[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1085064: font-manager: AppArmor profile requires abi/4.0, which is not provided by the apparmor packages

Package: font-manager
Version: 0.9.0-3+b1
Severity: normal

Dear Maintainer,

The apparmor.service unit failed during startup. The unit status as reported by
systemctl:

doas systemctl status apparmor.service
× apparmor.service - Load AppArmor profiles
     Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; preset:
enabled)
     Active: failed (Result: exit-code) since Sun 2024-10-13 17:48:50 CDT;
11min ago
 Invocation: deb1049d88684b7a8479c3c57dea28c4
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 33190 ExecStart=/lib/apparmor/apparmor.systemd reload
(code=exited, status=1/FAILURE)
   Main PID: 33190 (code=exited, status=1/FAILURE)
   Mem peak: 7M
        CPU: 169ms

Oct 13 17:48:49 lukahn systemd[1]: Starting apparmor.service - Load AppArmor
profiles...
Oct 13 17:48:50 lukahn apparmor.systemd[33190]: Restarting AppArmor
Oct 13 17:48:50 lukahn apparmor.systemd[33190]: Reloading AppArmor profiles
Oct 13 17:48:50 lukahn apparmor.systemd[33198]: AppArmor parser error for
/etc/apparmor.d in profile /etc/apparmor.d/font-manager at line 4: Could not
open 'abi/4.0': No s>
Oct 13 17:48:50 lukahn apparmor.systemd[33213]: Skipping profile in
/etc/apparmor.d/disable: usr.bin.thunderbird
Oct 13 17:48:50 lukahn apparmor.systemd[33190]: Error: At least one profile
failed to load
Oct 13 17:48:50 lukahn systemd[1]: apparmor.service: Main process exited,
code=exited, status=1/FAILURE
Oct 13 17:48:50 lukahn systemd[1]: apparmor.service: Failed with result 'exit-
code'.
Oct 13 17:48:50 lukahn systemd[1]: Failed to start apparmor.service - Load
AppArmor profiles.

The file as it was at that time:

cat /etc/apparmor.d/font-manager
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"

abi <abi/4.0>,
include <tunables/global>

profile font-manager /usr/bin/font-manager flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/font-manager>
}

If I am understanding the AppArmor website correctly, this abi/4.0 profile will
ship with AppArmor 4.0 but that is not yet included in the debian testing
distro:

doas apt info apparmor
Package: apparmor
Version: 3.1.7-1+b1
Priority: optional
Section: admin
Source: apparmor (3.1.7-1)
Maintainer: Debian AppArmor Team <pkg-apparmor-team@lists.alioth.debian.org>
Installed-Size: 2655 kB
Depends: debconf, debconf (>= 0.5) | debconf-2.0, libc6 (>= 2.38)
Suggests: apparmor-profiles-extra, apparmor-utils
Breaks: apparmor-profiles-extra (<< 1.21), fcitx-data (<< 1:4.2.9.1-1ubuntu2),
snapd (<< 2.44.3+20.04~)
Replaces: fcitx-data (<< 1:4.2.9.1-1ubuntu2)
Homepage: https://apparmor.net/
Tag: admin::user-management, implemented-in::ruby, role::program,
 security::privacy
Download-Size: 618 kB
APT-Manual-Installed: yes
APT-Sources: http://mirrors.wikimedia.org/debian testing/main amd64 Packages
Description: user-space parser utility for AppArmor
 apparmor provides the system initialization scripts needed to use the
 AppArmor Mandatory Access Control system, including the AppArmor Parser
 which is required to convert AppArmor text profiles into machine-readable
 policies that are loaded into the kernel for use with the AppArmor Linux
 Security Module.

It also seems to be unsupported in sid too, according to this:
https://packages.debian.org/sid/apparmor


-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.10.11-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages font-manager depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4+b2
ii  font-manager-common                          0.9.0-3+b1
ii  font-viewer                                  0.9.0-3+b1
ii  libadwaita-1-0                               1.6.0-1
ii  libc6                                        2.40-3
ii  libglib2.0-0t64                              2.82.1-1
ii  libgtk-4-1                                   4.16.3+ds-1
ii  libjson-glib-1.0-0                           1.10.0+ds-2
ii  libpango-1.0-0                               1.54.0+ds-2
ii  libsoup-3.0-0                                3.6.0-2
ii  libsqlite3-0                                 3.46.0-1
ii  libwebkitgtk-6.0-4                           2.46.0-2

font-manager recommends no packages.

Versions of packages font-manager suggests:
ii  file-roller        44.3-1
pn  nemo-font-manager  <none>
ii  yelp               42.2-1+b2

-- no debconf information
Reply to: