Hi Seyeong and Chris - The Ubuntu Security Team is planning on updating the AppArmor Python utilities by doing a full update of the code from one of our stable upstream releases. There are a number of bugs, outside of this one, in the Python utilities and it'll be best if we just fix them all at once.
Would you mind holding off on this SRU? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1378095 Title: aa-complain traceback when marking multiple profiles Status in AppArmor Linux application security framework: Fix Committed Status in AppArmor 2.9 series: Fix Committed Status in AppArmor master series: Fix Committed Status in apparmor package in Ubuntu: In Progress Status in apparmor source package in Trusty: In Progress Bug description: [SRU justification] [Impact] $ sudo aa-complain /etc/apparmor.d/usr.lib.postfix.* Setting /etc/apparmor.d/usr.lib.postfix.anvil to complain mode. Traceback (most recent call last): File "/usr/sbin/aa-complain", line 30, in <module> tool.cmd_complain() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 171, in cmd_complain apparmor.read_profiles() File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2573, in read_profiles read_profile(profile_dir + '/' + file, True) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2599, in read_profile profile_data = parse_profile_data(data, file, 0) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2853, in parse_profile_data store_list_var(filelist[file]['lvar'], list_var, value, var_operation, file) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3277, in store_list_var raise AppArmorException(_('Redefining existing variable %s: %s in %s') % (list_var, value, filename)) apparmor.common.AppArmorException: 'Redefining existing variable @{TFTP_DIR}: /var/tftp /srv/tftpboot in /etc/apparmor.d/usr.sbin.dnsmasq' $ sudo grep -R TFTP_DIR /etc/apparmor.d/ /etc/apparmor.d/usr.sbin.dnsmasq:@{TFTP_DIR}=/var/tftp /srv/tftpboot /etc/apparmor.d/usr.sbin.dnsmasq: @{TFTP_DIR}/ r, /etc/apparmor.d/usr.sbin.dnsmasq: @{TFTP_DIR}/** r, Looks like the tools are re-parsing everything, but not resetting whatever is storing the variable declarations. [Test Case] sudo aa-enforce /etc/apparmor.d/* got error [Regression Potential] [Other Info] To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1378095/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp