[Touch-packages] [Bug 2102680] Re: Installation of AppArmor on a 6.14 kernel produces error message "Illegal number: yes"

Claudio da Silva Junior Mon, 12 May 2025 19:10:37 -0700

I change the code to:

check_userns() {
        userns_restricted=$(sysctl -e -n 
kernel.apparmor_restrict_unprivileged_userns)
        unconfined_userns=$([ -f 
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns ] 
&& cat 
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns || 
echo "no")
        if [ -n "$userns_restricted" ] && [ "$userns_restricted" -eq 1 ]; then
                if [ "$unconfined_userns" = "no" ]; then
                        # userns restrictions rely on unconfined userns to be 
supported
                        aa_action "disabling unprivileged userns restrictions 
since unconfined userns is not supported / enabled" \
                                  sysctl -w 
kernel.apparmor_restrict_unprivileged_userns=0
                fi
        fi
}


And don't have more the message.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2102680

Title:
  Installation of AppArmor on a 6.14 kernel produces error message
  "Illegal number: yes"

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  Installing the AppArmor package on a Plucky machine that is running a
  6.14 kernel produces the error message
  "/var/lib/dpkg/info/apparmor.postinst: 148: [: Illegal number: yes".
  This is due to an underlying kernel sysctl
  (/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns)
  changing from a 0/1 integer (semantic boolean) to a "no"/"yes" string
  in Ubuntu's 6.14 kernel, causing our debian/patches/ubuntu/userns-
  runtime-disable.patch to fail because it expects a 0/1 integer. The
  switch to "no"/"yes" will be needed if/when the sysctl is upstreamed.
  As such, we should patch our debian/patches/ubuntu/userns-runtime-
  disable.patch to be robust and handle both 0/1 and "no"/"yes" values
  for the sysctl.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2102680/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2102680] Re: Installation of AppArmor on a 6.14 kernel produces error message "Illegal number: yes"

Reply via email to