tunable/global not found

On Tue, Mar 22, 2022 at 05:25:52PM -0000, alexandra wrote:
> New question #701036 on apparmor in Ubuntu:
> https://answers.launchpad.net/ubuntu/+source/apparmor/+question/701036
>
> I have created and installed a profile using Bane. When I try to set the profile in a complain mode, I get the following error:
> "include file /etc/apparmod.d/tunable/global not found".

Is this message cut-and-pasted from the output? There's a typo there
in /etc/apparmo_d_.d/ ; apparmor policy is stored by default in
/etc/apparmor.d/ (note apparmo_r_.d not apparmo_d_.d).

> However, the profile includes <tunables/global>.
> any idea why i am getting this error?

If the output is really referencing /etc/apparmor.d/tunable/global
and claiming it is not found then you'll need to ensure that file
exists; the policy parser can't include a file that does not exist,
which is what the message above is trying to tell you.

--
Steve Beattie
<email address hidden>

Argh, apologies, I did not mean for Launchpad to change the state to Answered, and I don't see how to re-open it. Please do follow up on this question. Thanks and sorry you're having difficulties.

"include file /etc/apparmod.d/tunable/global not found".
"However, the profile includes <tunables/global>."

One of them states "tunable" and the other "tunables" with an "s" at the end.
Typo error in the conf file or in this question document?

The profile that i created includes tunables/global (with as "s" at the end)
When i am trying to set it to complain mode, i get the following output:

"ERROR: Include file /etc/apparmor.d/tunable/global not found"

if you notice this is without the "s" at the end of the word tunable

What is the output of the command

grep -s tunabl /etc/apparmor/*.conf /etc/apparmor.d/* /etc/apparmor.d/*/*

ealepou@seroiuvd11444[08:48][etc/apparmor.d/containers]$ grep -s tunabl /etc/apparmor/*.conf /etc/apparmor.d/* /etc/apparmor.d/*/*
/etc/apparmor.d/alexandra.json:#include <tunable/global>
/etc/apparmor.d/k8s-apparmor-ealepou:#include <tunable/global>
/etc/apparmor.d/lxc-containers:#include <tunables/global>
/etc/apparmor.d/sbin.dhclient:#include <tunables/global>
/etc/apparmor.d/usr.bin.evince:#include <tunables/global>
/etc/apparmor.d/usr.bin.firefox:#include <tunables/global>
/etc/apparmor.d/usr.bin.lxc-start:#include <tunables/global>
/etc/apparmor.d/usr.bin.man:#include <tunables/global>
/etc/apparmor.d/usr.lib.libreoffice.program.oosplash:#include <tunables/global>
/etc/apparmor.d/usr.lib.libreoffice.program.senddoc:#include <tunables/global>
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin:#include <tunables/global>
/etc/apparmor.d/usr.lib.libreoffice.program.xpdfimport:#include <tunables/global>
/etc/apparmor.d/usr.lib.snapd.snap-confine.real:#include <tunables/global>
/etc/apparmor.d/usr.sbin.cups-browsed:#include <tunables/global>
/etc/apparmor.d/usr.sbin.cupsd:#include <tunables/global>
/etc/apparmor.d/usr.sbin.ippusbxd:#include <tunables/global>
/etc/apparmor.d/usr.sbin.ntpd:#include <tunables/global>
/etc/apparmor.d/usr.sbin.ntpd:#include <tunables/ntpd>
/etc/apparmor.d/usr.sbin.rsyslogd:#include <tunables/global>
/etc/apparmor.d/usr.sbin.tcpdump:#include <tunables/global>
/etc/apparmor.d/containers/docker-istio-init-sample:#include <tunables/global>
/etc/apparmor.d/disable/alexandra.json:#include <tunable/global>
/etc/apparmor.d/disable/k8s-apparmor-ealepou:#include <tunable/global>
/etc/apparmor.d/disable/usr.bin.firefox:#include <tunables/global>
/etc/apparmor.d/disable/usr.sbin.rsyslogd:#include <tunables/global>
/etc/apparmor.d/tunables/apparmorfs:#include <tunables/securityfs>
/etc/apparmor.d/tunables/global:# All the tunables definitions that should be available to every profile
/etc/apparmor.d/tunables/global:#include <tunables/home>
/etc/apparmor.d/tunables/global:#include <tunables/multiarch>
/etc/apparmor.d/tunables/global:#include <tunables/proc>
/etc/apparmor.d/tunables/global:#include <tunables/alias>
/etc/apparmor.d/tunables/global:#include <tunables/kernelvars>
/etc/apparmor.d/tunables/global:#include <tunables/xdg-user-dirs>
/etc/apparmor.d/tunables/home:# Also, include files in tunables/home.d for site-specific adjustments to
/etc/apparmor.d/tunables/home:#include <tunables/home.d>
/etc/apparmor.d/tunables/multiarch:# Also, include files in tunables/multiarch.d for site and packaging
/etc/apparmor.d/tunables/multiarch:#include <tunables/multiarch.d>
/etc/apparmor.d/tunables/securityfs:#include <tunables/sys>
/etc/apparmor.d/tunables/xdg-user-dirs:# Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments
/etc/apparmor.d/tunables/xdg-user-dirs:#include <tunables/xdg-user-dirs.d>

I have created the below profiles , but they were both incorrect. I couldn't remove them, so i have disabled them
/etc/apparmor.d/alexandra.json:#include <tunable/global>
/etc/apparmor.d/k8s-apparmor-ealepou:#include <tunable/global>

/etc/apparmor.d/alexandra.json:#include <tunable/global>
/etc/apparmor.d/k8s-apparmor-ealepou:#include <tunable/global>

These are the culprits. They say "tunable" instead of "tunables"

You have to correct or remove them. That probably needs sudo.