Ok this seems to be an issue with some of the basic apparmor commands
not preprocessing the profiles when working on them.
If we ask apparmor to parse the file in question it is happy to do so:
apparmor_parser -p -Q /etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine
[...]
# Those are discussed on
https://forum.snapcraft.io/t/snapd-vs-upstream-kernel-vs-apparmor
# and https://forum.snapcraft.io/t/snaps-and-nfs-home/
##included "/var/lib/snapd/apparmor/snap-confine.d"
# We run privileged, so be fanatical about what we include and don't use
# any abstractions
/etc/ld.so.cache r,
[...]
However, it does not seem to handle this well when we use some of the
associated utilities:
$ sudo aa-complain foo
ERROR: Syntax Error: Unknown line found in file
/etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15:
include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
$ sudo aa-disable foo
ERROR: Syntax Error: Unknown line found in file
/etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15:
include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1734038
Title:
Potential regression found with apparmor test on Xenial/Zesty
Status in linux package in Ubuntu:
Incomplete
Status in snapd package in Ubuntu:
New
Bug description:
Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41,
across different architectures
Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error
message:
ERROR: Syntax Error: Unknown line found in file
/etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15:
include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
(BTW the include and this ld.so.cache are not in the same line, please
refer to comment #3 for attachment)
This issue will gone if you downgrade the snapd and ubuntu-core-launcher
package:
sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5
Debug information:
ubuntu@kernel01:~$ snap version
snap 2.29.3
snapd 2.29.3
series 16
ubuntu 16.04
kernel 4.4.0-102-generic
ubuntu@kernel01:~$ apt list snapd
Listing... Done
snapd/xenial-proposed,now 2.29.3 s390x [installed]
N: There are 2 additional versions. Please use the '-a' switch to see them.
ubuntu@kernel01:~$ apt list apparmor -a
Listing... Done
apparmor/xenial-updates,now 2.10.95-0ubuntu2.7 s390x [installed]
apparmor/xenial-security 2.10.95-0ubuntu2.6 s390x
apparmor/xenial 2.10.95-0ubuntu2 s390x
Steps to run the Apparmor test from QA Regression testing suite:
1. git clone --depth 1 https://git.launchpad.net/qa-regression-testing
2. sudo ./qa-regression-testing/scripts/test-apparmor.py
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-102-generic 4.4.0-102.125
ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98
Uname: Linux 4.4.0-102-generic s390x
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code
2: ls: cannot access '/dev/snd/': No such file or directory
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.13
Architecture: s390x
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211
not found.
CurrentDmesg:
Date: Thu Nov 23 01:36:31 2017
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lspci:
Lsusb: Error: command ['lsusb'] failed with exit code 1:
PciMultimedia:
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C
SHELL=/bin/bash
ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb'
ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85
crashkernel=196M BOOT_IMAGE=0
RelatedPackageVersions:
linux-restricted-modules-4.4.0-102-generic N/A
linux-backports-modules-4.4.0-102-generic N/A
linux-firmware 1.157.13
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734038/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
