** Patch added: "Debdiff of upstream patch from https://gitlab.com/apparmor/apparmor/-/merge_requests/1218 for Noble" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2102246/+attachment/5864573/+files/lp_2078467_noble.debdiff
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2102246 Title: [SRU] App armor crashes on aa-enforce due to "Profile not found" Status in apparmor package in Ubuntu: New Bug description: [ Impact ] * Currently there is a bug in apparmor where executing the aa- enforce command causes the apparmor to crash with: aaui.UI_Info(_('Profile for %s not found, skipping') % output_name). Traceback (most recent call last): File "/usr/sbin/aa-enforce", line 33, in <module> tool.cmd_enforce() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 134, in cmd_enforce for (program, prof_filename, output_name) in self.get_next_for_modechange(): File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 97, in get_next_for_modechange aaui.UI_Info(_('Profile for %s not found, skipping') % output_name) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: 'NoneType' object is not callable An unexpected error occurred! * Users have been unable to roll out their intended CIS hardening policies to production as they are blocked by this issue * This bug was reported in LP #2078467: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2078467, and upstream apparmor at https://gitlab.com/apparmor/apparmor/-/issues/387 * The bug reporter indicated that they worked around the problem by manually applying the upstream fix at: https://gitlab.com/apparmor/apparmor/-/merge_requests/1218. However, this bug was reported internally by a customer who cannot manually apply the fix to every affected machine. [Test Plan] * Deploy a fresh Ubuntu Noble VM, install apparmor/apparmor-utils, and run: sudo aa-enforce /etc/apparmor.d/* This will produce the same traceback as seen the bug report * Apply the patch, and run sudo aa-enforce /etc/apparmor.d/*, observing that no errors were produced [What can go wrong] * The bug was introduced essentially due to a refactorization of a function which originally returned two values. One of which, the return value 'profile', was ambiguously either a profile name or a profile filename. The restructuring in the previous patch ensured the function always returned 3 values, each of which being explicitly defined to remove the ambiguous nature of the "profile" return value. It's possible that there will be subsequent changes similar to this one due to the original change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2102246/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
