This also affects unbound: the name resolution service didn't start (it
was possible to start unbound outside of service management, because it
doesn't look for /run/systemd/notify in that case). I do use dracut.
Upgrading systemd and related packages to 255.4-1ubuntu8.1 (upgrading
udev regenerates the initramfs) fixes it.
Before that, errors looked like:
journalctl -k -b-1 --grep 'apparmor.*unbound'
mai 27 10:02:22 host kernel: audit: type=1400 audit(1716796942.487:146):
apparmor="DENIED" operation="sendmsg" class="file" profile="unbound"
name="/systemd/journal/dev-log" pid=1175 comm="unbound" requested_mask="w"
denied_mask="w" fsuid=0 ouid=0
mai 27 10:02:22 host kernel: audit: type=1400 audit(1716796942.487:147):
apparmor="DENIED" operation="connect" class="file" profile="unbound"
name="/systemd/userdb/io.systemd.DynamicUser" pid=1175 comm="unbound"
requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
mai 27 10:02:22 host kernel: audit: type=1400 audit(1716796942.542:153):
apparmor="DENIED" operation="sendmsg" class="file" profile="unbound"
name="/systemd/notify" pid=1175 comm="unbound" requested_mask="w"
denied_mask="w" fsuid=126 ouid=0
** Also affects: unbound (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064096
Title:
Services fail to start in noble deployed with TPM+FDE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064096/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
