The reason a there is no conflict for
1. /usr/lib/jvm/java-6-openjdk/jre/bin/java cx -> browser_openjdk,
2. /usr/lib/jvm/java-6-openjdk-{amd64,armel,armhf,i386,powerpc}/jre/bin/java cx -> browser_openjdk,
but there is for
3. /usr/lib/jvm/java-6-openjdk/jre/bin/java cx -> browser_openjdk,
4. /usr/lib/jvm/java-6-openjdk*/jre/bin/java cx -> browser_openjdk,
is that there is an intersection where both rules match
/usr/lib/jvm/java-6-openjdk/jre/bin/java
while this should be allowed as they specify the same transition and permissions there appears to be a bug with the exec permissions tracking in the apparmor parser so that this intersection is being rejected as having conflicting x permissions.
The reason a there is no conflict for jvm/java- 6-openjdk/ jre/bin/ java cx -> browser_openjdk, jvm/java- 6-openjdk- {amd64, armel,armhf, i386,powerpc} /jre/bin/ java cx -> browser_openjdk, jvm/java- 6-openjdk/ jre/bin/ java cx -> browser_openjdk, jvm/java- 6-openjdk* /jre/bin/ java cx -> browser_openjdk,
1. /usr/lib/
2. /usr/lib/
but there is for
3. /usr/lib/
4. /usr/lib/
is that there is an intersection where both rules match lib/jvm/ java-6- openjdk/ jre/bin/ java
/usr/
while this should be allowed as they specify the same transition and permissions there appears to be a bug with the exec permissions tracking in the apparmor parser so that this intersection is being rejected as having conflicting x permissions.