This bug was fixed in the package autopkgtest - 3.20.1
---
autopkgtest (3.20.1) unstable; urgency=medium
* When testing click packages, don't regenerate all AppArmor profiles if
/var/cache/apparmor/click-ap.rules already exists. That way the profiles
can be pre-adjusted once
> My previous comment came as I had inspecting that aa-clickhook was
called after temporary debs were installed in /tmp/adt-run.
directory.
Right, that's necessary as otherwise we don't know the precise file
paths, and the on-demand added AA profile tries minimize extra
privileges. But the bla
So I tried my patch and made relevant changes to our test suite (lp
:ubuntu-system-tests) and it does seem to be working fine.
My previous comment came as I had inspecting that aa-clickhook was
called after temporary debs were installed in /tmp/adt-run.
directory. and this code[1], which adde
I'm confused, what does this have to do with deb installation? The
apparmor rule hackery never affected "real" system installation of debs,
and the blanket /tmp/adt-run.** pattern should apply to all subsequent
temp location installs.
These apparmor rules should apply to click packages (only), not
I have attached a script based on your proposal.
I am not sure though if we can consider this the solution. The problem
is that we want to run this script after the debs are installed either
to the temp location or system location.
Need some more brainstorming ;)
** Patch added: "apparmor_no_for
Summary from IRC discussion:
This isn't sufficient yet as it will still need to regenerate the
profiles at the beginning, due to the changing /tmp/adt-run. paths.
It's also a bit ugly as this is supposed to be an internal
implementation detail which I wouldn't like to expose for eternity in a
Updated patch to optionally not use --force else apparmor click update
takes a long time
** Patch added: "autopkg_no_restore_apparmor_2.diff"
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1553797/+attachment/4591812/+files/autopkg_no_restore_apparmor_2.diff
--
You received this
The attachment "autopkg_no_restore_apparmor.diff" seems to be a patch.
If it isn't, please remove the "patch" flag from the attachment, remove
the "patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned
Attached diff should be able to achieve just that, still need to test it
though.
** Summary changed:
- [Enhancement] Provide a way to Update AppArmor rules for click tests only once
+ Provide a way to Update AppArmor rules for click tests only once
** Patch added: "autopkg_no_restore_apparmor.di
