[apparmor] lxc/lxc-default contains syntax errors. Line [ capability, ]

Me Self wmsopou at gmail.com
Wed Mar 30 08:33:20 UTC 2016 

Well I must have corrupted it by running make, aa-genprof seems to be
looking into the source folder. This is what happens after removing the
/etc/apparmor.d/lxc* stuff:

$ sudo aa-genprof /usr/local/tomcat/bin/catalina.sh

apparmor-2.7.102/README contains syntax errors. Line [------------]


On Wed, Mar 30, 2016 at 10:13 AM, Me Self <wmsopou at gmail.com> wrote:

> Judging by file dates I have not overwritten the binaries by running make:
>
> $ ll /usr/sbin/aa-genprof
> -rwxr-xr-x 1 root root 6355 aug 11  2014 /usr/sbin/aa-genprof*
>
> $ ll /usr/lib/libapp*
> -rw-r--r-- 1 root root 56990 aug 11  2014 /usr/lib/libapparmor.a
> -rw-r--r-- 1 root root   961 aug 11  2014 /usr/lib/libapparmor.la
> lrwxrwxrwx 1 root root    20 aug 11  2014 /usr/lib/libapparmor.so ->
> libapparmor.so.1.0.2
> lrwxrwxrwx 1 root root    20 aug 11  2014 /usr/lib/libapparmor.so.1 ->
> libapparmor.so.1.0.2
> -rw-r--r-- 1 root root 39664 aug 11  2014 /usr/lib/libapparmor.so.1.0.2
> lrwxrwxrwx 1 root root    25 mar  7  2013 /usr/lib/libappindicator3.so.1
> -> libappindicator3.so.1.0.0
> -rw-r--r-- 1 root root 52048 mar  7  2013
> /usr/lib/libappindicator3.so.1.0.0
> lrwxrwxrwx 1 root root    24 mar  7  2013 /usr/lib/libappindicator.so.1 ->
> libappindicator.so.1.0.0
> -rw-r--r-- 1 root root 52048 mar  7  2013 /usr/lib/libappindicator.so.1.0.0
>
> On Wed, Mar 30, 2016 at 9:54 AM, Me Self <wmsopou at gmail.com> wrote:
>
>> I also installed the source for libapache2-mod-apparmor to build the
>> tomcat changehat. I followed these steps from the README to build the
>> library before building the Java stuff. I hope I skipped the last step to
>> install, but if i didnt could that have corrupted the ubuntu installation?
>>
>> libapparmor:
>> $ cd ./libraries/libapparmor
>> $ sh ./autogen.sh
>> $ sh ./configure --prefix=/usr --with-perl      # see below
>> $ make
>> $ make check
>> $ make install
>>
>>
>>
>>
>> On Wed, Mar 30, 2016 at 4:02 AM, Seth Arnold <seth.arnold at canonical.com>
>> wrote:
>>
>>> On Tue, Mar 29, 2016 at 05:10:39PM -0700, John Johansen wrote:
>>> > >> lxc/lxc-default contains syntax errors. Line [  capability,]
>>> > >> Ubuntu 12.04
>>>
>>> > > Hello; I wasn't able to recreate this locally. Do you get any errors
>>> when
>>>
>>> > hrmmm IIRC (and I haven't taken the time to check) a bare capability
>>> rule
>>> > ie.
>>> >    capability,
>>> >
>>> > is not valid to the version of apparmor in 12.04
>>>
>>> That's what I expected to find when I went investigating, but the file
>>> looks like this out of the box:
>>>
>>> sarnold at sec-precise-amd64:~$ cat /etc/apparmor.d/lxc/lxc-default
>>> # Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers,
>>> which
>>> # will source all profiles under /etc/apparmor.d/lxc
>>>
>>> profile lxc-container-default
>>> flags=(attach_disconnected,mediate_deleted) {
>>>   network,
>>>   capability,
>>>   file,
>>>   umount,
>>> ...
>>>
>>> $ sudo grep lxc /sys/kernel/security/apparmor/profiles
>>> lxc-container-default (enforce)
>>> /usr/bin/lxc-start (enforce)
>>>
>>> That's how I came to wondering if the file was corrupted.
>>>
>>> Thanks
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160330/a83f4cfc/attachment.html>

More information about the AppArmor mailing list