[Pkg-xfce-devel] Bug#747252: Bug#747252: Bug#747252: lightdm: AppArmor parser error in /etc/apparmor.d/abstractions/lightdm_chromium-browser

intrigeri intrigeri at debian.org
Thu Jun 5 09:00:59 UTC 2014


Yves-Alexis Perez wrote (06 May 2014 22:21:53 GMT) :
I gave it a quick try as part of my work on AppArmor support in
Debian. The attached patch suppresses the parser errors on unknown
ptrace and signal keywords, but then:

# apparmor_parser -r /etc/apparmor.d/lightdm-guest-session
profile has merged rule with conflicting x modifiers
ERROR processing regexs for profile /usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session, failed to load

I'm giving up for now: if this profile is meant to confine a piece of
software that's not part of Debian, my interest level goes very much
down. Why ship this profile at all, if it's useless, and its
(unspecified in debian/control) dependencies can't easily be satisfied
in current Debian unstable?

Hopefully we get a newer AppArmor userspace soon enough for Jessie,
and hopefully it works without additional out-of-tree kernel patches

> I'm ok for that, but if someone could actually provide a working/tested
> profile it'd help. I'd rather not upload that stuff twice or thrice just
> to pass one error at a time…

It's unclear to me what "working/tested" means in this context, if
Daniel Richard G.'s assertion that the lightdm guest session does not
exist on Debian. Do you mean a patched profile that parses right, even
if it's entirely useless?

  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: drop-ptrace-and-signal.diff
Type: text/x-diff
Size: 1880 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20140605/c84abfbf/attachment-0001.diff>

More information about the Pkg-xfce-devel mailing list