Source: apparmor
Version: 2.13-2
Severity: normal
Tags: patch
User: [email protected]
Usertags: selinux
Hi,
When updating/installing the apparmor package, the postinstallation
script is creating a bunch of files in /tmp and the moves them in
/etc/apparmor.
If SELinux is enabled on the machine (that can happen as apparmor is now
installed by default) the files get a wrong label.
To fix that you can use the -Z option of the mv command, this is an
option that is available since coreutils 8.22 (which is already in
oldstable).
Could you please apply the attached patch?
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
-- debconf information:
* apparmor/homedirs:
diff -Nru apparmor-2.13/debian/aa-update-browser
apparmor-2.13/debian/aa-update-browser
--- apparmor-2.13/debian/aa-update-browser 2018-07-07 19:15:31.000000000
+0200
+++ apparmor-2.13/debian/aa-update-browser 2018-07-12 11:11:05.000000000
+0200
@@ -139,7 +139,7 @@
rm -f "$tmp"
continue
fi
- mv -f "$tmp" "$dir/$include" || {
+ mv -Z -f "$tmp" "$dir/$include" || {
rm -f "$tmp"
exit 1
}
diff -Nru apparmor-2.13/debian/apparmor.postinst
apparmor-2.13/debian/apparmor.postinst
--- apparmor-2.13/debian/apparmor.postinst 2018-07-07 19:15:31.000000000
+0200
+++ apparmor-2.13/debian/apparmor.postinst 2018-07-12 11:10:41.000000000
+0200
@@ -56,7 +56,7 @@
EOM
fi
mkdir -p /etc/apparmor.d/tunables/home.d 2>/dev/null || true
- mv -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu
+ mv -Z -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu
chmod 644 /etc/apparmor.d/tunables/home.d/ubuntu
if [ ! -e /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local ]; then
@@ -86,7 +86,7 @@
EOM
mkdir -p /etc/apparmor.d/tunables/xdg-user-dirs.d 2>/dev/null ||
true
- mv -n "$tmp" /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
+ mv -Z -n "$tmp" /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
chmod 644 /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
fi
