Ubuntu
apparmor package

configured_profile_names() in /lib/apparmor/functions breaks eg usr.bin.firefox profile

Bug #788616 reported by Christoph Trassl
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
High
Unassigned
2.6
Invalid
High
Unassigned
AppArmor 2.6.2
apparmor (Ubuntu)
Fix Released
High
Unassigned
Natty
Invalid
High
Unassigned
Oneiric
Fix Released
High
Unassigned

Bug Description

Binary package hint: apparmor

configured_profile_names() in /lib/apparmor/functions greps for '\^' which stops the shipped usr.bin.firefox profile from loading during apparmor restart or apparmor reload.

The firefox profile is named '/usr/lib/firefox-4.0.1/firefox{,*[^s][^h]} and therefore grepped away.

Revision history for this message
Christoph Trassl (chtrassl) wrote :

Sorry, missed the installed apparmor version, it is: 2.6.1-0ubuntu3

Revision history for this message
Steve Beattie (sbeattie) wrote :

Good catch. It should be filtering out '//' instead as that's now the separator used by the kernel portion of apparmor to indicate where hats and child profile names begin, like so:

=== modified file 'debian/lib/apparmor/functions'
--- debian/lib/apparmor/functions 2011-02-24 01:41:58 +0000
+++ debian/lib/apparmor/functions 2011-05-31 19:36:08 +0000
@@ -54,7 +54,7 @@
 }

 configured_profile_names() {
- foreach_configured_profile $quiet_arg -N 2>/dev/null | LC_COLLATE=C sort | grep -v '\^'
+ foreach_configured_profile $quiet_arg -N 2>/dev/null | LC_COLLATE=C sort | grep -v '//'
 }

 running_profile_names() {

Changed in apparmor (Ubuntu):
status: New → Triaged
importance: Undecided → High
Kees Cook (kees)
Changed in apparmor (Ubuntu Natty):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Steve Beattie (sbeattie) wrote :

This also affects the upstream parser/rc.apparmor.functions (which the debian/ubuntu version was based off of but differs from).

Changed in apparmor:
status: New → In Progress
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.6.1-4ubuntu1

---------------
apparmor (2.6.1-4ubuntu1) oneiric; urgency=low

  * Get rid of Perl in main AppArmor package so we can remove perl-modules
    from the installation cd:
    - debian/patches/0104-python-aa-status.patch: switch aa-status to
      Python
    - debian/apparmor.*, debian/apparmor-utils.*: move aa-status, symlink
      and manpages to main apparmor package.
    - debian/control: add appropriate Breaks/Replaces/Depends because of
      the file move, add ${python:Depends} to apparmor Depends, add
      apparmor-utils to apparmor Suggests.
    - debian/rules: add apparmor package to dh_python2.
  * debian/lib/apparmor/functions: fix hat separator (LP: #788616)
    - Based on upstream revision 1733
 -- Marc Deslauriers <email address hidden> Wed, 01 Jun 2011 11:03:20 -0400

Changed in apparmor (Ubuntu Oneiric):
status: Triaged → Fix Released
honnis (lechinoisdunord59)
Changed in apparmor:
status: In Progress → Confirmed
Revision history for this message
Christoph Trassl (chtrassl) wrote :

The issue was patched, can we cleanup and close this bug?

francisco gomes (nelitogrilo)
Changed in apparmor:
status: Confirmed → Fix Released
Revision history for this message
dino99 (9d9) wrote :

eol reached https://wiki.ubuntu.com/Releases

Changed in apparmor (Ubuntu Natty):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.