|
Size: 2400
Comment: no more navigation on top level pages
|
← Revision 33 as of 2020-02-01 12:13:30 ⇥
Size: 4115
Comment: cleanup, condense, remove duplicate link
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| This pages provides information on reporting bugs against packages related to '''AppArmor''' or packages that ship !AppArmor profiles. |
|
| Line 2: | Line 4: |
---- == Diagnose == Please follow the [[AppArmor/Debug#Diagnose_if_a_bug_might_have_been_caused_by_AppArmor|debug]] steps to know if your bug might have been caused by !AppArmor If you think a bug is really caused by a malfunctioning !AppArmor profile, read on. |
|
| Line 5: | Line 16: |
| When reporting bugs which might involve a malfunctioning !AppArmor profile, one should always provide the logs, and in particular the lines containing "DENIED": | Provide the log lines containing `DENIED`: |
| Line 7: | Line 18: |
| {{{sudo tail -f /var/log/syslog | grep DENIED}}} | {{{ # from the systemd journal sudo journalctl -kaf --no-hostname | grep -w 'apparmor="DENIED"' # if systemd-journald is not running sudo tail -f /var/log/auditd/auditd.log /var/log/syslog | grep -w 'apparmor="DENIED"' }}} |
| Line 9: | Line 25: |
| or (if auditd is installed): {{{ sudo tail -f /var/log/auditd/auditd.log | grep 'DENIED' }}} Find out more on how to [[AppArmor/Debug | inspect and debug]] !AppArmor profiles and processes. |
|
| Line 16: | Line 28: |
| If you think you've found a bug in an !AppArmor profile provided either by [[DebianPts:apparmor-profiles-extra | apparmor-profiles-extra]] or a software in Debian which ships its own profile, you might want to report a bug against one of these packages. | If you think you've found a bug in an !AppArmor profile provided either by [[DebianPts:apparmor-profiles-extra | apparmor-profiles-extra]] or a Debian package which ships its own profile, you should report a bug against one of these packages. |
| Line 18: | Line 30: |
| However as the Debian Bug Tracking System ist package-centric, only the package maintainers will be automatically made aware you reported this bug. That is why we kindly ask you to [[bugs.debian.org/usertags#Add_usertags_to_bugs | add a usertag to your bug report]], so that the Debian !AppArmor Packaging Team will also be notified if !AppArmor is involved or if you need help diagnosing this very fact. | However as the Debian Bug Tracking System is package-centric, only the package maintainers will be automatically made aware of your bug report. That is why we kindly ask you to [[bugs.debian.org/usertags#Add_usertags_to_bugs | add a usertag to your bug report]], so that the Debian !AppArmor Packaging Team is notified as well. Then we can help you check if !AppArmor is involved, and to fix the bug if that's the case. |
| Line 20: | Line 32: |
| * [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team%40lists.alioth.debian.org|See all usertags for user pkg-apparmor-team AT lists.alioth.debian.org]] | See [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team%40lists.alioth.debian.org|all usertags for user pkg-apparmor-team AT lists.alioth.debian.org]]. |
| Line 22: | Line 34: |
| We have agreed to use certain usertags on the BTS. Please use these tags when you can, as follows: | We have agreed to use certain tags. Please tag with the user pkg-apparmor-team@lists.alioth.debian.org and use the following tags: |
| Line 24: | Line 36: |
| * use the tag ''help-needed'', to request help for initial diagnosis. | * use the tag ''help-needed'', to request help for initial diagnosis |
| Line 26: | Line 38: |
| * ''merge-to-upstream'' * ''modify-profile'' * ''merge-from-upstream'' * ''new-profile'' * ''patch'' * ''platform'' |
* use the tag ''merge-to-upstream'' if an !AppArmor profile has been modified for Debian and changes should be merged back upstream * use the tag ''modify-profile'' if a package maintainer should modify an already shipped profile. This implies that changes should be merged upstream and into the Debian package. * use the tag ''merge-from-upstream'' if you want to request an update to a shipped !AppArmor profile to include upstream improvements * use the tag ''new-profile'' if you want to request that a new profile is included, or if you work on this new profile and try to get it merged upstream * use the tag ''platform'' if you encounter problems with !AppArmor support in any related tool (systemd, auditd, syslog, etc.) If you see the need for another tag not listed here, please contact us. |
| Line 41: | Line 54: |
| usertags 12345 merge-to-upstream | usertags #123456 + merge-to-upstream thanks |
| Line 44: | Line 58: |
| where "12345" is your bug number and "merge-to-upstream" the tag you want to add to the bug. |
where "123456" is your bug number, and "merge-to-upstream" the tag you want to add to the bug. There can be multiple lines with different usertags in such an email. Delete a usertag like this: {{{ user pkg-apparmor-team@lists.alioth.debian.org usertags #123456 - merge-to-upstream thanks }}} This would delete the tag "merge-to-upstream" on bug number #123456 |
| Line 49: | Line 74: |
| The `bts`command is provided by the [[DebianPts:devscripts | devscripts]] package. | The `bts` command is provided by the [[DebianPts:devscripts | devscripts]] package. |
| Line 52: | Line 77: |
| bts user pkg-apparmor-team@lists.alioth.debian.org . usertags 12345 merge-to-upstream | bts user pkg-apparmor-team@lists.alioth.debian.org . usertags #123456 + merge-to-upstream |
| Line 55: | Line 80: |
| where "12345" is your bug number and "merge-to-upstream" the tag you want to add to the bug. |
where "123456" is your bug number, and "merge-to-upstream" the tag you want to add to the bug. == Bugs related to AppArmor == * Bugs in [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]] * Bugs in the DebianPts:apparmor package. * Usertagged [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team@lists.alioth.debian.org|bugs]] * [[DebianBug:777034]]] ---- CategorySystemSecurity |
This pages provides information on reporting bugs against packages related to AppArmor or packages that ship AppArmor profiles.
Contents
Diagnose
Please follow the debug steps to know if your bug might have been caused by AppArmor
If you think a bug is really caused by a malfunctioning AppArmor profile, read on.
Provide logs and inspect AppArmor's state on the system
Provide the log lines containing DENIED:
# from the systemd journal sudo journalctl -kaf --no-hostname | grep -w 'apparmor="DENIED"' # if systemd-journald is not running sudo tail -f /var/log/auditd/auditd.log /var/log/syslog | grep -w 'apparmor="DENIED"'
Usertags
If you think you've found a bug in an AppArmor profile provided either by apparmor-profiles-extra or a Debian package which ships its own profile, you should report a bug against one of these packages.
However as the Debian Bug Tracking System is package-centric, only the package maintainers will be automatically made aware of your bug report. That is why we kindly ask you to add a usertag to your bug report, so that the Debian AppArmor Packaging Team is notified as well. Then we can help you check if AppArmor is involved, and to fix the bug if that's the case.
See all usertags for user pkg-apparmor-team AT lists.alioth.debian.org.
We have agreed to use certain tags. Please tag with the user pkg-apparmor-team@lists.alioth.debian.org and use the following tags:
use the tag help-needed, to request help for initial diagnosis
use the tag buggy-profile if AppArmor has been identified as culprit
use the tag merge-to-upstream if an AppArmor profile has been modified for Debian and changes should be merged back upstream
use the tag modify-profile if a package maintainer should modify an already shipped profile. This implies that changes should be merged upstream and into the Debian package.
use the tag merge-from-upstream if you want to request an update to a shipped AppArmor profile to include upstream improvements
use the tag new-profile if you want to request that a new profile is included, or if you work on this new profile and try to get it merged upstream
use the tag platform if you encounter problems with AppArmor support in any related tool (systemd, auditd, syslog, etc.)
If you see the need for another tag not listed here, please contact us.
Quick how to usertag a bug
By email
Basically, you would send an email to control@bugs.debian.org with the following content:
user pkg-apparmor-team@lists.alioth.debian.org usertags #123456 + merge-to-upstream thanks
where "123456" is your bug number, and "merge-to-upstream" the tag you want to add to the bug.
There can be multiple lines with different usertags in such an email.
Delete a usertag like this:
user pkg-apparmor-team@lists.alioth.debian.org usertags #123456 - merge-to-upstream thanks
This would delete the tag "merge-to-upstream" on bug number #123456
Using the CLI
The bts command is provided by the devscripts package.
bts user pkg-apparmor-team@lists.alioth.debian.org . usertags #123456 + merge-to-upstream
where "123456" is your bug number, and "merge-to-upstream" the tag you want to add to the bug.
Bugs related to AppArmor
Bugs in the packages we maintain
Bugs in the apparmor package.
Usertagged bugs