Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 727154

Summary: sys-apps/apparmor-2.13.4 : apparmor_parser broken(?)
Product: Gentoo Linux Reporter: OwenJia <aptx945>
Component: Current packagesAssignee: Michael Palimaka (kensington) <kensington>
Status: RESOLVED DUPLICATE    
Severity: normal CC: hardened
Priority: Normal Keywords: PATCH, PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/16192
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: lots of parser errors
rules.patch

Description OwenJia 2020-06-04 17:24:14 UTC 
Created attachment 643434 [details]
lots of parser errors

lots of parser error when start apparmor.service,

journalctl -u apparmor.service
```
Jun 04 23:20:54 machine systemd[1]: Starting AppArmor profiles...
Jun 04 23:20:54 machine apparmor_load.sh[21853]: AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.managesieve in /etc/apparmor.d/abstractions/dovecot-common at line 12: Invalid capability setgid.
Jun 04 23:20:54 machine apparmor_load.sh[21852]: AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.lmtp in /etc/apparmor.d/abstractions/nis at line 14: Invalid capability net_bind_service.
<...>
Jun 04 23:20:54 machine apparmor_load.sh[21892]: AppArmor parser error for /etc/apparmor.d/nvidia_modprobe in /etc/apparmor.d/nvidia_modprobe at line 10: Invalid capability chown.
Jun 04 23:20:54 machine systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Jun 04 23:20:54 machine systemd[1]: apparmor.service: Failed with result 'exit-code'.
Jun 04 23:20:54 machine systemd[1]: Failed to start AppArmor profiles.
```

after done some research, I found out that this patch[^1] is working,
since apparmor-2.13.4.ebuild set `S=${WORKDIR}/apparmor-${PV}/parser`, and the file we need to patch is under dirctory `${WORKDIR}/apparmor-${PV}/common/`,
epatch not gonna work.

workaround:
1. download patch file,
   $ curl https://gitlab.com/apparmor/apparmor/uploads/7823a72985e91c46f611cddee7ef4972/rules.patch -o /tmp/rules.patch
2. $ ebuild /usr/portage/sys-apps/apparmor/apparmor-2.13.4.ebuild configure
3. $ cd /var/tmp/portage/sys-apps/apparmor-2.13.4/work/apparmor-2.13.4/;
   $ patch -p1 < /tmp/rules.patch
4. $ ebuild /usr/portage/sys-apps/apparmor/apparmor-2.13.4.ebuild install
5. if nothing went wrong, install it to system,
   $ sudo ebuild /usr/portage/sys-apps/apparmor/apparmor-2.13.4.ebuild qmerge
6. restart apparmor.service, and then check log
   $ systemctl restart apparmor.service
   $ journalctl -r -u apparmor.service




[1] https://gitlab.com/apparmor/apparmor/uploads/7823a72985e91c46f611cddee7ef4972/rules.patch
[2] https://gitlab.com/apparmor/apparmor/-/issues/74
Comment 1 OwenJia 2020-06-04 17:28:28 UTC 
Created attachment 643436 [details, diff]
rules.patch
Comment 2 Michael Palimaka (kensington) gentoo-dev 2020-06-16 10:33:03 UTC 

*** This bug has been marked as a duplicate of bug 714158 ***