[pkg-apparmor] Bug#893974: apparmor: loads /etc/apparmor.d/*.dpkg-remove
intrigeri
intrigeri at debian.org
Thu Mar 29 16:36:59 UTC 2018
Control: tag -1 + upstream
Felix C. Stegerman:
> I noticed that my openntpd service stopped working after apparmor was
> enabled in sid by default. I finally traced the problem to a
> remaining /etc/apparmor.d/usr.sbin.ntpd.dpkg-remove without 'x'
> permissions for /usr/sbin/ntpd. It did not immediately occur to me
> that whilst the /etc/apparmor.d/usr.sbin.ntpd config seemed fine, it
> was being overruled by an old .dpkg-remove.
Good catch!
> Not sure what the best way to fix this is, but it seems to me that
> apparmor should probably not load any *.dpkg-remove.
Agreed. I've asked someone who prepared a similar merge request
recently if they would be fine with extending it to cover
*.dpkg-remove too:
https://gitlab.com/apparmor/apparmor/merge_requests/86#note_65780436
If they don't want to, perhaps you could do it yourself?
https://gitlab.com/apparmor/apparmor/merge_requests/86/diffs
should tell you exactly what should be changed and where :)
Cheers!
More information about the pkg-apparmor-team
mailing list