** Patch added: "debdiff for bionic"
   
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+attachment/5682828/+files/apparmor_2.12-4ubuntu5.2.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2024637

Title:
  apparmor.service tries to load snapd generated apparmor profiles but
  fails

Status in apparmor package in Ubuntu:
  New
Status in snapd package in Ubuntu:
  New
Status in apparmor source package in Xenial:
  New
Status in snapd source package in Xenial:
  New
Status in apparmor source package in Bionic:
  New
Status in snapd source package in Bionic:
  New

Bug description:
  As of snapd 2.60, when installed as a snap, snapd includes its own
  vendored apparmor_parser and configuration. As such, it generates
  profiles using newer apparmor features than the system installed
  apparmor may support.

  This is seen as a failure to load the apparmor.service at boot once
  this new snapd snap with the vendored apparmor is installed:

  root@sec-bionic-amd64:~# systemctl status apparmor
  ● apparmor.service - AppArmor initialization
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor 
preset: enabled)
     Active: failed (Result: exit-code) since Thu 2023-06-22 06:51:32 UTC; 8min 
ago
       Docs: man:apparmor(7)
             http://wiki.apparmor.net/
   Main PID: 1590 (code=exited, status=123)

  Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for 
/etc/apparmor.d/usr.lib.snapd.snap-confine.real in 
/var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf.
  Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: Skipping profile in 
/etc/apparmor.d/disable: usr.sbin.rsyslogd
  Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for 
/etc/apparmor.d/usr.lib.snapd.snap-confine.real in 
/var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf.
  Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: Skipping profile in 
/etc/apparmor.d/disable: usr.sbin.rsyslogd
  Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for 
/var/lib/snapd/apparmor/profiles/snap-confine.snapd.19567 in 
/var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf.
  Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for 
/var/lib/snapd/apparmor/profiles/snap-confine.snapd.19567 in 
/var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf.
  Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]:    ...fail!
  Jun 22 06:51:32 sec-bionic-amd64 systemd[1]: apparmor.service: Main process 
exited, code=exited, status=123/n/a
  Jun 22 06:51:32 sec-bionic-amd64 systemd[1]: apparmor.service: Failed with 
result 'exit-code'.
  Jun 22 06:51:32 sec-bionic-amd64 systemd[1]: Failed to start AppArmor 
initialization.

  root@sec-bionic-amd64:~# snap version
  snap    2.60
  snapd   2.60
  series  16
  ubuntu  18.04
  kernel  4.15.0-212-generic
  root@sec-bionic-amd64:~# snap debug sandbox-features --required \
  apparmor:parser:snapd-internal && echo snapd has internal vendored apparmor
  snapd has internal vendored apparmor

  
  In LP: #1871148 apparmor was updated in focal+ to stop loading apparmor 
profiles generated by snapd as since snapd 2.44.3 it has shipped the 
snapd.apparmor.service unit which loads its apparmor profiles on boot.

  apparmor in bionic and xenial should be updated to stop loading snapd
  generated apparmor profiles and instead leave this up to
  snapd.apparmor.service.


  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: apparmor 2.12-4ubuntu5.1
  ProcVersionSignature: Ubuntu 4.15.0-212.223-generic 4.15.18
  Uname: Linux 4.15.0-212-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.29
  Architecture: amd64
  Date: Thu Jun 22 06:52:02 2023
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.15.0-212-generic 
root=UUID=da79cdd1-11be-4719-8482-46ce30623eaa ro quiet splash console=tty1 
console=ttyS0 vt.handoff=1
  PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree': 
'/usr/bin/pstree'
  SourcePackage: apparmor
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to