Apparmor parsers fails due to broken capability detection. When restarting apparmor several profiles fail to load with messages like "Invalid capability net_bind_service". Reproducible: Always Steps to Reproduce: 1. emerge -av1 "~sys-devel/make-4.3" 2. emerge -av1 "~sys-apps/apparmor-2.13.4" "~sys-libs/libapparmor-2.13.4" "~sys-apps/apparmor-utils-2.13.4" 3. rc-service apparmor -v --nodeps restart 4. Observe several apparmor profiles fail to load 5. Downgrade make: emerge -av1 "<sys-devel/make-4.3" 6. Re-build apparmor: emerge -av1 "~sys-apps/apparmor-2.13.4" "~sys-libs/libapparmor-2.13.4" "~sys-apps/apparmor-utils-2.13.4" 7. Restart apparmor services again (this time profiles will load correctly): rc-service apparmor -v --nodeps restart
Upstream commit: https://gitlab.com/apparmor/apparmor/-/commit/92f6679da99152c9c1557ba5adade19ea1b4ee4f
@kensington https://github.com/gentoo/gentoo/pull/15037
(In reply to reagentoo from comment #2) > @kensington https://github.com/gentoo/gentoo/pull/15037 The patch here looks quite different to the one noted in comment #1. I'm running stable so I can't test to see what the difference is. Any advice?
(In reply to Michael Palimaka (kensington) from comment #3) > (In reply to reagentoo from comment #2) > > @kensington https://github.com/gentoo/gentoo/pull/15037 > > The patch here looks quite different to the one noted in comment #1. I'm > running stable so I can't test to see what the difference is. Any advice? https://i.imgur.com/NlZkZ3T.png
Advice - to accept PR or wait 5-10 month the next release. Obviosly.
*** Bug 727154 has been marked as a duplicate of this bug. ***
Created attachment 650600 [details, diff] diff of the modified ebuild I've modified the ebuild to only patch common/Make.rules if ">=sys-devel/make-4.3" is installed. I pushed it here: https://github.com/jiblime/gentoo/commit/81b54f83af7144eff67766532eac0d267ec54209 Would this be the best interim solution until upstream makes a release?
This should be fixed in 3.0.0.