[Apparmor-general] character limits in subprofiles

[Ben Beuchler]

I've encountered what appears to be a known issue, as it's already
fixed in newer releases of Apparmor (either the tools or the kernel...
I'm not sure which).  I'm running Ubuntu 8.0.4 with a 2.6.24 x86_64
kernel and apparmor/apparmor-utils 2.1.

The issue concerns an Apache profile with a large number of hats.
Currently the profile has 216.  After loading the profile and its 216
hats, "apparmor_status --profiled" says only 63 of them are active.
After a bunch of testing, I finally tracked the problem down to the
length of the hat names.  The shorter I made the hat names, the more
profiles would load.  On a lark, I built a test box out with Ubuntu
8.10 (kernel 2.6.27, apparmor 2.3) and the problem went away.

Is this, in fact, a known bug in 2.1?  If so, can you point me to the
documentation of the bug?  I'm hoping to talk the Ubuntu team into
backporting the fix into the 8.0.4 LTS release.

Thanks!

-Ben