Ubuntu
apparmor package

Bug #2024637
Activity log

Activity log for bug #2024637

Date	Who	What changed	Old value	New value	Message
2023-06-22 06:59:06	Alex Murray	bug			added bug
2023-06-22 07:02:30	Alex Murray	description	As of snapd 2.60, when installed as a snap, snapd includes its own vendored apparmor_parser and configuration. As such, it generates profiles using newer apparmor features than the system installed apparmor may support. In LP: #1871148 apparmor was updated in focal+ to stop loading apparmor profiles generated by snapd as since snapd 2.44.3 it has shipped the snapd.apparmor.service unit which loads its apparmor profiles on boot. apparmor in bionic and xenial should be updated to stop loading snapd generated apparmor profiles and instead leave this up to snapd.apparmor.service. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: apparmor 2.12-4ubuntu5.1 ProcVersionSignature: Ubuntu 4.15.0-212.223-generic 4.15.18 Uname: Linux 4.15.0-212-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.29 Architecture: amd64 Date: Thu Jun 22 06:52:02 2023 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.15.0-212-generic root=UUID=da79cdd1-11be-4719-8482-46ce30623eaa ro quiet splash console=tty1 console=ttyS0 vt.handoff=1 PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree': '/usr/bin/pstree' SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install)	As of snapd 2.60, when installed as a snap, snapd includes its own vendored apparmor_parser and configuration. As such, it generates profiles using newer apparmor features than the system installed apparmor may support. This is seen as a failure to load the apparmor.service at boot once this new snapd snap with the vendored apparmor is installed: root@sec-bionic-amd64:~# systemctl status apparmor ● apparmor.service - AppArmor initialization Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2023-06-22 06:51:32 UTC; 8min ago Docs: man:apparmor(7) http://wiki.apparmor.net/ Main PID: 1590 (code=exited, status=123) Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for /etc/apparmor.d/usr.lib.snapd.snap-confine.real in /var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf. Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for /etc/apparmor.d/usr.lib.snapd.snap-confine.real in /var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf. Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for /var/lib/snapd/apparmor/profiles/snap-confine.snapd.19567 in /var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf. Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: AppArmor parser error for /var/lib/snapd/apparmor/profiles/snap-confine.snapd.19567 in /var/lib/snapd/apparmor/snap-confine/cap-bpf at line 2: Invalid capability bpf. Jun 22 06:51:32 sec-bionic-amd64 apparmor[1590]: ...fail! Jun 22 06:51:32 sec-bionic-amd64 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a Jun 22 06:51:32 sec-bionic-amd64 systemd[1]: apparmor.service: Failed with result 'exit-code'. Jun 22 06:51:32 sec-bionic-amd64 systemd[1]: Failed to start AppArmor initialization. root@sec-bionic-amd64:~# snap version snap 2.60 snapd 2.60 series 16 ubuntu 18.04 kernel 4.15.0-212-generic root@sec-bionic-amd64:~# snap debug sandbox-features --required \ apparmor:parser:snapd-internal && echo snapd has internal vendored apparmor snapd has internal vendored apparmor In LP: #1871148 apparmor was updated in focal+ to stop loading apparmor profiles generated by snapd as since snapd 2.44.3 it has shipped the snapd.apparmor.service unit which loads its apparmor profiles on boot. apparmor in bionic and xenial should be updated to stop loading snapd generated apparmor profiles and instead leave this up to snapd.apparmor.service. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: apparmor 2.12-4ubuntu5.1 ProcVersionSignature: Ubuntu 4.15.0-212.223-generic 4.15.18 Uname: Linux 4.15.0-212-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.29 Architecture: amd64 Date: Thu Jun 22 06:52:02 2023 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.15.0-212-generic root=UUID=da79cdd1-11be-4719-8482-46ce30623eaa ro quiet splash console=tty1 console=ttyS0 vt.handoff=1 PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree': '/usr/bin/pstree' SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install)
2023-06-22 07:14:45	Alex Murray	nominated for series		Ubuntu Xenial
2023-06-22 07:14:45	Alex Murray	bug task added		apparmor (Ubuntu Xenial)
2023-06-22 07:14:45	Alex Murray	nominated for series		Ubuntu Bionic
2023-06-22 07:14:45	Alex Murray	bug task added		apparmor (Ubuntu Bionic)
2023-06-22 07:59:13	Alex Murray	bug task added		snapd (Ubuntu)
2023-06-29 10:59:01	Alex Murray	attachment added		debdiff for bionic https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+attachment/5682828/+files/apparmor_2.12-4ubuntu5.2.debdiff
2023-06-29 11:16:30	Alex Murray	attachment added		xenial debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+attachment/5682832/+files/apparmor_2.10.95-0ubuntu2.12.debdiff
2023-06-29 11:16:43	Alex Murray	apparmor (Ubuntu Xenial): importance	Undecided	High
2023-06-29 11:16:45	Alex Murray	apparmor (Ubuntu Bionic): importance	Undecided	High
2023-06-29 11:16:48	Alex Murray	apparmor (Ubuntu Xenial): assignee		Alex Murray (alexmurray)
2023-06-29 11:16:50	Alex Murray	apparmor (Ubuntu Bionic): assignee		Alex Murray (alexmurray)
2023-06-29 11:16:57	Alex Murray	apparmor (Ubuntu Xenial): status	New	In Progress
2023-06-29 11:16:59	Alex Murray	apparmor (Ubuntu Bionic): status	New	In Progress
2023-06-29 12:18:17	Ubuntu Foundations Team Bug Bot	tags	amd64 apport-bug bionic	amd64 apport-bug bionic patch
2023-06-30 00:14:29	Alex Murray	attachment added		bionic debdiff with corrected version number https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+attachment/5682930/+files/apparmor_2.12-4ubuntu5.3.debdiff
2023-06-30 00:15:37	Alex Murray	attachment removed	debdiff for bionic https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2024637/+attachment/5682828/+files/apparmor_2.12-4ubuntu5.2.debdiff
2023-07-03 01:16:31	Launchpad Janitor	apparmor (Ubuntu Bionic): status	In Progress	Fix Released
2023-07-03 01:16:33	Launchpad Janitor	apparmor (Ubuntu Xenial): status	In Progress	Fix Released
2023-08-22 14:18:35	Launchpad Janitor	apparmor (Ubuntu): status	New	Confirmed
2023-08-22 14:18:35	Launchpad Janitor	snapd (Ubuntu): status	New	Confirmed
2023-08-22 14:18:35	Launchpad Janitor	snapd (Ubuntu Xenial): status	New	Confirmed
2023-08-22 14:18:35	Launchpad Janitor	snapd (Ubuntu Bionic): status	New	Confirmed

Ubuntuapparmor package

Activity log for bug #2024637

Ubuntu
apparmor package