[pkg-apparmor] Bug#923273: apparmor: nvidia_modprobe named profile is shipped in complain mode
Vincas Dargis
vindrg at gmail.com
Mon Feb 25 17:35:33 GMT 2019
Package: apparmor
Version: 2.13.2-9
Severity: normal
Dear Maintainer,
After latest upgrade I've discovered via `aa-status` that new named profile `nvidia_modrpobe` is loaded in complain mode:
```
3 profiles are in complain mode.
nvidia_modprobe
nvidia_modprobe//kmod
smbd
```
```
$ fgrep complain /etc/apparmor.d/nvidia_modprobe
profile nvidia_modprobe flags=(complain) {
profile kmod flags=(complain) {
```
This is deviation from upstream [0]. Is this as planned?
I believe we should avoid complain mode for new profiles.
[0] https://gitlab.com/apparmor/apparmor/blob/2ed3763a2f5f59605f75536b413b281ca7cf7297/profiles/apparmor.d/nvidia_modprobe#L5
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-3-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.70
ii libc6 2.28-7
ii lsb-base 10.2018112800
ii python3 3.7.2-1
apparmor recommends no packages.
Versions of packages apparmor suggests:
ii apparmor-profiles-extra 1.25
ii apparmor-utils 2.13.2-9
-- debconf information excluded
More information about the pkg-apparmor-team
mailing list