Am 30.04.2018 um 07:34 schrieb Frank Krüger:
Am 30.04.2018 um 01:33 schrieb Christian Boltz:
Hello,
Am Sonntag, 29. April 2018, 19:36:08 CEST schrieb Frank Krüger:
Given Tumbleweed 20180424 with apparmor 2.13 the command "aa-logprof" (as root)bhangs, with the error messages
File "/usr/sbin/aa-logprof", line 54, in <module> apparmor.loadincludes() File "/usr/lib/python3.6/site-packages/apparmor/aa.py", line 3569, in loadincludes load_include(fi) File "/usr/lib/python3.6/site-packages/apparmor/aa.py", line 3532, in load_include incdata = parse_profile_data(data, incfile, True) File "/usr/lib/python3.6/site-packages/apparmor/aa.py", line 2509, in parse_profile_data elif not RE_RULE_HAS_COMMA.search(line):
Is this a known issue?
No, that sounds new to me. (Also, aa-logprof shouldn't run for several minutes, maybe except if you have a really big logfile > 100 MB, and for sure it shouldn't spend minutes in load_include.)
That said - I was able to reproduce the problem, and wonder why it didn't hit me before.
The biggest change in 2.13 [1] is support for shipping precompiled cache and having multiple cache directories. This also comes with a new cache directory layout, including a new symlink /etc/apparmor.d/cache.d pointing to the real cache directory.
Exactly that symlink causes the problem you see, because aa-logprof tries to parse all (binary) files in /etc/apparmor.d/cache.d/ :-(
@Patrick: If you are unable to reproduce this bug, your profiles probably match exactly the upstream profiles, so /etc/apparmor.d/cache.d/ (symlink to /var/cache/apparmor/) is empty and only the precompiled cache in /usr/share/apparmor/cache/ gets used. An additional condition is that you don't have profiles installed by other packages (which don't include precompiled cache yet).
Thank you for the speedy fix. Using python3-apparmor from the security apparmor repo, it works as expected:
The issue is fixed with TW20180429.Thx. Regards, Frank -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org