Hi everyone,
I was experiencing this issue regarding apparmor after upgrading firejail:
opened 06:54PM - 12 Aug 20 UTC
closed 03:14PM - 18 Aug 20 UTC
bug
The /etc/apparmor.d/firejail-default file in the [0.9.62.2 release](https://gith… ub.com/netblue30/firejail/releases/download/0.9.62.2/firejail-0.9.62.2.tar.xz) don't follow [master](https://github.com/netblue30/firejail/blob/master/etc/apparmor/firejail-default#L160) and old releases for the /etc/apparmor.d/local/firejail-local filename, it try to #include <local/firejail-**default**> instead **-local**. Possible to check line 155 in the file etc/firejail-default given in the release.
Also the Makefile.in from the same release don't have [the install line](https://github.com/netblue30/firejail/blob/master/Makefile.in#L133) to copy the firejail-local to /etc/apparmor.d/local/. Check lines 135-140.
**Bug and expected behavior**
- AppArmor parser error for /etc/apparmor.d/firejail-default in /etc/apparmor.d/firejail-default at line 155: Could not open 'local/firejail-default'
- /etc/apparmor.d/local don't have any firejail related files, caused by missing install on Makefile.in, so even changing the firejail-default include to #include <local/firejail-*local*> (like in older releases) will not fix it.
**Environment**
- All tests were done in archlinux.
- The archlinux firejail package is affected by the [apparmor parser error](https://bugs.archlinux.org/task/67558).
**Workaround**
1) Copy [firejail-local from master](https://github.com/netblue30/firejail/blob/master/etc/apparmor/firejail-local) into /etc/apparmor.d/local/ and change the /etc/apparmor.d/firejail-default include (line 155) to:
#include <local/firejail-**local**>
or
2) Create a blank /etc/apparmor.d/local/firejail-default
Holding back that package for now until firejail 0.9.62.4, which is supposed to contain a fix for apparmor.
Thanx again
2 Likes
