[pkg-apparmor] Bug#1101066: apparmor-profiles: chromium-browser profile removal ok but does not automatically restart apparmor with fixed profiles

Alban Browaeys prahal at yahoo.com
Sat Mar 22 20:48:01 GMT 2025 

A note that in fact the chromium-browser profile was not removed by the
upgrade as I thought it was (even if the code to remove it is in the
deb scripts, something is wrong but I don't know what).
I reportd it in 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101071
but maybe I should have reopened
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100546



It might be that on an upgrade that successfully remove the profile in
the upgrade the apparmor service is restart properly but I am not
confident as to me there is no code to do so. So this bug should still
be valid.

Best Regards,
Alban


On Sat, 22 Mar 2025 21:12:48 +0100 Alban Browaeys <prahal at yahoo.com>
wrote:
> Package: apparmor-profiles
> Version: 4.1.0~beta5-5
> Severity: normal
> 
> Dear Maintainer,
> Following the bug report about the spurious chromium-browser profile
from 2016
> breaking apparmor years later due to the removal of hte chromium-
browser
> abstraction a month ago, I tested the fixed package.
> The new apparmor-profiles 4.1.0~beta5-5 properly remove the broken
> profile but does not restart the apparmor service afterwards thus
leaves
> the service down even if all the profiles are now fine.
> 
> Before: "
> systemctl status apparmor
> × apparmor.service - Load AppArmor profiles
>      Loaded: loaded (/usr/lib/systemd/system/apparmor.service;
enabled; preset: enabled)
>      Active: failed (Result: exit-code) since Fri 2025-03-21 23:30:50
CET; 21h ago
>    Duration: 2d 4h 8min 17.377s
>  Invocation: c79a1ba7950048b6b33356602ee5da7f
>        Docs: man:apparmor(7)
>              https://gitlab.com/apparmor/apparmor/wikis/home/
>    Main PID: 541376 (code=exited, status=1/FAILURE)
>    Mem peak: 15.5M
>         CPU: 862ms
> 
> mars 21 23:30:49 cyclope systemd[1]: Starting apparmor.service - Load
AppArmor profiles...
> mars 21 23:30:49 cyclope apparmor.systemd[541376]: Restarting
AppArmor
> mars 21 23:30:49 cyclope apparmor.systemd[541376]: Reloading AppArmor
profiles
> mars 21 23:30:50 cyclope apparmor.systemd[541492]: Erreur de
l'analyseur AppArmor pour /etc/apparmor.d in profile
/etc/apparmor.d/usr.bin.chromium-browser ? la ligne 17 : Impossible
d'ouvrir << abstractions/ubu>
> mars 21 23:30:50 cyclope apparmor.systemd[541502]: Skipping profile
in /etc/apparmor.d/disable: usr.bin.thunderbird
> mars 21 23:30:50 cyclope apparmor.systemd[541516]: Skipping profile
in /etc/apparmor.d/disable: usr.local.sbin.vnoded
> mars 21 23:30:50 cyclope apparmor.systemd[541376]: Error: At least
one profile failed to load
> mars 21 23:30:50 cyclope systemd[1]: apparmor.service: Main process
exited, code=exited, status=1/FAILURE
> mars 21 23:30:50 cyclope systemd[1]: apparmor.service: Failed with
result 'exit-code'.
> mars 21 23:30:50 cyclope systemd[1]: Failed to start apparmor.service
- Load AppArmor profiles.
> "
> 
> apparmor packages upgrade: "
> # apt upgrade
> Upgrading:
>   apparmor         apparmor-profiles  cpp-12       g++-12  gcc-12-
base      libapparmor1   libstdc++-12-dev  login.defs  python3-
apparmor     ruby-public-suffix  wine-staging        wine-staging-
i386:i386
>   apparmor-notify  apparmor-utils     dh-apparmor  gcc-12 
libapparmor-dev  libgcc-12-dev  libsubid5         passwd      python3-
libapparmor  uidmap              wine-staging-amd64
> 
> Summary:
>   Upgrading: 23, Installing: 0, Removing: 0, Not Upgrading: 0
>   Download size: 0 B / 269 MB
>   Space needed: 7 288 kB / 815 GB available
> 
> Continue? [O/n]
> Récupération des rapports de bogue… Fait
> Analyse des informations Trouvé/Corrigé… Fait
> apt-listchanges : Lecture des fichiers de modifications
(« changelog »)...
> Préconfiguration des
paquets...                                                             
             
> (Lecture de la base de données... 1197085 fichiers et répertoires
déjà installés.)
> Préparation du dépaquetage de .../wine-staging_10.4~bookworm-
1_amd64.deb ...
> Dépaquetage de wine-staging (10.4~bookworm-1) sur (10.3~bookworm-1)
...
> Préparation du dépaquetage de .../wine-staging-i386_10.4~bookworm-
1_i386.deb ...
> Dépaquetage de wine-staging-i386:i386 (10.4~bookworm-1) sur
(10.3~bookworm-1) ...
> Préparation du dépaquetage de .../wine-staging-amd64_10.4~bookworm-
1_amd64.deb ...
> Dépaquetage de wine-staging-amd64 (10.4~bookworm-1) sur
(10.3~bookworm-1) ...

More information about the pkg-apparmor-team mailing list