[pkg-apparmor] Bug#877255: apparmor-profiles-extra: usr.bin.totem profile produces aa-logprof error: permission contains unknown character(s) Pux
intrigeri
intrigeri at debian.org
Sat Sep 30 05:27:06 UTC 2017
Hi,
Vincas Dargis:
> Running `aa-logprof` produces this error:
> ERROR: permission contains unknown character(s) Pux
[...]
> Looking at `man apparmor.d`, I see these modes:
> EXEC TRANSITION = ( 'ix' | 'ux' | 'Ux' | 'px' | 'Px' | 'cx' | 'Cx' |
> 'pix' | 'Pix' | 'cix' | 'Cix' | 'pux' | 'PUx' | 'cux' | 'CUx' | 'x' )
> and Pux is not mentioned.
Interestingly
http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules
says that Pux is supported since 2.5, so I wonder who's correct.
Anyway, "P" was a mistake as I intended to disable environment
variable scrubbing: bwrap needs $HOME (see bwrap(1)) and will clean
the environment itself.
Replacing Pux with pux fixes the problem you've seen here, and better
expresses what I intended initially.
Can you please confirm? If that works, would you be up to
update my merge request upstream accordingly:
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/331058
… and then propose a branch forked off current Vcs-Git on the Debian side?
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list