[pkg-apparmor] Bug#882047: Bug#882047: apparmor-utils: aa-complain thunderbird fails

Christian Boltz debian-bugs at cboltz.de
Fri Jun 15 22:58:28 BST 2018 

Hello,

Am Mittwoch, 13. Juni 2018, 17:00:35 CEST schrieb intrigeri:
> intrigeri:
> > Ben Caradoc-Davies:
> >> On 20/11/17 09:38, Christian Boltz wrote:
> >>> Thanks, but unfortunately I still can't reproduce the problem :-(
> >>> Can you add a bit of debugging code in aa.py, please? […]
> >> 
> >> Sure. As requested:
> >> 
> >> # aa-complain thunderbird
> >> Setting /usr/bin/thunderbird to complain mode.
> >> looking for /etc/apparmor.d/usr.bin.thunderbird
> >> /usr/bin/thunderbird
> >> reading file /etc/apparmor.d/usr.bin.thunderbird
> >> found RE_PROFILE_START in profile thunderbird
> >> /usr/lib/thunderbird/thunderbird {
> >> 
> >> thunderbird None
> >> found RE_PROFILE_START in   profile gpg {
> >> 
> >> gpg None
> >> found RE_PROFILE_START in   profile lsb_release {
> >> 
> >> lsb_release None
> >> no profile /etc/apparmor.d/usr.bin.thunderbird /usr/bin/thunderbird
> >> 
> >> ERROR: /etc/apparmor.d/usr.bin.thunderbird contains no profile
> > 
> > Is this enough to help you debug this problem or do you need more
> > info?

I think it's enough - looks like aa-complain fails to follow 
symlinks before looking for the profile :-(
(and sorry for the late reply on this part)

Until I have time to fix this, use
    aa-complain /etc/apparmor.d/$whatever
(where $whatever is the profile filename)

> For the record, with 2.13-1 I see a different error:
> 
>   # aa-complain thunderbird
>   Setting /usr/bin/thunderbird to complain mode.
> 
>   ERROR: Path doesn't start with / or variable: gpg
> 
> i.e. aa-complain chokes on the "gpg" named child profile.

That's a known regression in 2.13, unfortunately I didn't have time yet 
to check what exactly happens. The upstream bugreport is 
https://bugs.launchpad.net/apparmor/+bug/1775591


Regards,

Christian Boltz
-- 
Vi ist für Leute, deren Hände für Emacs zu klein sind. [Florian Diesch]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20180615/4df9c34a/attachment-0001.sig>

More information about the pkg-apparmor-team mailing list