[pkg-apparmor] Bug#893974: apparmor: loads /etc/apparmor.d/*.dpkg-remove
Felix C. Stegerman
flx at obfusk.net
Sat Mar 24 20:10:36 UTC 2018
Package: apparmor
Version: 2.12-4
Severity: normal
Dear Maintainer,
I noticed that my openntpd service stopped working after apparmor was
enabled in sid by default. I finally traced the problem to a
remaining /etc/apparmor.d/usr.sbin.ntpd.dpkg-remove without 'x'
permissions for /usr/sbin/ntpd. It did not immediately occur to me
that whilst the /etc/apparmor.d/usr.sbin.ntpd config seemed fine, it
was being overruled by an old .dpkg-remove.
Not sure what the best way to fix this is, but it seems to me that
apparmor should probably not load any *.dpkg-remove. I've filed a bug
report against openntpd as well for leaving this file behind when it
should have been removed automatically (I believe).
Thanks.
- Felix
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.66
ii libc6 2.27-2
ii lsb-base 9.20170808
ii python3 3.6.4-1
apparmor recommends no packages.
Versions of packages apparmor suggests:
pn apparmor-profiles-extra <none>
pn apparmor-utils <none>
-- debconf information excluded
More information about the pkg-apparmor-team
mailing list