[apparmor] Bug#768699: apparmor-profiles-extra: FTBFS in jessie: Tests failures

Lucas Nussbaum lucas at debian.org
Mon Nov 10 17:26:35 UTC 2014 

Hi,

On 10/11/14 at 15:54 +0100, intrigeri wrote:
> Control: tag -1 + moreinfo
> 
> Hi Lucas, hi AppArmor folks!
> 
> [this is about https://bugs.debian.org/768699]
> 
> Lucas Nussbaum wrote (09 Nov 2014 07:25:48 GMT) :
> > During a rebuild of all packages in jessie (in a jessie chroot, not a
> > sid chroot), your package failed to build on amd64.
> 
> Thanks lot for this report, and the underlying QA effort!
> 
> Lucas: I have one question for you at the end of this email.
> I guess you can skip the rest.
> 
> AppArmor folks: I have one question for you, almost at the end of
> this email.
> 
> > Relevant part (hopefully):
> >> + touch tests/local/usr.sbin.apt-cacher-ng
> >> + /sbin/apparmor_parser --add --skip-cache --skip-kernel-load -I profiles -I tests /«PKGBUILDDIR»/profiles/usr.sbin.apt-cacher-ng
> >> Cache read/write disabled: /sys/kernel/security/apparmor/features interface file
> >> missing. (Kernel needs AppArmor 2.4 compatibility patch.)
> >> + touch tests/local/usr.bin.evince
> >> + /sbin/apparmor_parser --add --skip-cache --skip-kernel-load -I profiles -I tests /«PKGBUILDDIR»/profiles/usr.bin.evince
> >> Cache read/write disabled: /sys/kernel/security/apparmor/features interface file
> >> missing. (Kernel needs AppArmor 2.4 compatibility patch.)
> >> + touch tests/local/usr.bin.pidgin
> >> + /sbin/apparmor_parser --add --skip-cache --skip-kernel-load -I profiles -I tests /«PKGBUILDDIR»/profiles/usr.bin.pidgin
> >> Cache read/write disabled: /sys/kernel/security/apparmor/features interface file
> >> missing. (Kernel needs AppArmor 2.4 compatibility patch.)
> >> + touch tests/local/usr.sbin.tcpdump
> >> + /sbin/apparmor_parser --add --skip-cache --skip-kernel-load -I profiles -I tests /«PKGBUILDDIR»/profiles/usr.sbin.tcpdump
> >> Cache read/write disabled: /sys/kernel/security/apparmor/features interface file
> >> missing. (Kernel needs AppArmor 2.4 compatibility patch.)
> >> *** Error in `/sbin/apparmor_parser': free(): invalid next size (normal): 0x00000000009915a0 ***
> >> Aborted
> >> make[1]: *** [override_dh_auto_test] Error 134
> >> debian/rules:21: recipe for target 'override_dh_auto_test' failed
> 
> I've tried to reproduce this locally, and failed (pbuilder,
> {jessie,sid}/amd64). I've filed #768980 against the apparmor package,
> since apparmor_parser lives in there, and it should just not crash
> this way.
> 
> Then, I wondered whether the order of profiles loading mattered (it
> depends on find's output, which depends on low-level local filesystem
> details that do vary), so I've also tried to reproduce after forcing
> the "for profile in" loop to load the profiles in the exact same order
> as the one that exposed the problem => still can't reproduce the bug.
> 
> > The full build log is available from:
> >    http://aws-logs.debian.net/ftbfs-logs/2014/11/08/apparmor-profiles-extra_1.4_jessie.log
> 
> I noticed this line in the log:
> 
>    Kernel: Linux 2.6.32-5-xen-amd64 amd64 (x86_64)
> 
> I suspect current apparmor_parser might not support 2.6.32 that
> well... upstream folks, what do you think?
> 
> Lucas:
> 
>   * what's the configuration of this 2.6.32-5-xen-amd64 kernel?
>   * is it an option to try building this package on the same kind of
>     setup, but with a newer kernel?
> 
> I'm tempted to simply wrap the tests in debian/rules with
> a conditional about the running kernel version, and see if the problem
> arises again on next archive rebuild.

Erm, the Amazon EC2 virtual machine is supposed to be running wheezy,
but for some reason, the kernel in use might still be squeeze's. I'll
see what I can do. In the meantime, I think that it makes sense to not
change anything on the apparmor side, and just close this bug.

Lucas

More information about the AppArmor mailing list