Good catch, Felix! I'm copying Intrigeri in this report to see how we could align a solution with how apparmor is intended to be used in this case.
Intrigeri, Do you know how we could have arrived to this situation (having a -remove file)? Do you know what is the expected way to cope with this -remove file? Should I delete this on preinst? Please advise. Thanks in advance. Cheers, \d On 24/03/18 17:08, Felix C. Stegerman wrote: > Package: openntpd > Version: 1:6.2p3-1 > Severity: normal > > Dear Maintainer, > > I noticed that my openntpd service stopped working after apparmor was > enabled in sid by default. I finally traced the problem to a remaining > /etc/apparmor.d/usr.sbin.ntpd.dpkg-remove without 'x' permissions for > /usr/sbin/ntpd. Whilst the /etc/apparmor.d/usr.sbin.ntpd config seemed > fine, it was being overruled by an old .dpkg-remove, which -- if I > understand the use of such files correctly -- should have been removed > automatically. > > Thanks. > > - Felix > > -- System Information: > Debian Release: buster/sid > APT prefers unstable > APT policy: (500, 'unstable'), (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE= > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages openntpd depends on: > ii adduser 3.117 > ii libc6 2.27-2 > ii lsb-base 9.20170808 > ii netbase 5.4 > > openntpd recommends no packages. > > Versions of packages openntpd suggests: > ii apparmor 2.12-4 > > -- Configuration Files: > /etc/default/openntpd changed [not included] > > -- no debconf information
