Public bug reported: The `aa-teardown` command fails when unloading my custom profiles containing flags=(kill).
$ lsb_release -rd Description: Ubuntu 24.10 Release: 24.10 $ apt-cache policy apparmor apparmor: Installed: 4.1.0~beta1-0ubuntu3 Candidate: 4.1.0~beta1-0ubuntu3 Version table: *** 4.1.0~beta1-0ubuntu3 500 500 https://gpl.savoirfairelinux.net/pub/mirrors/ubuntu oracular/main amd64 Packages 100 /var/lib/dpkg/status # What happened instead All profiles, both Ubuntu's and mine should be unloaded by aa-teardown. home@daniel-desktop3:~$ cat /etc/apparmor.d/askubuntu1537796 profile askubuntu1537796 /**/docker/**/fd flags=(kill) { } home@daniel-desktop3:~$ # What you expected to happen Only Ubuntu's profiles are unloaded. root@daniel-desktop3:/etc/apparmor.d# aa-teardown Unloading AppArmor profiles /lib/apparmor/apparmor.systemd: 273: printf: printf: I/O error Error: Unloading profile 'askubuntu (kill)' failed /lib/apparmor/apparmor.systemd: 273: printf: printf: I/O error Error: Unloading profile 'askubuntu1537796 (kill)' failed root@daniel-desktop3:/etc/apparmor.d# aa-status apparmor module is loaded. 2 profiles are loaded. 0 profiles are in enforce mode. 0 profiles are in complain mode. 0 profiles are in prompt mode. 2 profiles are in kill mode. askubuntu askubuntu1537796 0 profiles are in unconfined mode. 0 processes have profiles defined. 0 processes are in enforce mode. 0 processes are in complain mode. 0 processes are in prompt mode. 0 processes are in kill mode. 0 processes are unconfined but have a profile defined. 0 processes are in mixed mode. # Workaround root@daniel-desktop3:/sys/kernel/security/apparmor# cat profiles askubuntu1537796 (kill) askubuntu (kill) root@daniel-desktop3:/sys/kernel/security/apparmor# echo -n 'askubuntu1537796' > .remove root@daniel-desktop3:/sys/kernel/security/apparmor# cat profiles askubuntu (kill) root@daniel-desktop3:/sys/kernel/security/apparmor# echo -n 'askubuntu' > .remove root@daniel-desktop3:/sys/kernel/security/apparmor# cat profiles root@daniel-desktop3:/sys/kernel/security/apparmor# aa-teardown Unloading AppArmor profiles root@daniel-desktop3:/sys/kernel/security/apparmor# # Analysis This is because aa-teardown fails to remove the " (kill)" suffix. ProblemType: Bug DistroRelease: Ubuntu 24.10 Package: apparmor 4.1.0~beta1-0ubuntu3 ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature' Uname: Linux 6.13.0-rc5 x86_64 ApportVersion: 2.30.0-0ubuntu4 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: KDE Date: Fri Jan 10 21:47:05 2025 InstallationDate: Installed on 2022-11-05 (798 days ago) InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.13.0-rc5 root=/dev/mapper/vgubuntu-root ro splash vt.handoff=7 SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to oracular on 2025-01-02 (8 days ago) ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug oracular wayland-session ** Description changed: The `aa-teardown` command fails when unloading my custom profiles containing flags=(kill). $ lsb_release -rd Description: Ubuntu 24.10 Release: 24.10 $ apt-cache policy apparmor apparmor: - Installed: 4.1.0~beta1-0ubuntu3 - Candidate: 4.1.0~beta1-0ubuntu3 - Version table: - *** 4.1.0~beta1-0ubuntu3 500 - 500 https://gpl.savoirfairelinux.net/pub/mirrors/ubuntu oracular/main amd64 Packages - 100 /var/lib/dpkg/status + Installed: 4.1.0~beta1-0ubuntu3 + Candidate: 4.1.0~beta1-0ubuntu3 + Version table: + *** 4.1.0~beta1-0ubuntu3 500 + 500 https://gpl.savoirfairelinux.net/pub/mirrors/ubuntu oracular/main amd64 Packages + 100 /var/lib/dpkg/status # What happened instead All profiles, both Ubuntu's and mine should be unloaded by aa-teardown. - home@daniel-desktop3:~$ cat /etc/apparmor.d/askubuntu1537796 + home@daniel-desktop3:~$ cat /etc/apparmor.d/askubuntu1537796 profile askubuntu1537796 /**/docker/**/fd flags=(kill) { } home@daniel-desktop3:~$ # What you expected to happen Only Ubuntu's profiles are unloaded. root@daniel-desktop3:/etc/apparmor.d# aa-teardown Unloading AppArmor profiles /lib/apparmor/apparmor.systemd: 273: printf: printf: I/O error Error: Unloading profile 'askubuntu (kill)' failed /lib/apparmor/apparmor.systemd: 273: printf: printf: I/O error Error: Unloading profile 'askubuntu1537796 (kill)' failed root@daniel-desktop3:/etc/apparmor.d# aa-status apparmor module is loaded. 2 profiles are loaded. 0 profiles are in enforce mode. 0 profiles are in complain mode. 0 profiles are in prompt mode. 2 profiles are in kill mode. - askubuntu - askubuntu1537796 + askubuntu + askubuntu1537796 0 profiles are in unconfined mode. 0 processes have profiles defined. 0 processes are in enforce mode. 0 processes are in complain mode. 0 processes are in prompt mode. 0 processes are in kill mode. 0 processes are unconfined but have a profile defined. 0 processes are in mixed mode. # Workaround root@daniel-desktop3:/sys/kernel/security/apparmor# cat profiles askubuntu1537796 (kill) askubuntu (kill) root@daniel-desktop3:/sys/kernel/security/apparmor# echo -n 'askubuntu1537796' > .remove root@daniel-desktop3:/sys/kernel/security/apparmor# cat profiles askubuntu (kill) root@daniel-desktop3:/sys/kernel/security/apparmor# echo -n 'askubuntu' > .remove root@daniel-desktop3:/sys/kernel/security/apparmor# cat profiles root@daniel-desktop3:/sys/kernel/security/apparmor# aa-teardown Unloading AppArmor profiles root@daniel-desktop3:/sys/kernel/security/apparmor# + # Analysis + + This is because aa-teardown fails to remove the " (kill)" suffix. + ProblemType: Bug DistroRelease: Ubuntu 24.10 Package: apparmor 4.1.0~beta1-0ubuntu3 ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature' Uname: Linux 6.13.0-rc5 x86_64 ApportVersion: 2.30.0-0ubuntu4 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: KDE Date: Fri Jan 10 21:47:05 2025 InstallationDate: Installed on 2022-11-05 (798 days ago) InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020) ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.13.0-rc5 root=/dev/mapper/vgubuntu-root ro splash vt.handoff=7 SourcePackage: apparmor Syslog: - + UpgradeStatus: Upgraded to oracular on 2025-01-02 (8 days ago) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2093797 Title: aa-teardown fails after loading my custom flags=(kill) profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2093797/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
