I'm not aware of any way to get the apparmor.service to print out what profile it is working on without actually modifying the service
however your dmesg does show the reason for the failure, it looks like the apparmor_parser is being killed by the oom killer [ 5986.338089] [13520] 0 13520 3056587 3053749 24539136 0 0 apparmor_parser [ 5986.338090] Out of memory: Kill process 13520 (apparmor_parser) score 646 or sacrifice child [ 5986.338095] Killed process 13520 (apparmor_parser) total-vm:12226348kB, anon-rss:12214996kB, file-rss:0kB, shmem-rss:0kB we should be able to narrow down which profile is causing the problem by comparing the set of profiles being reported as loaded to those that are on the system. We can then manually run the apparmor_parser to see which profile is using some much memory to compile -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1830502 Title: apparmor fails to start with no parser errors Status in apparmor package in Ubuntu: New Bug description: On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]: ...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:05:25 apparmor[4747]: ...fail! May 25 17:05:25 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:05:25 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:05:25 systemd[1]: Failed to start AppArmor initialization. I can see that apparmor profiles are active after doing this (using aa-status), but it's still troubling that apparmor runs into an issue without actually saying what the error is. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1830502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
