[pkg-apparmor] Bug#1024707: aa-disable fails if HOMEDIRS is used as tunable
Erik Thiele
erik.thiele at thiele-hydraulik.de
Wed Nov 23 14:58:30 GMT 2022
Package: apparmor-utils
Version: 2.13.2-10
# cat /etc/debian_version
10.13
# cat /etc/apparmor.d/tunables/home.d/yyy
@{HOMEDIRS}+=/home/global/
systemctl reload apparmor
# works as expected and also enables the modified HOMEDIRS stuff.
# aa-disable usr.bin.thunderbird
ERROR: Values added to a non-existing variable
@{HOMEDIRS}: /home/global/ in tunables/home.d/yyy
and it will not disable the profile.
aa-enforce also won't work.
it seems like the normal apparmor system works with HOMEDIRS correctly
but the apparmor-utils don't.
this may be linked to
https://bugs.launchpad.net/apparmor/+bug/1331856
cya
Erik
More information about the pkg-apparmor-team
mailing list