Right, the add option will return EEXIST if any profile exists, and fails the load. This is why --replace is used it will load or replace.
In upstream kernel 3.12 is the first to support loading multiple profiles, in a single load. Ubuntu has been carrying (and testing the patch) since Saucy (3.11 based kernel). When the kernel supports loading multiple profiles it exports the file (assuming securityfs is mounted at /sys/kernel/security) /sys/kernel/security/apparmor/features/policy/set_load Previous kernels will just ignore extra data after the first profile (multiple profile load was always planned). Concatenating profile cache files into a single file should work, as long as each file is a valid cache file, and the load is a single atomic write. This can be done by writing the file to the raw interface directly or via the parser using the -B option. The parser has the logic to break apart the large file if the kernel doesn't support multiple profile loads, so I would recommend using it, but it isn't required. I'm still looking into what exactly is causing the kernel oops. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1317545 Title: AppArmor: general protection fault: 0000 [#1] SMP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1317545/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
