Debian Bug report logs - #866790
postfix rules yield error and fail

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupre <anarcat@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: postfix rules yield error and fail

Date: Sat, 01 Jul 2017 14:10:43 -0400

Package: apparmor
Version: 2.11.0-3
Severity: grave

Right now, in debian stretch, any apparmor command will yield:

$ sudo aa-disable usr.bin.irssi

ERROR: Include file /etc/apparmor.d/program-chunks/postfix-common not found

... if apparmor-profiles is installed.

This, obviously, is an error in the postfix* apparmor profiles which
try to include a non-existing file. The proper file to include is
abstractions/postfix-common of course.

This seems to have been fixed in unstable, but it should really be
fixed in a point update in stretch.

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  init-system-helpers    1.48
ii  libapparmor-perl       2.11.0-3
ii  libc6                  2.24-11+deb9u1
ii  lsb-base               9.20161125
ii  python3                3.5.3-1

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-profiles        2.11.0-3
ii  apparmor-profiles-extra  1.11
ii  apparmor-utils           2.11.0-3

-- debconf information excluded

Message #10 received at 866790@bugs.debian.org (full text, mbox, reply):

From: intrigeri <intrigeri@debian.org>

To: Antoine Beaupre <anarcat@debian.org>

Cc: 866790@bugs.debian.org

Subject: Re: Bug#866790: postfix rules yield error and fail

Date: Sun, 02 Jul 2017 10:17:08 +0200

Control: tag -1 + moreinfo
Control: tag -1 + unreproducible

Hi,

Antoine Beaupre:
> ERROR: Include file /etc/apparmor.d/program-chunks/postfix-common not found

> ... if apparmor-profiles is installed.

> This, obviously, is an error in the postfix* apparmor profiles which
> try to include a non-existing file. The proper file to include is
> abstractions/postfix-common of course.

Thank you for this report.

What are "the postfix* apparmor profiles" that include
program-chunks/postfix-common? I.e. where are they installed, and by
which package/version?

I could not find any such thing in a Stretch chroot after installing
apparmor-profiles. I've looked in
/usr/share/doc/apparmor-profiles/extras/ and in /etc/apparmor.d/.

Perhaps you copied stuff from /usr/share/doc/apparmor-profiles/extras/
to /etc/apparmor.d/ in the past and your own copy needs an update?

Cheers,
-- 
intrigeri

Message #19 received at 866790-done@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@debian.org>

To: intrigeri <intrigeri@debian.org>

Cc: 866790-done@bugs.debian.org

Subject: Re: Bug#866790: postfix rules yield error and fail

Date: Sun, 02 Jul 2017 14:09:35 -0400

On 2017-07-02 10:17:08, intrigeri wrote:
> Control: tag -1 + moreinfo
> Control: tag -1 + unreproducible
>
> Hi,
>
> Antoine Beaupre:
>> ERROR: Include file /etc/apparmor.d/program-chunks/postfix-common not found
>
>> ... if apparmor-profiles is installed.
>
>> This, obviously, is an error in the postfix* apparmor profiles which
>> try to include a non-existing file. The proper file to include is
>> abstractions/postfix-common of course.
>
> Thank you for this report.
>
> What are "the postfix* apparmor profiles" that include
> program-chunks/postfix-common? I.e. where are they installed, and by
> which package/version?
>
> I could not find any such thing in a Stretch chroot after installing
> apparmor-profiles. I've looked in
> /usr/share/doc/apparmor-profiles/extras/ and in /etc/apparmor.d/.
>
> Perhaps you copied stuff from /usr/share/doc/apparmor-profiles/extras/
> to /etc/apparmor.d/ in the past and your own copy needs an update?

indeed, that looks like it. sorry for the noise.

A.

PS: seems to me like a good example why profiles-extra should be
deployed straight to /etc :p

-- 
I believe that love is a better teacher than a sense of duty.
                       - Albert Einstein

Message #24 received at 866790@bugs.debian.org (full text, mbox, reply):

From: intrigeri <intrigeri@debian.org>

To: Antoine Beaupré <anarcat@debian.org>

Cc: 866790@bugs.debian.org

Subject: Re: Bug#866790: postfix rules yield error and fail

Date: Mon, 03 Jul 2017 08:37:32 +0200

Antoine Beaupré:
> PS: seems to me like a good example why profiles-extra should be
> deployed straight to /etc :p

One step at a time: I'd rather see AppArmor enabled by default with
a small, robust policy first. And then we can think of extending this
policy :)

Cheers,
-- 
intrigeri

Message #29 received at 866790@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@debian.org>

To: intrigeri <intrigeri@debian.org>

Cc: 866790@bugs.debian.org

Subject: Re: Bug#866790: postfix rules yield error and fail

Date: Mon, 03 Jul 2017 09:42:16 -0400

On 2017-07-03 08:37:32, intrigeri wrote:
> Antoine Beaupré:
>> PS: seems to me like a good example why profiles-extra should be
>> deployed straight to /etc :p
>
> One step at a time: I'd rather see AppArmor enabled by default with
> a small, robust policy first. And then we can think of extending this
> policy :)

Well, we don't need to enable profiles-extra by default either...

a.

-- 
Prolétaires de tous les pays, qui lave vos chaussettes?
                        - Audrey Lorde

Send a report that this bug log contains spam.