Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 494426 - x11-misc/lightdm-1.8.5 with sys-apps/apparmor-2.8.2 - AppArmor parser error for /etc/apparmor.d/lightdm-guest-session in /etc/apparmor.d/abstractions/lightdm at line 14: Could not open 'abstractions/dbus-accessibility'
Summary: x11-misc/lightdm-1.8.5 with sys-apps/apparmor-2.8.2 - AppArmor parser error f...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Markos Chandras (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-16 08:41 UTC by Balazs Nemeth
Modified: 2013-12-22 13:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Balazs Nemeth 2013-12-16 08:41:41 UTC
A recent update of lightdm caused its abstraction called '/etc/apparmor.d/abstractions/lightdm' to fail when apparmor-2.8.2 tried to load them. See details below.

I do know know what is the cause of this. At the moment I do not need the profiles for lightdm so I disabled them them.
I am also not sure whether this one is lightdm specific or apparmor related.

Any help is appreciated.



Reproducible: Always

Steps to Reproduce:
1. install apparmor 2.8.2 and lightdm 1.8.5
2. start apparmor
3.
Actual Results:  
gaia3 balage # rc-service apparmor restart
 * WARNING: you are stopping a boot service
 * Stopping AppArmor ...
 *   Unloading AppArmor profiles                                                                                                                                                                                                       [ ok ]
 * Starting AppArmor ...
 *   Loading AppArmor profiles ...
 *   /etc/apparmor.d/abstractions
AppArmor parser error for /etc/apparmor.d/lightdm-guest-session in /etc/apparmor.d/abstractions/lightdm at line 14: Could not open 'abstractions/dbus-accessibility'
 *   /etc/apparmor.d/lightdm-guest-session failed to load

Obviously the mentioned file does not exist as it is Ubuntu specific.
If I copy it from an Ubuntu 13.10 system, the message changes to this one.

gaia3 balage # rc-service apparmor restart
 * WARNING: you are stopping a boot service
 * Stopping AppArmor ...
 *   Unloading AppArmor profiles                                                                                                                                                                                                       [ ok ]
 * Starting AppArmor ...
 *   Loading AppArmor profiles ...
 *   /etc/apparmor.d/abstractions
AppArmor parser error for /etc/apparmor.d/lightdm-guest-session in /etc/apparmor.d/abstractions/dbus-accessibility at line 12: syntax error, unexpected TOK_CONDID, expecting TOK_MODE
 *   /etc/apparmor.d/lightdm-guest-session failed to load 

Expected Results:  
gaia3 balage # rc-service apparmor restart
 * WARNING: you are stopping a boot service
 * Stopping AppArmor ...
 *   Unloading AppArmor profiles                                                                                                                                                                                                       [ ok ]
 * Starting AppArmor ...
 *   Loading AppArmor profiles ...
 *   /etc/apparmor.d/abstractions


gaia3 balage # emerge --info
Portage 2.2.7 (default/linux/amd64/13.0/desktop/kde, gcc-4.7.3, glibc-2.16.0, 3.10.17-gentoo x86_64)
=================================================================
System uname: Linux-3.10.17-gentoo-x86_64-Intel-R-_Core-TM-_i5_CPU_M_520_@_2.40GHz-with-gentoo-2.2
KiB Mem:     7962144 total,   2590816 free
KiB Swap:    3903484 total,   3903484 free
Timestamp of tree: Thu, 05 Dec 2013 00:45:01 +0000
ld GNU ld (GNU Binutils) 2.23.1
ccache version 3.1.9 [enabled]
app-shells/bash:          4.2_p45
dev-java/java-config:     2.1.12-r1
dev-lang/python:          2.7.5-r3, 3.3.2-r2
dev-util/ccache:          3.1.9
dev-util/cmake:           2.8.11.2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.12.4
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6, 1.12.6, 1.13.4
sys-devel/binutils:       2.23.1
sys-devel/gcc:            4.7.3-r1
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.9 (virtual/os-headers)
sys-libs/glibc:           2.16.0
Repositories: gentoo unoffical-balabit-overlay hardened-dev
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA PUEL skype-eula dlj-1.1 googleearth AdobeFlash-10.3 google-talkplugin Q3AEULA Google-TOS AdobeFlash-11.x google-chrome"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/_gentoo_portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://de-mirror.org/distro/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ http://gentoo.osuosl.org/ http://gentoo.inode.at/"
LANG="hu_HU.UTF-8"
LC_ALL="hu_HU.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j3"
PKGDIR="/_gentoo_portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/_gentoo_portage/tmpfs"
PORTDIR="/_gentoo_portage/portage"
PORTDIR_OVERLAY="/_gentoo_portage/overlays/balabit /_gentoo_portage/overlays/hardened-dev"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa amd64 bash-completion berkdb branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus declarative dri dts dvd dvdr emboss exif fam firefox flac fortran gdbm gif gpm gtk iconv icu ipv6 jpeg kde kipi lcms libnotify mad mmx mmxext mng modules mp3 mp4 mpeg mudflap multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf phonon plasma png policykit ppds pulseaudio qt3support qt4 readline sdl semantic-desktop session sse sse2 sse3 ssl ssse3 startup-notification svg tcpd tiff truetype udev udisks unicode upower usb v4l vorbis wxwidgets x264 xcb xcomposite xinerama xml xscreensaver xv xvid zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en hu" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="vesa intel fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 1 Markos Chandras (RETIRED) gentoo-dev 2013-12-17 21:29:38 UTC
Sorry not sure what apparmor is and how it works. CC'ing maintainers. Does 1.9.X work?
Comment 2 Balazs Nemeth 2013-12-18 09:45:11 UTC
No, it does not as it contains the same files. The abstractions require another file which is not shipped with lightdm as it belongs to the package 'apparmor' at least on Ubuntu.
Though we do have apparmor-profiles in gentoo this file 'abstractions/dbus-accessibility' is not part of it.
However even if someone will include it in the lightdm package (makes sense as it depends on it), it will not work with the version of apparmor shipped with portage. (see syntax error in the original report)

Maybe it would be a good idea if someone who knows apparmor better than me would take a look at this.

If there is something to test, I am willing to help.
Comment 3 Michael Palimaka (kensington) gentoo-dev 2013-12-18 12:28:09 UTC
lightdm-guest-session depends on Ubuntu-only abstractions/dbus-accessibility, which in turns depends on Ubuntu-only AppArmor changes. I would suggest that lightdm upstream shouldn't be shipping this file.
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2013-12-19 11:15:55 UTC
(In reply to Michael Palimaka (kensington) from comment #3)
> lightdm-guest-session depends on Ubuntu-only
> abstractions/dbus-accessibility, which in turns depends on Ubuntu-only
> AppArmor changes. I would suggest that lightdm upstream shouldn't be
> shipping this file.

Thanks. I guess I need to change the ebuild to remove this file then
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2013-12-22 13:35:52 UTC
lightdm's /etc/apparmor.d/ files have been removed in 1.8.5-r1

Thanks

+*lightdm-1.8.5-r1 (22 Dec 2013)
+
+  22 Dec 2013; Markos Chandras <hwoarang@gentoo.org> +lightdm-1.8.5-r1.ebuild,
+  lightdm-1.9.5.ebuild:
+  Remove apparmor profiles per #494426. Thanks to Balazs Nemeth
+  <jobbara.artalmatlan@gmail.com>
+