[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

Sun, 22 May 2022 23:43:02 -0700 

Thanks Etienne, this is a bit surprising! Do I understand correctly,
that on the slower machine (where you are seeing this bug) you will not
be able to start firefox until you have run that apparmor_parser
command? Not even if you try starting firefox well after the login?

It's strange, because your logs show that the apparmor.service unit was
started can you please also attach the output of these commands:

    sudo systemctl status apparmor
    sudo journalctl -b _SYSTEMD_UNIT=apparmor.service + SYSLOG_IDENTIFIER=audit

And then also this (make sure you haven't previously started firefox in
this boot):

    SNAPD_DEBUG=1 firefox

And after that, let's have a look at the full system log (I have no
clear idea what to look for, actually, but maybe I'll spot something
suspicious):

    sudo journalctl -b

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1871148

Title:
  services start before apparmor profiles are loaded

Status in AppArmor:
  Invalid
Status in snapd:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released
Status in snapd package in Ubuntu:
  Fix Released
Status in zsys package in Ubuntu:
  Invalid
Status in apparmor source package in Focal:
  Fix Released
Status in snapd source package in Focal:
  Fix Released
Status in zsys source package in Focal:
  Invalid

Bug description:
  Per discussion with Zyga in #snapd on Freenode, I have hit a race
  condition where services are being started by the system before
  apparmor has been started. I have a complete log of my system showing
  the effect somewhere within at https://paste.ubuntu.com/p/Jyx6gfFc3q/.
  Restarting apparmor using `sudo systemctl restart apparmor` is enough
  to bring installed snaps back to full functionality.

  Previously, when running any snap I would receive the following in the
  terminal:

  ---
  cannot change profile for the next exec call: No such file or directory
  snap-update-ns failed with code 1: File exists
  ---

  Updated to add for Jamie:

  $ snap version
  snap    2.44.2+20.04
  snapd   2.44.2+20.04
  series  16
  ubuntu  20.04
  kernel  5.4.0-21-generic

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to