<div dir="ltr"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Package: bind9</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Version: 9.11.2.P1-1</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Severity: normal</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Dear Maintainer,</span><br><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">bind9 specifies an apparmor profile like this in d/rules:</span></div><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="font-size:12.8px">    dh_apparmor -pbind9 --profile-name=usr.bin.named</span><br></div><div><span style="text-align:start;text-indent:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-transform:none;white-space:normal;word-spacing:0px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-transform:none;white-space:normal;word-spacing:0px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-transform:none;white-space:normal;word-spacing:0px">But the profile itself is usr.sbin.named:</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-transform:none;white-space:normal;word-spacing:0px"><br></div><div><span style="font-size:12.8px">    debian/extras/apparmor.d/usr.<wbr>sbin.named</span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">This generates an incorrect postinst snippet and the local/ include bit is not generated:</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">(...)</span></div><div><div><span style="font-size:12.8px">if [ "$1" = "configure" ]; then</span></div><div><span style="font-size:12.8px">    APP_PROFILE="/etc/apparmor.d/usr.bin.named"</span></div><div><span style="font-size:12.8px">    if [ -f "$APP_PROFILE" ]; then</span></div><div><span style="font-size:12.8px">        # Add the local/ include</span></div><div><span style="font-size:12.8px">        LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.bin.named"</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">        test -e "$LOCAL_APP_PROFILE" || {</span></div><div><span style="font-size:12.8px">            mkdir -p `dirname "$LOCAL_APP_PROFILE"`</span></div><div><span style="font-size:12.8px">            install --mode 644 /dev/null "$LOCAL_APP_PROFILE"</span></div><div><span style="font-size:12.8px">        }</span></div></div><div>(...)</div><div><br></div><div>APP_PROFILE with the name usr.bin.named does not exist, and the rest of the code isn't run.</div><div><div><br></div><div>Apparmor fails to reload because of the missing local/ file:</div><div><br></div><div># systemctl status apparmor.service</div><div>● apparmor.service - AppArmor initialization</div><div>   Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)</div><div>   Active: failed (Result: exit-code) since Thu 2018-03-15 13:22:40 UTC; 4s ago</div><div>     Docs: man:apparmor(7)</div><div>           <a href="http://wiki.apparmor.net/">http://wiki.apparmor.net/</a></div><div>  Process: 1250 ExecStart=/etc/init.d/apparmor start (code=exited, status=123)</div><div> Main PID: 1250 (code=exited, status=123)</div><div><br></div><div>Mar 15 13:22:40 touching-fish systemd[1]: Starting AppArmor initialization...</div><div>Mar 15 13:22:40 touching-fish apparmor[1250]: Starting AppArmor profiles:AppArmor parser error for /etc/apparmor.d/usr.sbin.named in /etc/apparmor.d/usr.sbin.named at line 69: Could not open 'local/<a href="http://usr.sbin.name">usr.sbin.name</a></div><div>d'</div><div>Mar 15 13:22:40 touching-fish apparmor[1250]: AppArmor parser error for /etc/apparmor.d/usr.sbin.named in /etc/apparmor.d/usr.sbin.named at line 69: Could not open 'local/usr.sbin.named'</div><div>Mar 15 13:22:40 touching-fish apparmor[1250]:  failed!</div><div>Mar 15 13:22:40 touching-fish systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a</div><div>Mar 15 13:22:40 touching-fish systemd[1]: apparmor.service: Failed with result 'exit-code'.</div><div>Mar 15 13:22:40 touching-fish systemd[1]: Failed to start AppArmor initialization.</div></div><div><br></div><div><br></div></span></div></div>