Skip to content
Snippets Groups Projects

ospack: Switch AppArmor profiles to complain mode

Merged ospack: Switch AppArmor profiles to complain mode
wip/em/logind-canterbury-ribchester-to-apparmor-complain into apertis/v2019dev0
3 unresolved threads
Merged Emanuele Aina requested to merge wip/em/logind-canterbury-ribchester-to-apparmor-complain into apertis/v2019dev0
3 unresolved threads

After the rebase to Buster, some AppArmor profiles have become problematic and prevent the components from working.

In particular, the logind, Canterbury and Ribchester profiles prevent the Mildenhall HMI from appearing on the screen.

Until they get updated, switch them to complain mode rather than enforcing.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
apertis-ospack-minimal.yaml
4 4 {{- $suite := or .suite "v2019dev0" -}}
5 5 {{- $timestamp := or .timestamp "" -}}
6 6 {{- $ospack := or .ospack (printf "ospack_%s-%s-%s" $suite $architecture $type) -}}
7 {{- $ivitools := or .ivitools "enabled" -}}
  • Sjoerd Simons
    Sjoerd Simons @sjoerd started a thread on an outdated change in commit fe6dc37b
    • scripts/apparmor-profile-switch-to-complain.py 0 → 100755
    1 #!/usr/bin/env python3
    • Sjoerd Simons
      Sjoerd Simons @sjoerd ·
      Owner

      So why hacking up all the profile files rather then making symlinks to the various profiles from /etc/apparmor.d/force-complain/ which seems more robust and easier to use?

    • Emanuele Aina
      Emanuele Aina @em ·
      Author Owner

      Because I looked at what aa-complain does and I didn't stumble on anyone documenting the force-complain symlinks, so now I'm mad at AppArmor. Well, not really, luckily this is less than a hour of trivial copying and pasting, so I'm more than happy to rework this one to use the symlinks. I really wonder why aa-complain took the long-winded approach though...

    • Emanuele Aina changed this line in version 2 of the diff

      changed this line in version 2 of the diff

    • Please register or sign in to reply
  • Emanuele Aina added 2 commits

    added 2 commits

    • ff023490 - ospack-minimal: Make the Canterbury appfw conditional on ivitools
    • 51237aec - ospack: Switch AppArmor profiles to complain mode

    Compare with previous version

  • Emanuele Aina added 1 commit

    added 1 commit

    • 959c8ce9 - ospack: Switch AppArmor profiles to complain mode

    Compare with previous version

  • Emanuele Aina added 1 commit

    added 1 commit

    • d13c1b4c - ospack: Switch AppArmor profiles to complain mode

    Compare with previous version

  • Emanuele Aina added 1 commit

    added 1 commit

    • 7c71ec63 - ospack: Switch AppArmor profiles to complain mode

    Compare with previous version

  • Sjoerd Simons
    Sjoerd Simons @sjoerd started a thread on an outdated change in commit d13c1b4c
    • apertis-ospack-minimal.yaml
    156 156 chroot: true
    157 157 script: scripts/generate_locales.sh
    158 158
    159 - action: run
    160 description: Switch the logind AppArmor profile to complain mode
    161 chroot: false
    162 script: scripts/apparmor-profile-switch-to-complain.sh ${ROOTDIR}/etc/apparmor.d/lib.systemd.systemd-logind
    163
    164 {{ if eq $ivitools "enabled" }}
  • Emanuele Aina added 1 commit

    added 1 commit

    • fffab36d - ospack: Switch AppArmor profiles to complain mode

    Compare with previous version

  • Sjoerd Simons merged

    merged

    • Please register or sign in to reply
    Apertis Website Terms of Use Privacy Policy