[apparmor] Apparmor parser error ... syntax error, unexpected TOK_EQUALS, expecting TOK_MODE
John Johansen
john.johansen at canonical.com
Mon Sep 21 21:11:31 UTC 2015
On 09/21/2015 07:33 AM, Robert Munteanu wrote:
> Hi,
>
> I'm running apparmor 2.9.1, Kernel 3.16.7-24-default on openSUSE 13.2
> x86_64. During my attempts to configure and enable apparmor I hit a
> roadblock which I can't get out of. I created a
> usr.sbin.httpd2-prefork profile to match the apache installation from
> openSUSE. ( see diff at the end, I can find nothing relevant ).
>
> Trying to put the module into enforce mode leads to an error parsing
> /etc/apparmor.d/tunables/home:
>
> # aa-enforce usr.sbin.httpd2-prefork
> Setting /etc/apparmor.d/usr.sbin.httpd2-prefork to enforce mode.
> Traceback (most recent call last):
> File "/usr/sbin/aa-enforce", line 30, in <module>
> tool.cmd_enforce()
> File "/usr/lib/python3.4/site-packages/apparmor/tools.py", line 166,
> in cmd_enforce
> raise apparmor.AppArmorException(cmd_info[1])
> apparmor.common.AppArmorException: 'AppArmor parser error for
> /etc/apparmor.d/usr.sbin.httpd2-prefork in
> /etc/apparmor.d/tunables/home at line 16: syntax error, unexpected
> TOK_EQUALS, expecting TOK_MODE\n'
>
> The tunables/home file is unchanged.
>
> This looks a lot like
> https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1487536 , but
> I don't have an ubuntu machine to use apport for adding more
> information.
>
> How can I debug/fix this issue?
>
Hi Robert I am not sure what is going on from the provided info. However
we can manually work around this if needed.
if you do
sudo apparmor_parser -r usr.sbin.httpd2-prefork
does it succeed?
To manually put the profile in enforce mode, you need to make sure it is
not tagged as being in complain mode. This can be done by setting a
symlink in /etc/apparmor.d/force-complain or by directly setting the
flag in the profile file. Eg.
/etc/apparmor.d/usr.sbin.httpd2-prefork
More information about the AppArmor
mailing list