apparmor-utils don't work when defining a variable on <tunables/home.d>
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Unassigned | ||
apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
When a variable is set in tunables/home.d/ the apparmor-utils programs don't work and return this error messages:
root@ws24:~# aa-logprof
Traceback (most recent call last):
File "/usr/sbin/
apparmor.
File "/usr/lib/
load_
File "/usr/lib/
incdata = parse_profile_
File "/usr/lib/
store_
File "/usr/lib/
raise AppArmorExcepti
apparmor.
root@ws24:~#
tags: | added: aa-tools |
Changed in apparmor: | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
Minimal testcase:
Create a directory with the following two files:
# find -not -type d |xargs head -n1000
==> ./tunables/home <==
@{HOMEDIRS}=/home/
#include <tunables/home.d/>
==> ./tunables/ home.d/ ubuntu <== +=/home2/
@{HOMEDIRS}
Then run aa-logprof -d $minimal_ testcase_ directory -f emptylog
("emptylog" is just an empty file to avoid side effects from the "real" log)
Some quick testing indicates that aa-logprof (and probably all other aa-* tools) read the profile dir _recursively_. That's not what it should do...
BTW: You'll get a similar (slightly shorter) traceback if you remove the "#include <tunables/home.d/> line.