Ubuntu
click package

preinstalling click packages to /custom/click doesn't run apparmor hooks

Bug #1223085 reported by Chris Wayne
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
click (Ubuntu)
Fix Released
High
Colin Watson

Bug Description

Package Versions:

ii click 0.4.4 amd64 Click packages
ii click-apparmor 0.1.9 all Click manifest to AppArmor easyprof conversion tools
ii click-dev 0.4.4 amd64 build Click packages
ii click-doc 0.4.4 all Click packages (documentation)
ii python3-apparmor-click 0.1.9 all Click manifest to AppArmor easyprof conversion tools
ii python3-click 0.4.4 amd64 Click packages (Python 3 interface)

Summary:

Trying to preinstall a click package into /custom/click doesn't include any of the apparmor profiles, and the hooks aren't run. The files can't be included in the tarball, as they live outside /custom

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: click 0.4.4
ProcVersionSignature: Ubuntu 3.11.0-4.9-generic 3.11.0-rc7
Uname: Linux 3.11.0-4-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.12.1-0ubuntu3
Architecture: amd64
Date: Mon Sep 9 19:54:04 2013
InstallationDate: Installed on 2013-04-26 (136 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
MarkForUpload: True
SourcePackage: click
UpgradeStatus: Upgraded to saucy on 2013-08-13 (27 days ago)

Related branches

lp:click
Colin Watson: Approve
Ubuntu CI managed package branches: Pending requested
Diff: 485 lines (+269/-70)
11 files modified
README (+1/-0)
click/build.py (+10/-22)
click/framework.py (+138/-0)
click/install.py (+8/-28)
click/paths.py.in (+1/-0)
click/tests/helpers.py (+29/-0)
click/tests/test_build.py (+39/-5)
click/tests/test_install.py (+2/-4)
debian/changelog (+8/-0)
doc/file-format.rst (+1/-2)
doc/index.rst (+32/-9)
lp:ubuntu/saucy-proposed/click
lp:~ubuntu-managed-branches/click/click (Merged)
Revision history for this message
Chris Wayne (cwayne) wrote :
Revision history for this message
Colin Watson (cjwatson) wrote :

I suspect we ought to arrange to run system-level hooks at boot.

Changed in click (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Colin Watson (cjwatson) wrote :

My previous plan is actually unviable - we can't write to the relevant directories in read-only mode. Bug 1215092 may be our only hope.

Revision history for this message
Chris Wayne (cwayne) wrote :

Could we not add /custom/var/lib/apparmor to whatever path apparmor uses to find profiles?

Revision history for this message
Colin Watson (cjwatson) wrote :

It is poor design to have to keep modifying packages to make them look in more and more directories, especially for autogenerated data. Things should Just Work without that.

Revision history for this message
Chris Wayne (cwayne) wrote :

It looks like the directories we would need are already writable, according to /etc/system-image/writable_paths, namely:

/var/lib/apparmor
/var/cache/apparmor

Colin Watson (cjwatson)
Changed in click (Ubuntu):
status: Triaged → Fix Committed
assignee: nobody → Colin Watson (cjwatson)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package click - 0.4.5

---------------
click (0.4.5) saucy; urgency=low

  * Document --force-missing-framework option in the error message produced
    when a package's required framework is not present.
  * Make "click pkgdir" exit 1 if a directory for the given package name or
    path is not found, rather than letting the exception propagate
    (LP: #1225923).
  * Run system hooks at boot time, in particular so that AppArmor profiles
    for packages in /custom are generated and loaded (LP: #1223085).
 -- Colin Watson <email address hidden> Mon, 16 Sep 2013 20:55:28 +0100

Changed in click (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.