[pkg-apparmor] Packages fail to install when apparmor_parser fails to remove policies
Christian Boltz
apparmor-debian at cboltz.de
Tue Feb 23 21:58:25 UTC 2016
Hello,
Am Dienstag, 23. Februar 2016 schrieb Nicolas Braud-Santoni:
> In the process of upgrading from Jessie to Stretch, I hit the
> following issue:
> > Preparing to unpack .../openntpd_1%3a5.7p4-2_amd64.deb ...
> > apparmor_parser: Unable to remove "/usr/sbin/ntpd". Profile doesn't
> > exist>
> > dpkg: error processing archive /var/cache/apt/archives/
openntpd_1%3a5.7p4-2_amd64.deb (--unpack):
> > subprocess new pre-installation script returned error exit status
> > 254
>
> I disabled the usr.sbin.ntpd policy because of bug #805183.
>
>
> Failing to upgrade packages for which the user disabled the policy --
> I assume the issue would occur for packages that have no policy in
> stable -- is not the desired behaviour.
>
> Unfortunately, I'm not even sure where to start looking to fix this
> :V
The easiest fix is to ignore errors if unloading a profile fails:
apparmor_parser -R /etc/apparmor.d/whatever || true
In theory you could check if the profile is loaded before trying to
unload it - but in practise the above does the same and is much easier
;-)
Regards,
Christian Boltz
--
I think it's neither desirable nor realistic to drop PackageKit
completely. We just need to limit/control the damage the thing
can do to our distro [Martin Schlander in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20160223/48d5771b/attachment.sig>
More information about the pkg-apparmor-team
mailing list