Ubuntu
apparmor package

  1. Bug #466315
  2. Comment #10

Comment 10 for bug 466315

Revision history for this message
Jamie Strandboge (jdstrand) wrote : Re: bind9 jaunty to karmic upgrade causes initial apparmor audit with openssl.cnf, seems fixed by installing apparmor-profiles but not really

Ok, I now know the problem. What is happening is that the AppArmor profile for 9.10 added this line to the profile:
  /etc/ssl/openssl.cnf r,

On upgrade, the package reloads the profile with (see debian/bind9.postinst):
  apparmor_parser -r "$APP_PROFILE" || true

This was fine up until apparmor in 9.10 added cache files (which was after this change was made). When you install apparmor-profiles, it restarts apparmor via the initscript, which regenerates all the cache files. So apparmor-profiles has nothing to do with it-- it just happened to trigger regenerating the cache files.

I believe the fix to be to change the postinst script to have:
  apparmor_parser -T -W -r "$APP_PROFILE" || true

This will force writing of the cache and should fix this. LaMont, can you handle this in your next upload for Lucid?