Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 747859

Summary: sys-apps/firejail-0.9.62-r1: USE=apparmor installs apparmor profile incompatible with aa-3
Product: Gentoo Linux Reporter: Gregory Beauregard <gentoobugs>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: RESOLVED FIXED    
Severity: normal CC: sam
Priority: Normal Keywords: PATCH, PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/17929
Whiteboard:
Package list:
Runtime testing required: ---

Description Gregory Beauregard 2020-10-11 17:50:17 UTC 
The profile firejail installs to /etc/apparmor.d/firejail-default is incompatible with apparmor 3.0.0 that recently landed in Gentoo, causing the apparmor.service to fail to load. See https://bugs.gentoo.org/74761 for the bug caused by this profile.

This problem has been identified and fixed upstream:
https://github.com/netblue30/firejail/commit/9bf6e0ead189b924e5fca099b35d88be091bd009

Reproducible: Always
Comment 1 Gregory Beauregard 2020-10-11 17:57:29 UTC 
(In reply to Gregory Beauregard from comment #0)
> The profile firejail installs to /etc/apparmor.d/firejail-default is
> incompatible with apparmor 3.0.0 that recently landed in Gentoo, causing the
> apparmor.service to fail to load. See https://bugs.gentoo.org/74761 for the
> bug caused by this profile.
> 
> This problem has been identified and fixed upstream:
> https://github.com/netblue30/firejail/commit/
> 9bf6e0ead189b924e5fca099b35d88be091bd009
> 
> Reproducible: Always

Typo, bug caused by the profile is here: https://bugs.gentoo.org/747613
Comment 2 Dmitriy Baranov 2020-10-27 16:10:59 UTC 
Thank you for your reports. There some workaround for this?
And it is not possible to build firejail-9999 with this fix currently https://bugs.gentoo.org/751466.
Comment 3 Gregory Beauregard 2020-10-27 23:44:03 UTC 
(In reply to reagentoo from comment #2)
> Thank you for your reports. There some workaround for this?
> And it is not possible to build firejail-9999 with this fix currently
> https://bugs.gentoo.org/751466.

You can modify the apparmor profile to be valid, but note the firejail versions in repo have oustanding CVEs.
Comment 4 Larry the Git Cow gentoo-dev 2020-11-11 07:50:21 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f23fe664f064159ec4460c36c114ff5858c3033b

commit f23fe664f064159ec4460c36c114ff5858c3033b
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2020-10-14 17:36:50 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-11-11 07:50:10 +0000

    sys-apps/firejail: Version bump for CVEs, fixes, add proxy maintainer
    
    Version bump to address outstanding CVEs. Confirmed the current
    release includes the fixes for several open bugs, so closing those.
    
    Updated to address feedback in https://github.com/gentoo/gentoo/pull/17929
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Closes: https://bugs.gentoo.org/698062
    Closes: https://bugs.gentoo.org/747859
    Closes: https://bugs.gentoo.org/747613
    Closes: https://bugs.gentoo.org/747859
    Bug: https://bugs.gentoo.org/736816
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Closes: https://github.com/gentoo/gentoo/pull/17929
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 sys-apps/firejail/Manifest               |  1 +
 sys-apps/firejail/firejail-0.9.64.ebuild | 83 ++++++++++++++++++++++++++++++++
 sys-apps/firejail/metadata.xml           | 10 +++-
 3 files changed, 93 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f23fe664f064159ec4460c36c114ff5858c3033b

commit f23fe664f064159ec4460c36c114ff5858c3033b
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2020-10-14 17:36:50 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-11-11 07:50:10 +0000

    sys-apps/firejail: Version bump for CVEs, fixes, add proxy maintainer
    
    Version bump to address outstanding CVEs. Confirmed the current
    release includes the fixes for several open bugs, so closing those.
    
    Updated to address feedback in https://github.com/gentoo/gentoo/pull/17929
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Closes: https://bugs.gentoo.org/698062
    Closes: https://bugs.gentoo.org/747859
    Closes: https://bugs.gentoo.org/747613
    Closes: https://bugs.gentoo.org/747859
    Bug: https://bugs.gentoo.org/736816
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Closes: https://github.com/gentoo/gentoo/pull/17929
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 sys-apps/firejail/Manifest               |  1 +
 sys-apps/firejail/firejail-0.9.64.ebuild | 83 ++++++++++++++++++++++++++++++++
 sys-apps/firejail/metadata.xml           | 10 +++-
 3 files changed, 93 insertions(+), 1 deletion(-)