edubuntu-bugs team mailing list archive

Thread
Date
[Bug 2109937] Re: [SRU] syntax error in apparmor profile

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Robert Krátký <2109937@xxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Oct 2025 12:04:31 -0000
Reply-to: Bug 2109937 <2109937@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
** Description changed:

  [SRU]
  
  [ Impact ]
  
-  * AppArmor profile for 'marble' misformatted, which causes:
+  * AppArmor profile for 'marble' misformatted, which causes:
  
-    - Profile fails to load on package installation.
-    - AppArmor cannot be restarted (profiles cannot be reloaded because of the faulty profile installed by marble).
+    - Profile fails to load on package installation.
+    - AppArmor cannot be restarted (profiles cannot be reloaded because of the faulty profile installed by marble).
  
-  * The suggested upload [1] includes a simple fix to the profile.
+  * The suggested upload [1] includes a simple fix to the profile.
  
  [ Test Plan ]
  
-  * Reproducing the bug:
+  * Reproducing the bug:
  
-    1. Install the latest avail. version of package 'marble':
+    1. Install the latest avail. version of package 'marble':
  
-       - 4:24.12.3-0ubuntu1 on Plucky, or
-       - 4:25.08.1-0ubuntu1 on Questing/Resolute
+       - 4:24.12.3-0ubuntu1 on Plucky, or
+       - 4:25.08.1-0ubuntu1 on Questing/Resolute
  
  Output on Plucky:
  
  $ sudo apt update
  $ sudo apt install marble
  [snip]
  Setting up marble (4:24.12.3-0ubuntu1) ...
  Installing new version of config file /etc/apparmor.d/usr.bin.marble ...
  AppArmor parser error for /etc/apparmor.d/usr.bin.marble in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE
  
-    2. Try to restart AppArmor:
+    2. Try to restart AppArmor:
  
  $ sudo systemctl restart apparmor
  Job for apparmor.service failed because the control process exited with error code.
  See "systemctl status apparmor.service" and "journalctl -xeu apparmor.service" for details.
  
  $ sudo systemctl status apparmor.service
  × apparmor.service - Load AppArmor profiles
  [snip]
  Oct 16 16:40:42 marble2510 systemd[1]: Starting apparmor.service - Load AppArmor profiles...
  Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Restarting AppArmor
  Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Reloading AppArmor profiles
  Oct 16 16:40:42 marble2510 apparmor.systemd[15780]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting>
  Oct 16 16:40:42 marble2510 apparmor.systemd[15631]: Error: At least one profile failed to load
  Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
  Oct 16 16:40:42 marble2510 systemd[1]: apparmor.service: Failed with result 'exit-code'.
  Oct 16 16:40:42 marble2510 systemd[1]: Failed to start apparmor.service - Load AppArmor profiles.
  
-  * Fix:
+  * Fix:
  
-    * Modifying the AppArmor profile as suggested in the prepared MPs
+    * Modifying the AppArmor profile as suggested in the prepared MPs
  against Plucky [3], Questing [2], and Resolute [1], fixes the problem:
  marble installs without errors, and AppArmor can (re)load all profiles
  as expected.
  
-    * That the fix works can be tested by following the above
+    * That the fix works can be tested by following the above
  instructions for reproducing after installing:
  
-      - 4:24.12.3-0ubuntu2 from plucky-proposed (when [3] is merged)
-      - 4:25.08.1-0ubuntu2 from questing-proposed (when [2] is merged)
-      - 4:25.08.1-0ubuntu2 from devel-proposed (when [1] is merged)
+      - 4:24.12.3-0ubuntu1.1 from plucky-proposed (when [3] is merged)
+      - 4:25.08.1-0ubuntu1.1 from questing-proposed (when [2] is merged)
+      - 4:25.08.1-0ubuntu2 from devel-proposed (when [1] is merged)
  
  [ Where problems could occur ]
  
-  * A faulty AppArmor profile (that can be loaded and allows the app to
+  * A faulty AppArmor profile (that can be loaded and allows the app to
  run) could introduce a security problem. Given that the suggested fix
  does not modify the access control (i.e. does not add, remove, or change
  the defined rules in the profile, which had already been merged before)
  and only fixes syntax, I believe this potential problem does not apply
  in this case.
  
-    Also, this profile is the same as a working profile in a number of
+    Also, this profile is the same as a working profile in a number of
  other packages that already are a part of the distribution. For example:
  
-    - plasma-welcome: https://git.launchpad.net/ubuntu/+source/plasma-welcome/tree/debian/plasma-welcome-apparmor
-    - digikam: https://git.launchpad.net/ubuntu/+source/digikam/tree/debian/digikam-apparmor
-    - cantor: https://git.launchpad.net/ubuntu/+source/cantor/tree/debian/cantor-apparmor
-    - and others
+    - plasma-welcome: https://git.launchpad.net/ubuntu/+source/plasma-welcome/tree/debian/plasma-welcome-apparmor
+    - digikam: https://git.launchpad.net/ubuntu/+source/digikam/tree/debian/digikam-apparmor
+    - cantor: https://git.launchpad.net/ubuntu/+source/cantor/tree/debian/cantor-apparmor
+    - and others
  
  [ Other Info ]
  
-  * Tested with the same results (both the bug and the fix) on Plucky and
+  * Tested with the same results (both the bug and the fix) on Plucky and
  Questing.
  
-  * PPA with the fix for testing purposes is at [3].
+  * PPA with the fix for testing purposes is at [3].
  
-  * The package has one autopkgtest, but it's disabled
+  * The package has one autopkgtest, but it's disabled
  (control.disabled), so not reporting on that.
  
  [1] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494463
  [2] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494466
  [3] https://code.launchpad.net/~rkratky/ubuntu/+source/marble/+git/marble/+merge/494465
  [4] https://launchpad.net/~rkratky/+archive/ubuntu/marble-fix-lp2109937-apparmor
  
  [ Original Description ]
  
  Hi,
  
  here is the problem:
  
  $ journalctl | grep marble
  May 03 21:33:06 vougeot apparmor.systemd[1385]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.bin.marble at line 33: syntax error, unexpected TOK_ID, expecting TOK_MODE
  
  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: marble 4:24.12.3-0ubuntu1
  Uname: Linux 6.14.4-061404-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Sun May  4 23:14:23 2025
  SourcePackage: marble
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to marble in Ubuntu.
https://bugs.launchpad.net/bugs/2109937

Title:
  [SRU] syntax error in apparmor profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/marble/+bug/2109937/+subscriptions
References

[Bug 2109937] [NEW] syntax error in apparmor profile
From: Laurent Bonnaud, 2025-05-04