[pkg-apparmor] Bug#1024707: aa-disable fails if HOMEDIRS is used as tunable
Christian Boltz
debian-bugs at cboltz.de
Wed Nov 23 19:03:13 GMT 2022
Hello,
Am Mittwoch, 23. November 2022, 15:58:30 CET schrieb Erik Thiele:
> Package: apparmor-utils
> Version: 2.13.2-10
> # cat /etc/apparmor.d/tunables/home.d/yyy
> @{HOMEDIRS}+=/home/global/
> # aa-disable usr.bin.thunderbird
> ERROR: Values added to a non-existing variable
> @{HOMEDIRS}: /home/global/ in tunables/home.d/yyy
> this may be linked to
> https://bugs.launchpad.net/apparmor/+bug/1331856
Indeed, and the relevant part is comment 16:
This bug is finally fixed with
https://gitlab.com/apparmor/apparmor/-/merge_requests/544
AppArmor 3.0 will include the fixed tools.
Unfortunately you / your Debian version still have 2.13.x, and the merge
request is too big to backport it to the 2.13 branch.
As long as you stay with AppArmor 2.13.x and want to use the aa-* tools,
the workaround is to edit /etc/apparmor.d/tunables/home instead of
using a home.d/ file to extend a variable with +=
Regards,
Christian Boltz
--
> I like science when some "vodoo" is needed to make it work ;-)
Magic is just another word for indistinguishable advanced technology :D
[> Bruno Friedmann and Jan Engelhardt in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20221123/6b6e1dd9/attachment-0001.sig>
More information about the pkg-apparmor-team
mailing list