++ sudo DEBIAN_FRONTEND=noninteractive http_proxy= https_proxy= no_proxy= apt-ge

1. ++ sudo DEBIAN_FRONTEND=noninteractive http_proxy= https_proxy= no_proxy= apt-get --option Dpkg::Options::=--force-confold --assume-yes install apparmor-utils
2. Reading package lists... Done
3. Building dependency tree
4. Reading state information... Done
5. apparmor-utils is already the newest version.
6. 0 upgraded, 0 newly installed, 0 to remove and 84 not upgraded.
7. ++ sudo aa-complain /etc/apparmor.d/usr.sbin.libvirtd
8. Traceback (most recent call last):
9. File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2910, in parse_profile_data
10. re.compile(p_re)
11. File "/usr/lib/python3.4/re.py", line 219, in compile
12. return _compile(pattern, flags)
13. File "/usr/lib/python3.4/re.py", line 288, in _compile
14. p = sre_compile.compile(pattern, flags)
15. File "/usr/lib/python3.4/sre_compile.py", line 465, in compile
16. p = sre_parse.parse(p, flags)
17. File "/usr/lib/python3.4/sre_parse.py", line 751, in parse
18. raise error("unbalanced parenthesis")
19. sre_constants.error: unbalanced parenthesis
20.  
21. During handling of the above exception, another exception occurred:
22.  
23. Traceback (most recent call last):
24. File "/usr/sbin/aa-complain", line 30, in <module>
25. tool.cmd_complain()
26. File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 154, in cmd_complain
27. apparmor.read_profiles()
28. File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2594, in read_profiles
29. read_profile(profile_dir + '/' + file, True)
30. File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2620, in read_profile
31. profile_data = parse_profile_data(data, file, 0)
32. File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2912, in parse_profile_data
33. raise AppArmorException(_('Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s') % { 'path': path, 'file': file, 'line': lineno + 1 })
34. apparmor.common.AppArmorException: 'Syntax Error: Invalid Regex @{PROC}/{*,**^[0-9*],sys/kernel/shm*} in file: /etc/apparmor.d/docker line: 16'
35.  
36.  
37.  
38. gal@gal-ThinkPad-X230:/opt/stack$ more /etc/apparmor.d/docker
39.  
40.  
41. #include <tunables/global>
42.  
43.  
44. profile docker-default flags=(attach_disconnected,mediate_deleted) {
45.  
46. #include <abstractions/base>
47.  
48.  
49. network,
50. capability,
51. file,
52. umount,
53.  
54. # deny @{PROC}/{*,**^[0-9*],sys/kernel/shm*} wkx,
55. deny @{PROC}/sysrq-trigger rwklx,
56. deny @{PROC}/mem rwklx,
57. deny @{PROC}/kmem rwklx,
58. deny @{PROC}/kcore rwklx,
59.  
60. deny mount,
61.  
62. deny /sys/[^f]*/** wklx,
63. deny /sys/f[^s]*/** wklx,
64. deny /sys/fs/[^c]*/** wklx,
65. deny /sys/fs/c[^g]*/** wklx,
66. deny /sys/fs/cg[^r]*/** wklx,
67. deny /sys/firmware/efi/efivars/** rwklx,
68. deny /sys/kernel/security/** rwklx,
69. }