[Apparmor-dev] "Profile doesn't conform to protocol" error
John Johansen
jjohansen at suse.de
Wed Jan 23 12:54:02 MST 2008
On Tue, Jan 22, 2008 at 03:13:02PM -0200, Andreas Hasenack wrote:
> Hi all,
>
> we are attempting to have apparmor working with kernel 2.6.24rc8. The
> first attempt was at grabbing SuSE's patches from factory.
>
Ugh, I am sorry to say those are actually broken at the moment and
I haven't had time to update them.
> So far we only managed to get it working with an MM kernel (2.6.24rc4mm1
> + apparmor patches). In the other (our 2.6.24rc8), the error message
> while trying to load the profile is:
>
> [root at localhost ~]# service apparmor restart
> Reloading AppArmor profiles /sbin/apparmor_parser: Unable to replace
> "/bin/netstat". Profile doesn't conform to protocol
> Profile /etc/apparmor.d/bin.netstat failed to load
> /sbin/apparmor_parser: Unable to replace "/bin/ping". Profile doesn't
> conform to protocol
> Profile /etc/apparmor.d/bin.ping failed to load
>
> (...)
>
> Does this signal some version problem between kernel level and user
> level? Or is it something else? This happens with our 2.6.24rc8, which
> has the (somewhat older it seems) SuSE patches and userlevel svn
> revision 1076. The same profiles load fine with the 2.6.24rc4mm1 kernel.
Your parser and module are out of sync. The mm patchset contains several
new features and needs a new parser.
I am pulling together a revised AppArmor 2.1 release today that will be
release as AppArmor 2.1.1 which will include kernel patches for 2.6.16,
2.6.22, 2.6.23, and 2.6.24. Along with some bug fixes (there are a
couple of patches yet to be checked in).
Currently the development branches parser is only compatible with the
development module. The current goal is to do a new AppArmor 2.3
release (skipping 2.2 to fix some versioning problems), around mid feb.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20080123/19140154/attachment.pgp
More information about the Apparmor-dev
mailing list