https://bugzilla.suse.com/show_bug.cgi?id=1226031 https://bugzilla.suse.com/show_bug.cgi?id=1226031#c19 David Disseldorp <ddiss@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(suse-beta@cboltz. | |de) --- Comment #19 from David Disseldorp <ddiss@suse.com> --- Hi Christian, (In reply to Christian Boltz from comment #18)

The reproducer from https://gitlab.com/apparmor/apparmor/-/issues/400 should be minimal enough ;-)

I just tested it on a 15.6 VM, and got (with the official kernel)

# echo '/t {

...

pivot_root "/tmp/" -> "/tmp/", }' | apparmor_parser -r Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin apparmor_parser: Unable to replace "/t". Profile doesn't conform to protocol

so the fix is indeed needed on 15.6.

Unfortunately your test kernel does not fix the bug:

# uname -a Linux riesling3 6.4.0-150600.1.g6bf1f90-default #1 SMP PREEMPT_DYNAMIC Sun Aug 4 18:19:32 UTC 2024 (6bf1f90) x86_64 x86_64 x86_64 GNU/Linux

Thanks for testing and dumping your kernel version! Unfortunately it seems that the osc_wrapper script that I used to generate the build service project didn't correctly push the latest (aa-patched) source revision. Could you please retry with 6.4.0-150600.1.g10a598f-default from https://build.opensuse.org/repositories/home:ddiss:bsc1226031_aa_policy_unpa... ? It should be published any minute now. Sorry for the mix-up. -- You are receiving this mail because: You are on the CC list for the bug.