapd starts before preinstalled snaps then all is fine.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
** Changed in: apparmor (Ubuntu)
Assignee: Jamie Strandboge (jdstr
: apparmor (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: ubiquity (Ubuntu)
** Changed in: apparmor (Ubuntu)
Status: New => Triaged
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (
FYI, the following kernels are also affected (all 4.13 based):
* linux-azure
* linux-hwe
* linux-hwe-edge
* linux-oem
* linux-raspi2
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Here are more details on the snapd test failure:
https://forum.snapcraft.io/t/lxd-issue-due-to-snap-confine-apparmor-
profile/4203/18
** Also affects: snapd
Importance: Undecided
Status: New
** Changed in: snapd
Status: New => Triaged
--
You received this bug notification
Since this is going to be fixed in 'linux' and 'linux-gcp', adding tasks
for those.
** Changed in: apparmor (Ubuntu Artful)
Status: Won't Fix => Fix Committed
** Changed in: linux (Ubuntu Artful)
Status: Fix Committed => Confirmed
** Also affects: linux-gcp (Ubuntu)
Importance:
Add a snapd task so that when the https://launchpad.net/ubuntu/+source
/linux-gcp is Fix Released, snapd can re-enable the tests/main/lxd test
on GCE.
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Artful)
Status: New => Fix
This is affected snapd spread tests in GCE, where they have a xenial
userspace and 4.13 kernel:
# cat /proc/version_signature
Ubuntu 4.13.0-1011.15-gcp 4.13.13
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in
*** This bug is a duplicate of bug 1751005 ***
https://bugs.launchpad.net/bugs/1751005
** Package changed: apparmor (Ubuntu) => libreoffice (Ubuntu)
** This bug has been marked a duplicate of bug 1751005
libreoffice cannot open a document not within $HOME
--
You received this bug
This is fine for SRU. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1670408
Title:
apparmor base abstraction needs backport of rev 3658 to fix several
denies
emove [y|N]? y
1 package successfully removed.
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Fix Released
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because
: Undecided
Assignee: Jamie Strandboge (jdstrand)
Status: Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1750005
Title:
Please remove
(Ubuntu Bionic)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1733700
Title:
python tools do not understand '
** Changed in: qtbase-opensource-src (Ubuntu)
Status: New => Won't Fix
** Changed in: qtmultimedia-opensource-src (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Would be great to get this fixed in 16.04 also guys
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1710637
Title:
Input falls through to gdm3 and terminates the session
Thanks! :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click-apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1713710
Title:
RM: obsolete product
Status in click-apparmor package in Ubuntu:
Fix Released
Bug
Public bug reported:
I've noticed this for a long time but never looked into it. My logs have
a bunch of entries of the form:
rsyslogd-2007: action 'action 10' suspended, next retry is Mon Jan 29
04:08:13 2018 [v8.16.0 try http://www.rsyslog.com/e/2007 ]
This is caused by these lines in
** Changed in: apparmor (Ubuntu Artful)
Status: Triaged => In Progress
** Changed in: apparmor (Ubuntu Xenial)
Status: Triaged => In Progress
** Changed in: apparmor (Ubuntu Trusty)
Status: Triaged => In Progress
--
You received this bug notification because you are a
** Description changed:
The apparmor parser supports 'include' and '#include' rules for
specifying absolute paths, but the python tools only understand include
rules for so called 'magic' '<>' file locations.
= test case #0 (testsuite) =
$ sudo apt-get install apparmor apparmor-utils
** Description changed:
The apparmor parser supports 'include' and '#include' rules for
specifying absolute paths, but the python tools only understand include
rules for so called 'magic' '<>' file locations.
= test case #0 (testsuite) =
- $ sudo apt-get install apparmor apparmor-utils
** Description changed:
The apparmor parser supports 'include' and '#include' rules for
specifying absolute paths, but the python tools only understand include
rules for so called 'magic' '<>' file locations.
+ = test case #0 (testsuite) =
+ $ sudo apt-get install apparmor apparmor-utils
** Changed in: apparmor (Ubuntu Trusty)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu Xenial)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu Zesty)
Assignee: (unassigned) => Jamie Strandboge
The was fixed upstream in 2.12.
** Changed in: apparmor
Status: In Progress => Fix Released
** Changed in: apparmor (Ubuntu Bionic)
Status: Triaged => In Progress
** Changed in: apparmor (Ubuntu Bionic)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You
@Martin, do note that the apparmor policy should have been loaded for
everything except webbrowser-app, but because there was a failure
systemctl will show it as failed. Can you file a bug here:
https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+filebug? This
is a bug in the packaging for
** Description changed:
The apparmor parser supports 'include' and '#include' rules for
specifying absolute paths, but the python tools only understand include
rules for so called 'magic' '<>' file locations.
- Reproducer:
-
+
+ = test case #1 (aa-enforce) =
$ mkdir /tmp/test1
** Description changed:
- The apparmor_parser now supports 'include' rules in addition to
- '#include', but the python tools only understand '#include'. This
- manifested itself in Ubuntu in bug #1734038 (see
- https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1734038/comments/15
- of that bug
** Summary changed:
- apparmor python tools do not understand 'include' rules
+ python tools do not understand 'non-magic' include rules
** Changed in: apparmor (Ubuntu Trusty)
Status: New => Triaged
** Changed in: apparmor (Ubuntu Xenial)
Status: New => Triaged
** Changed in:
https://gitlab.com/apparmor/apparmor/merge_requests/44
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1733700
Title:
apparmor python tools do not understand 'include'
** Changed in: apparmor
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
*** This bug is a duplicate of bug 1710637 ***
https://bugs.launchpad.net/bugs/1710637
I moved from a AMD Radeon onto a GeForce and setting up the graphics
cards, I've never seen this issue before. But now, as others have said.
i get the same thing.
Running 16.04 Kernal 4.4.0-97
--
You
This was actually fixed earlier this year:
http://bazaar.launchpad.net/~jdstrand/ufw/trunk/revision/972 and patched
in Debian and Ubuntu via 0.35-3. I'm going to mark this as Fixed
Released.
Thanks for reporting this bug! :)
** Changed in: ufw (Ubuntu)
Status: New => Fix Released
--
You
@Felix Eckhofer - please see
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1734038/comments/15
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1733700
Title:
.
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
** Changed in: apparmor
Status: New => Triaged
** Also affects: apparmor (Ubuntu Bionic)
Importance: Undecided
Status:
Since snapd is using this bug for its SRU blocker and we have bug
#1733700 that is the same issue, I'm going to use this bug as the snapd
one and for the apparmor one.
** Summary changed:
- utils don't understand «include "/where/ever"» (was: Potential regression
found with apparmor test on
cki (zyga) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1733700
Title:
aa-enforce fails due to syntax error in snapd.snap-confine p
401 - 500 of 1891 matches
Mail list logo