*** This bug is a duplicate of bug 2064144 ***
https://bugs.launchpad.net/bugs/2064144
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2067443
Title:
Several apparmor profiles fail to enable after upgrading to noble
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
I started investigating why after upgrading to noble Brave (the
browser) won't start. Noticed something is wrong with apparmor:
# aa-enforce brave
ERROR: Can't parse mount rule mount options=(rw, make-slave) -> **,
This makes no sense because the profile doesn't contain almost
anything:
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi <abi/4.0>,
include <tunables/global>
profile brave /opt/brave.com/brave/brave flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/brave>
}
Brave needs only the userns, the rest of the rules are irrelevant.
Verified this by sudo sysctl -w
kernel.apparmor_restrict_unprivileged_userns=0, which fixed that issue
as an ugly hack.
Then I started looking at what aa-status tells me, and the amount of
loaded/enforced profiles looks incorrect:
35 profiles are loaded.
33 profiles are in enforce mode.
I think there were 70+ loaded and enforced profiles before the system
upgrade. The profile files seem to be around, but they just don't
work. Apparently many profiles don't load because of the mount rule
issue?
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: apparmor 4.0.0-beta3-0ubuntu3
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: KDE
Date: Wed May 29 06:42:47 2024
InstallationDate: Installed on 2021-08-02 (1030 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.8.0-31-generic
root=UUID=9d876767-ca94-4fa2-9a12-ece62ac1141d ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
2024-05-29T06:11:06.594368+03:00 nuc dbus-daemon[1087]: [system] AppArmor
D-Bus mediation is enabled
2024-05-29T06:11:09.222685+03:00 nuc dbus-daemon[1809]: [session uid=140
pid=1809] AppArmor D-Bus mediation is enabled
2024-05-29T06:11:29.141193+03:00 nuc dbus-daemon[2628]: [session uid=1000
pid=2628] AppArmor D-Bus mediation is enabled
UpgradeStatus: Upgraded to noble on 2024-05-29 (0 days ago)
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2024-03-30T10:43:24.749002
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2067443/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
