Ubuntu
tcpdump package

/sbin/apparmor_parser: ... Profile doesn't conform to protocol

Bug #429872 reported by Paul Sladen
26
This bug affects 3 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Low
Kees Cook
Ubuntu ubuntu-9.10
Karmic
Fix Released
Low
Kees Cook
Ubuntu ubuntu-9.10
cups (Ubuntu)
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned
dhcp3 (Ubuntu)
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned
evince (Ubuntu)
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned
gdm-guest-session (Ubuntu)
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned
tcpdump (Ubuntu)
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: tcpdump

/sbin/apparmor_parser: Unable to replace "/usr/share/gdm/guest-session/Xsession". Profile doesn't conform to protocol
/sbin/apparmor_parser: Unable to replace "/usr/bin/evince". Profile doesn't conform to protocol
/sbin/apparmor_parser: Unable to replace "/sbin/dhclient3". Profile doesn't conform to protocol
/sbin/apparmor_parser: Unable to replace "/usr/sbin/tcpdump". Profile doesn't conform to protocol
/sbin/apparmor_parser: Unable to replace "/usr/share/gdm/guest-session/Xsession". Profile doesn't conform to protocol
/sbin/apparmor_parser: Unable to replace "/sbin/dhclient3". Profile doesn't conform to protocol
/sbin/apparmor_parser: Unable to replace "/usr/lib/cups/backend/cups-pdf". Profile doesn't conform to protocol

See original description
Paul Sladen (sladen)
description: updated
Revision history for this message
Martin-Éric Racine (q-funk) wrote :

This problem has already been reported for at least some of the packages involved.

The real issue is changes in the Linux kernel security model which, in turn, require a slightly different syntax for AppArmor rules. Those rules are not 100% compatible with those needed for 2.6.28 kernels used when upgrading from Jaunty.

affects: cups-pdf (Ubuntu) → cups (Ubuntu)
Till Kamppeter (till-kamppeter)
Changed in cups (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Revision history for this message
Martin Pitt (pitti) wrote :

This is a very common bug report, see e. g. bug 429863 or bug 429880.

Instead of trying to work arond this in a bazillion packages, is it possible to catch that situation in AppArmor itself and disable itself until the next boot into the karmic kernel?

Changed in cups (Ubuntu):
assignee: Martin Pitt (pitti) → nobody
Changed in apparmor (Ubuntu):
importance: Undecided → High
status: New → Triaged
Changed in apparmor (Ubuntu Karmic):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Revision history for this message
Martin Pitt (pitti) wrote :

I keep the other tasks open for now, but if it is possible to fix this centrally in apparmor, they can be invalidated.

Most packages either reload apparmor or call apparmor_parser -r "$APP_PROFILE".

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is a known issue and something that is being worked on. Assigning to John and will follow-up with him.

Changed in apparmor (Ubuntu Karmic):
assignee: Ubuntu Security Team (ubuntu-security) → John Johansen (jjohansen)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Based on converstion in #ubuntu-devel on IRC, this can and will be handled in apparmor. Invalidating the other bugs.

Changed in cups (Ubuntu Karmic):
status: New → Invalid
Changed in dhcp3 (Ubuntu Karmic):
status: New → Invalid
Changed in evince (Ubuntu Karmic):
status: New → Invalid
Changed in gdm-guest-session (Ubuntu Karmic):
status: New → Invalid
Changed in tcpdump (Ubuntu Karmic):
status: New → Invalid
Kees Cook (kees)
Changed in apparmor (Ubuntu Karmic):
assignee: John Johansen (jjohansen) → Kees Cook (kees)
milestone: none → ubuntu-9.10-beta
importance: High → Low
milestone: ubuntu-9.10-beta → ubuntu-9.10
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.3.1+1403-0ubuntu23

---------------
apparmor (2.3.1+1403-0ubuntu23) karmic; urgency=low

  [ Kees Cook ]
  * Really fix quiet mode in initramfs (LP: #435285).
  * Handle older kernel versions when loading profiles (LP: #429872):
    - parser/parser_{interface,main}.c: detect kernel version and downgrade.
    - debian/apparmor.functions, parser/parser_main.c: keep kernel features
      recorded in cache directory.
    - parser/parser_{interface,main}.c: add --skip-kernel-load for testing.
    - parser/tst/caching.*: add caching tests.
  [ Jamie Strandboge ]
  * abstractions/audio: add a few more files for pulseaudio

 -- Kees Cook <email address hidden> Fri, 25 Sep 2009 09:54:01 -0700

Changed in apparmor (Ubuntu Karmic):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.