This is still blocking on Ubuntu 24.04. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2078467
Title: aa-enforce /etc/apparmor.d/* - Error Status in apparmor package in Ubuntu: Confirmed Bug description: Executing "aa-enforce /etc/apparmor.d/*" does not work on Ubuntu 24.04. There is already an upstream fix (https://gitlab.com/apparmor/apparmor/-/merge_requests/1218/diffs?commit_id=6f9e841e74f04cac78da71fd2e8af3f973af94fc). Suspect more will run into this issue now when the CIS Benchmark for Ubuntu 24.04 was released this week. Description: Ubuntu 24.04.1 LTS Release: 24.04 ----------------------------------- root@ubuntu2404:/etc/apparmor.d# dpkg -l |grep apparmor ii apparmor 4.0.1really4.0.0-beta3-0ubuntu0.1 amd64 user-space parser utility for AppArmor ii apparmor-profiles 4.0.1really4.0.0-beta3-0ubuntu0.1 all experimental profiles for AppArmor security policies ii apparmor-utils 4.0.1really4.0.0-beta3-0ubuntu0.1 all utilities for controlling AppArmor ii libapparmor1:amd64 4.0.1really4.0.0-beta3-0ubuntu0.1 amd64 changehat AppArmor library ii python3-apparmor 4.0.1really4.0.0-beta3-0ubuntu0.1 all AppArmor Python3 utility library ii python3-libapparmor 4.0.1really4.0.0-beta3-0ubuntu0.1 amd64 AppArmor library Python3 bindings ----------------------------------- ----------------------------------- root@ubuntu2404:/etc/apparmor.d# aa-enforce /etc/apparmor.d/* Setting /etc/apparmor.d/1password to enforce mode. Traceback (most recent call last): File "/usr/sbin/aa-enforce", line 33, in <module> tool.cmd_enforce() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 134, in cmd_enforce for (program, prof_filename, output_name) in self.get_next_for_modechange(): File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 97, in get_next_for_modechange aaui.UI_Info(_('Profile for %s not found, skipping') % output_name) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: 'NoneType' object is not callable An unexpected error occurred! For details, see /tmp/apparmor-bugreport-yi5o6kwm.txt Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues and attach this file. ------------------------------------- Workaround is to edit /usr/lib/python3/dist-packages/apparmor/tools.py as the upstream fix suggests. - for (program, _, prof_filename) in self.get_next_to_profile(): + for (program, _ignored, prof_filename) in self.get_next_to_profile(): - for (program, _, prof_filename) in self.get_next_to_profile(): + for (program, _ignored, prof_filename) in self.get_next_to_profile(): Then it works: root@ubuntu2404:/etc/apparmor.d# vim /usr/lib/python3/dist-packages/apparmor/tools.py root@ubuntu2404:/etc/apparmor.d# aa-enforce /etc/apparmor.d/* Setting /etc/apparmor.d/1password to enforce mode. Profile for /etc/apparmor.d/abi not found, skipping Profile for /etc/apparmor.d/abstractions not found, skipping Profile for /etc/apparmor.d/apache2.d not found, skipping Setting /etc/apparmor.d/bin.ping to enforce mode. Setting /etc/apparmor.d/brave to enforce mode. Setting /etc/apparmor.d/buildah to enforce mode. Setting /etc/apparmor.d/busybox to enforce mode. Setting /etc/apparmor.d/cam to enforce mode. Setting /etc/apparmor.d/ch-checkns to enforce mode. Setting /etc/apparmor.d/chrome to enforce mode. Setting /etc/apparmor.d/ch-run to enforce mode. Setting /etc/apparmor.d/code to enforce mode. Setting /etc/apparmor.d/crun to enforce mode. Setting /etc/apparmor.d/devhelp to enforce mode. Profile for /etc/apparmor.d/disable not found, skipping Setting /etc/apparmor.d/Discord to enforce mode. Setting /etc/apparmor.d/element-desktop to enforce mode. Setting /etc/apparmor.d/epiphany to enforce mode. Setting /etc/apparmor.d/evolution to enforce mode. Setting /etc/apparmor.d/firefox to enforce mode. Setting /etc/apparmor.d/flatpak to enforce mode. Profile for /etc/apparmor.d/force-complain not found, skipping Setting /etc/apparmor.d/geary to enforce mode. Setting /etc/apparmor.d/github-desktop to enforce mode. Setting /etc/apparmor.d/goldendict to enforce mode. Setting /etc/apparmor.d/ipa_verify to enforce mode. Setting /etc/apparmor.d/kchmviewer to enforce mode. Setting /etc/apparmor.d/keybase to enforce mode. Setting /etc/apparmor.d/lc-compliance to enforce mode. Setting /etc/apparmor.d/libcamerify to enforce mode. Setting /etc/apparmor.d/linux-sandbox to enforce mode. Profile for /etc/apparmor.d/local not found, skipping Setting /etc/apparmor.d/loupe to enforce mode. Setting /etc/apparmor.d/lsb_release to enforce mode. Setting /etc/apparmor.d/lxc-attach to enforce mode. Setting /etc/apparmor.d/lxc-create to enforce mode. Setting /etc/apparmor.d/lxc-destroy to enforce mode. Setting /etc/apparmor.d/lxc-execute to enforce mode. Setting /etc/apparmor.d/lxc-stop to enforce mode. Setting /etc/apparmor.d/lxc-unshare to enforce mode. Setting /etc/apparmor.d/lxc-usernsexec to enforce mode. Setting /etc/apparmor.d/mmdebstrap to enforce mode. Setting /etc/apparmor.d/MongoDB_Compass to enforce mode. Setting /etc/apparmor.d/msedge to enforce mode. Setting /etc/apparmor.d/nautilus to enforce mode. Setting /etc/apparmor.d/notepadqq to enforce mode. Setting /etc/apparmor.d/nvidia_modprobe to enforce mode. Setting /etc/apparmor.d/obsidian to enforce mode. Setting /etc/apparmor.d/opam to enforce mode. Setting /etc/apparmor.d/opera to enforce mode. Setting /etc/apparmor.d/pageedit to enforce mode. Setting /etc/apparmor.d/php-fpm to enforce mode. Setting /etc/apparmor.d/plasmashell to enforce mode. Setting /etc/apparmor.d/podman to enforce mode. Setting /etc/apparmor.d/polypane to enforce mode. Setting /etc/apparmor.d/privacybrowser to enforce mode. Setting /etc/apparmor.d/qcam to enforce mode. Setting /etc/apparmor.d/qmapshack to enforce mode. Setting /etc/apparmor.d/QtWebEngineProcess to enforce mode. Setting /etc/apparmor.d/qutebrowser to enforce mode. Setting /etc/apparmor.d/rootlesskit to enforce mode. Setting /etc/apparmor.d/rpm to enforce mode. Setting /etc/apparmor.d/rssguard to enforce mode. Profile for /etc/apparmor.d/rsyslog.d not found, skipping Setting /etc/apparmor.d/runc to enforce mode. Setting /etc/apparmor.d/samba-bgqd to enforce mode. Setting /etc/apparmor.d/samba-dcerpcd to enforce mode. Setting /etc/apparmor.d/samba-rpcd to enforce mode. Setting /etc/apparmor.d/samba-rpcd-classic to enforce mode. Setting /etc/apparmor.d/samba-rpcd-spoolss to enforce mode. Setting /etc/apparmor.d/sbin.klogd to enforce mode. Setting /etc/apparmor.d/sbin.syslogd to enforce mode. Setting /etc/apparmor.d/sbin.syslog-ng to enforce mode. Setting /etc/apparmor.d/sbuild to enforce mode. Setting /etc/apparmor.d/sbuild-abort to enforce mode. Setting /etc/apparmor.d/sbuild-adduser to enforce mode. Setting /etc/apparmor.d/sbuild-apt to enforce mode. Setting /etc/apparmor.d/sbuild-checkpackages to enforce mode. Setting /etc/apparmor.d/sbuild-clean to enforce mode. Setting /etc/apparmor.d/sbuild-createchroot to enforce mode. Setting /etc/apparmor.d/sbuild-destroychroot to enforce mode. Setting /etc/apparmor.d/sbuild-distupgrade to enforce mode. Setting /etc/apparmor.d/sbuild-hold to enforce mode. Setting /etc/apparmor.d/sbuild-shell to enforce mode. Setting /etc/apparmor.d/sbuild-unhold to enforce mode. Setting /etc/apparmor.d/sbuild-update to enforce mode. Setting /etc/apparmor.d/sbuild-upgrade to enforce mode. Setting /etc/apparmor.d/scide to enforce mode. Setting /etc/apparmor.d/signal-desktop to enforce mode. Setting /etc/apparmor.d/slack to enforce mode. Setting /etc/apparmor.d/slirp4netns to enforce mode. Setting /etc/apparmor.d/steam to enforce mode. Setting /etc/apparmor.d/stress-ng to enforce mode. Setting /etc/apparmor.d/surfshark to enforce mode. Setting /etc/apparmor.d/systemd-coredump to enforce mode. Setting /etc/apparmor.d/thunderbird to enforce mode. Setting /etc/apparmor.d/toybox to enforce mode. Setting /etc/apparmor.d/trinity to enforce mode. Profile for /etc/apparmor.d/tunables not found, skipping Setting /etc/apparmor.d/tup to enforce mode. Setting /etc/apparmor.d/tuxedo-control-center to enforce mode. Setting /etc/apparmor.d/ubuntu_pro_apt_news to enforce mode. Setting /etc/apparmor.d/ubuntu_pro_esm_cache to enforce mode. Setting /etc/apparmor.d/unix-chkpwd to enforce mode. Setting /etc/apparmor.d/unprivileged_userns to enforce mode. Setting /etc/apparmor.d/userbindmount to enforce mode. Setting /etc/apparmor.d/usr.bin.man to enforce mode. Setting /etc/apparmor.d/usr.bin.tcpdump to enforce mode. Setting /etc/apparmor.d/usr.lib.snapd.snap-confine.real to enforce mode. Setting /etc/apparmor.d/usr.sbin.avahi-daemon to enforce mode. Setting /etc/apparmor.d/usr.sbin.chronyd to enforce mode. Setting /etc/apparmor.d/usr.sbin.dnsmasq to enforce mode. Setting /etc/apparmor.d/usr.sbin.identd to enforce mode. Setting /etc/apparmor.d/usr.sbin.mdnsd to enforce mode. Setting /etc/apparmor.d/usr.sbin.nmbd to enforce mode. Setting /etc/apparmor.d/usr.sbin.nscd to enforce mode. Setting /etc/apparmor.d/usr.sbin.rsyslogd to enforce mode. Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode. Setting /etc/apparmor.d/usr.sbin.smbldap-useradd to enforce mode. Setting /etc/apparmor.d/usr.sbin.traceroute to enforce mode. Setting /etc/apparmor.d/uwsgi-core to enforce mode. Setting /etc/apparmor.d/vdens to enforce mode. Setting /etc/apparmor.d/virtiofsd to enforce mode. Setting /etc/apparmor.d/vivaldi-bin to enforce mode. Setting /etc/apparmor.d/vpnns to enforce mode. Setting /etc/apparmor.d/wpcom to enforce mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2078467/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
