[apparmor] Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real.
Seth Arnold
seth.arnold at canonical.com
Thu Nov 23 01:47:57 UTC 2017
On Wed, Nov 22, 2017 at 07:32:39PM +0000, daniel curtis wrote:
> /usr/lib/snapd/snap-confine (attach_disconnected) {
> [...]
> include "/var/lib/snapd/apparmor/snap-confine.d"
>
> # We run privileged, so be fanatical about (...)
> /etc/ld.so.cache r,
Hello Daniel, I'm having trouble finding this profile. Can you report
where it came from? I have a vague feeling that this isn't the first bug
report I've seen to include it, but I just can't find the thing to
investigate further.
> aa-enforce(8) command produces the same error as above. As we can see, the
> error is the same. So it seems, that I'm unable to work with AppArmor
> profiles!
The Python-based utilities all assume that the AppArmor profiles always
parse properly. Any bug in any profile makes all the Python tools useless
on all profiles.
We cannot address this limitiation in any reasonable way.
When a profile is broken in a way that prevents the tools from parsing
the profile, you have no choice but to fix the broken profile if you wish
to use any of the Python tools. Of course, that may have consequences:
- Debian packages often will only upgrade a "configuration file"
automatically if it is unchanged. So fixing a bug in a profile that
was shipped in a Debian package may mean you do not get updates to
the configuration file in the future. Worse yet you will have no
notification of this most of the time.
- Tools that automatically modify the profile may not recognize the
profile after you fix it. Hopefully this is rare. Hopefully such
hypothetical tools are more resilient to small changes than this.
So either you're going to be hand-editing your other profiles to do what
you want or hand-editing the broken profile. I don't see other choices.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20171122/7424cfc2/attachment.sig>
More information about the AppArmor
mailing list