Control: notforwarded -1 Vincas Dargis: > On 6/13/18 6:00 PM, intrigeri wrote: >> For the record, with 2.13-1 I see a different error: >> >> # aa-complain thunderbird >> Setting /usr/bin/thunderbird to complain mode. >> >> ERROR: Path doesn't start with / or variable: gpg >> >> i.e. aa-complain chokes on the "gpg" named child profile.
With 2.13.1: # aa-complain thunderbird Setting /usr/bin/thunderbird to complain mode. ERROR: /etc/apparmor.d/usr.bin.thunderbird doesn't contain a valid profile for /usr/bin/thunderbird (syntax error?) … and the profile is not set to complain mode. However, "aa-complain /etc/apparmor.d/usr.bin.thunderbird" works just fine: it sets both the thunderbird profile and its child gpg profile to complain mode :) I find this surprising given aa-complain(8) does not mention this is possible at all. > Same with gst_plugin_scanner when using 2.13: > $ sudo aa-enforce /etc/apparmor.d/* > < ...skipped... > > Setting /etc/apparmor.d/gst_plugin_scanner to enforce mode. > ERROR: Path doesn't start with / or variable: gst_plugin_scanner This is fixed in 2.13.1, most likely thanks to the changes for https://bugs.launchpad.net/apparmor/+bug/1775591 i.e. https://gitlab.com/apparmor/apparmor/merge_requests/142 So I'm removing the "forwarded" indication: that upstream bug was fixed but it only partly fixes what this bug report is about. Cheers, -- intrigeri
