Comment # 16 on bug 881762 from Tony Pattison

Hi Christian,
I fully accept your comments.

To further the troubleshooting I have tried other archived OpenSUSE versions:

v11.4
The clients are called NovelApparmor and work (ie. do not remove the #include
<tunabvles/global> line, or should I say, they re-write it when writing out the
file). And they look like what is mentioned in the online documentation
(https://activedoc.opensuse.org/book/opensuse-security-guide/chapter-21-building-and-managing-profiles-with-yast).

v12.1
The clients are now called by their modern names (ie. no mention of Novel) and
also work.

v12.2
This is where the clients stoip working (ie. when it re-writes the file in
misses out the #include <tunabvles/global> line.

The versions in question are:
Opensuse version 12.1 (yast2-apparmr works) 
yast2-apparmor version 2.21.5-2.1.2-noarch (installed from
Opensuse-12.1-12.1.1.4)
perl-apparmor version 2.7.2-3.6.1-x86_64 (installed from
Opensuse-12.1-12.1.1.4)

Opensus version 12.2 (yast2-apparmor broken)
yast2-apparmor version 2.22.2-2.1.1-noarch (Installed from Opensuse-12.2-1.6)
perl-apparmor version 2.8.0-2.4.1-x86_64 (Installed from Opensuse-12.2-1.6)

So it's somewhere between these two versions that the bug originally entered
(when everything was still either Perl or ycp).

v12.3
As we already know, this is also broken.



One final thing before allowing this to rest;

 I note that in the old "NovelApparmor" days, there was no directory called
"/etc/apparmor.d/local/" which is, I assume, why the present yast2-apparmor
does not allow you to select this directory when adding a new entry. The
offending line appears to be in
"/usr/share/YaST2/include/apparmor/profile_dialog.rb" line number 1308 -

        validIncludes = [
            "/etc/apparmor.d/abstractions",
            "/etc/apparmor.d/program-chunks",
            "/etc/apparmor.d/tunables"

Which I suspect it already on your (long) todo list.

Cheers
Tony