init script returns 0 even after parsing failure

Bug #1370228 reported by Felix Geyer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

The apparmor init script (and likely the upstart job, but haven't checked) returns exit code 0 even when a profile can't be loaded.

In /lib/apparmor/functions foreach_configured_profile first loads profiles from /etc/apparmor.d and then from /var/lib/apparmor/profiles.
Parsing errors in the first dir are ignored.

The attached patch returns the first non-zero return code or zero if there are no errors.

Tags: patch
Revision history for this message
Felix Geyer (debfx) wrote :
Revision history for this message
Felix Geyer (debfx) wrote :

Tested with apparmor 2.8.96~2652-0ubuntu4.

tags: added: patch
Changed in apparmor (Ubuntu):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.96~2652-0ubuntu5

---------------
apparmor (2.8.96~2652-0ubuntu5) utopic; urgency=medium

  [ Jamie Strandboge ]
  * sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
  * 10-lp1371771.patch: don't exit prematurely and fail to load remaining
    policy if encounter a corrupt cache file (LP: #1371771)
  * 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
    (LP: #1371765)
  * debian/lib/apparmor/functions:
    - don't return 0 on parsing failure. Patch thanks to Felix Geyer
      (LP: #1370228)
    - use xargs -n1 when we don't have cache files, but omit it when we do.
      This allows taking full advantage of xargs -P when we need it most,
      without the cost when we don't.

  [ Steve Beattie ]
  * update_socketpair_tests_for_af_unix.patch,
    fix_socketpair_tests.patch: update socketpair regression tests for
    af_unix socket mediation
 -- Jamie Strandboge <email address hidden> Mon, 22 Sep 2014 09:39:10 -0500

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.