Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 727154 - sys-apps/apparmor-2.13.4 : apparmor_parser broken(?)
Summary: sys-apps/apparmor-2.13.4 : apparmor_parser broken(?)
Status: RESOLVED DUPLICATE of bug 714158
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Michael Palimaka (kensington)
URL:
Whiteboard:
Keywords: PATCH, PullRequest
Depends on:
Blocks:
 
Reported: 2020-06-04 17:24 UTC by OwenJia
Modified: 2020-06-16 10:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
lots of parser errors (error.log,8.29 KB, text/plain)
2020-06-04 17:24 UTC, OwenJia 		Details
rules.patch (rules.patch,1.36 KB, patch)
2020-06-04 17:28 UTC, OwenJia 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description OwenJia 2020-06-04 17:24:14 UTC 
Created attachment 643434 [details]
lots of parser errors

lots of parser error when start apparmor.service,

journalctl -u apparmor.service
```
Jun 04 23:20:54 machine systemd[1]: Starting AppArmor profiles...
Jun 04 23:20:54 machine apparmor_load.sh[21853]: AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.managesieve in /etc/apparmor.d/abstractions/dovecot-common at line 12: Invalid capability setgid.
Jun 04 23:20:54 machine apparmor_load.sh[21852]: AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.lmtp in /etc/apparmor.d/abstractions/nis at line 14: Invalid capability net_bind_service.
<...>
Jun 04 23:20:54 machine apparmor_load.sh[21892]: AppArmor parser error for /etc/apparmor.d/nvidia_modprobe in /etc/apparmor.d/nvidia_modprobe at line 10: Invalid capability chown.
Jun 04 23:20:54 machine systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Jun 04 23:20:54 machine systemd[1]: apparmor.service: Failed with result 'exit-code'.
Jun 04 23:20:54 machine systemd[1]: Failed to start AppArmor profiles.
```

after done some research, I found out that this patch[^1] is working,
since apparmor-2.13.4.ebuild set `S=${WORKDIR}/apparmor-${PV}/parser`, and the file we need to patch is under dirctory `${WORKDIR}/apparmor-${PV}/common/`,
epatch not gonna work.

workaround:
1. download patch file,
   $ curl https://gitlab.com/apparmor/apparmor/uploads/7823a72985e91c46f611cddee7ef4972/rules.patch -o /tmp/rules.patch
2. $ ebuild /usr/portage/sys-apps/apparmor/apparmor-2.13.4.ebuild configure
3. $ cd /var/tmp/portage/sys-apps/apparmor-2.13.4/work/apparmor-2.13.4/;
   $ patch -p1 < /tmp/rules.patch
4. $ ebuild /usr/portage/sys-apps/apparmor/apparmor-2.13.4.ebuild install
5. if nothing went wrong, install it to system,
   $ sudo ebuild /usr/portage/sys-apps/apparmor/apparmor-2.13.4.ebuild qmerge
6. restart apparmor.service, and then check log
   $ systemctl restart apparmor.service
   $ journalctl -r -u apparmor.service




[1] https://gitlab.com/apparmor/apparmor/uploads/7823a72985e91c46f611cddee7ef4972/rules.patch
[2] https://gitlab.com/apparmor/apparmor/-/issues/74
Comment 1 OwenJia 2020-06-04 17:28:28 UTC 
Created attachment 643436 [details, diff]
rules.patch
Comment 2 Michael Palimaka (kensington) gentoo-dev 2020-06-16 10:33:03 UTC 

*** This bug has been marked as a duplicate of bug 714158 ***