← Back to team overview

touch-packages team mailing list archive

[Bug 1444356] Re: apparmor fails to initialise at startup

 

@ Jamie Strandboge

If you think this bug is different than critical, please set it to the
priority you consider appropriate.

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1444356

Title:
  apparmor fails to initialise at startup

Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  apparmor is failing to intitialise and start.  Systemctl status -l
  apparmor.service output is:

  sudo systemctl status -l apparmor.service

  ● apparmor.service - LSB: AppArmor initialization
     Loaded: loaded (/etc/init.d/apparmor)
     Active: failed (Result: exit-code) since Wed 2015-04-15 09:41:55 BST; 29s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 4016 ExecStart=/etc/init.d/apparmor start (code=exited, status=123)

  Apr 15 09:41:55 super-R720 systemd[1]: Starting LSB: AppArmor initialization...
  Apr 15 09:41:55 super-R720 apparmor[4016]: * Starting AppArmor profiles
  Apr 15 09:41:55 super-R720 apparmor[4016]: AppArmor parser error for /etc/apparmor.d/usr.bin.evince in /etc/apparmor.d/usr.bin.evince at line 14: Could not open 'abstractions/evince'
  Apr 15 09:41:55 super-R720 apparmor[4016]: AppArmor parser error for /etc/apparmor.d/usr.bin.evince in /etc/apparmor.d/usr.bin.evince at line 14: Could not open 'abstractions/evince'
  Apr 15 09:41:55 super-R720 apparmor[4016]: ...fail!
  Apr 15 09:41:55 super-R720 systemd[1]: apparmor.service: control process exited, code=exited status=123
  Apr 15 09:41:55 super-R720 systemd[1]: Failed to start LSB: AppArmor initialization.
  Apr 15 09:41:55 super-R720 systemd[1]: Unit apparmor.service entered failed state.
  Apr 15 09:41:55 super-R720 systemd[1]: apparmor.service failed.

  Not secure if one app fails and thus the whole of apparmor!

  Output of journalctl -xe

  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
  -- 
  -- Unit apparmor.service has failed.
  -- 
  -- The result is failed.
  Apr 15 09:41:55 super-R720 systemd[1]: Unit apparmor.service entered failed stat
  Apr 15 09:41:55 super-R720 systemd[1]: apparmor.service failed.
  Apr 15 09:41:55 super-R720 polkitd(authority=local)[1197]: Unregistered Authenti
  Apr 15 09:41:55 super-R720 sudo[4010]: pam_unix(sudo:session): session closed fo
  Apr 15 09:42:11 super-R720 sudo[4121]: super : TTY=pts/1 ; PWD=/home/super ; USE
  Apr 15 09:42:11 super-R720 sudo[4121]: pam_unix(sudo:session): session opened fo
  Apr 15 09:42:11 super-R720 sudo[4121]: pam_unix(sudo:session): session closed fo
  Apr 15 09:42:25 super-R720 sudo[4123]: super : TTY=pts/1 ; PWD=/home/super ; USE
  Apr 15 09:42:25 super-R720 sudo[4123]: pam_unix(sudo:session): session opened fo
  Apr 15 09:42:25 super-R720 sudo[4123]: pam_unix(sudo:session): session closed fo
  Apr 15 09:43:59 super-R720 wpa_supplicant[1230]: wlan0: WPA: Group rekeying comp
  Apr 15 09:44:50 super-R720 kernel: [UFW BLOCK] IN=wlan0 OUT= MAC=00:26:c6:19:f1:
  Apr 15 09:44:50 super-R720 kernel: [UFW BLOCK] IN=wlan0 OUT= MAC=00:26:c6:19:f1:
  Apr 15 09:44:52 super-R720 kernel: [UFW BLOCK] IN=wlan0 OUT= MAC=00:26:c6:19:f1:
  Apr 15 09:50:10 super-R720 polkitd(authority=local)[1197]: Operator of unix-sess
  Apr 15 09:50:10 super-R720 pkexec[4587]: pam_unix(polkit-1:session): session ope
  Apr 15 09:50:10 super-R720 pkexec[4587]: pam_ck_connector(polkit-1:session): can
  Apr 15 09:50:10 super-R720 pkexec[4587]: super: Executing command [USER=root] [T
  lines 2814-2836/2836 (END)
  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
  -- 
  -- Unit apparmor.service has failed.
  -- 
  -- The result is failed.
  Apr 15 09:41:55 super-R720 systemd[1]: Unit apparmor.service entered failed state.
  Apr 15 09:41:55 super-R720 systemd[1]: apparmor.service failed.
  Apr 15 09:41:55 super-R720 polkitd(authority=local)[1197]: Unregistered Authentication Agent for unix-process:4011:564372 (system bus name :1.6
  Apr 15 09:41:55 super-R720 sudo[4010]: pam_unix(sudo:session): session closed for user root
  Apr 15 09:42:11 super-R720 sudo[4121]: super : TTY=pts/1 ; PWD=/home/super ; USER=root ; COMMAND=/bin/systemctl status apparmor.service
  Apr 15 09:42:11 super-R720 sudo[4121]: pam_unix(sudo:session): session opened for user root by super(uid=0)
  Apr 15 09:42:11 super-R720 sudo[4121]: pam_unix(sudo:session): session closed for user root
  Apr 15 09:42:25 super-R720 sudo[4123]: super : TTY=pts/1 ; PWD=/home/super ; USER=root ; COMMAND=/bin/systemctl status -l apparmor.service
  Apr 15 09:42:25 super-R720 sudo[4123]: pam_unix(sudo:session): session opened for user root by super(uid=0)
  Apr 15 09:42:25 super-R720 sudo[4123]: pam_unix(sudo:session): session closed for user root
  Apr 15 09:43:59 super-R720 wpa_supplicant[1230]: wlan0: WPA: Group rekeying completed with 00:1b:2f:40:85:86 [GTK=TKIP]
  Apr 15 09:44:50 super-R720 kernel: [UFW BLOCK] IN=wlan0 OUT= MAC=00:26:c6:19:f1:04:00:1b:2f:40:85:86:08:00 SRC=216.58.208.67 DST=192.168.0.2 LE
  Apr 15 09:44:50 super-R720 kernel: [UFW BLOCK] IN=wlan0 OUT= MAC=00:26:c6:19:f1:04:00:1b:2f:40:85:86:08:00 SRC=216.58.208.67 DST=192.168.0.2 LE
  Apr 15 09:44:52 super-R720 kernel: [UFW BLOCK] IN=wlan0 OUT= MAC=00:26:c6:19:f1:04:00:1b:2f:40:85:86:08:00 SRC=216.58.208.72 DST=192.168.0.2 LE
  Apr 15 09:50:10 super-R720 polkitd(authority=local)[1197]: Operator of unix-session:c2 successfully authenticated as unix-user:super to gain ON
  Apr 15 09:50:10 super-R720 pkexec[4587]: pam_unix(polkit-1:session): session opened for user root by super(uid=1000)
  Apr 15 09:50:10 super-R720 pkexec[4587]: pam_ck_connector(polkit-1:session): cannot determine display-device
  Apr 15 09:50:10 super-R720 pkexec[4587]: super: Executing command [USER=root] [TTY=/dev/pt

  distro is ubuntu-studio beta1 devel (upgraded and dist-upgraded).

  Description:	Ubuntu Vivid Vervet (development branch)
  Release:	15.04

  uname -a

  Linux super-R720 3.19.0-13-lowlatency #13-Ubuntu SMP PREEMPT Thu Apr 9
  23:27:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

  I expected apparmor service to start
  I expected apparmor service to warn if not started
  I expected apparmor service to fail gracefully, warning on the failure to start of single apps and starting anyway to provide me with at least some security

  What happened instead:

  apparmor service failed to start completely.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: apparmor 2.9.1-0ubuntu9
  ProcVersionSignature: Ubuntu 3.19.0-13.13-lowlatency 3.19.3
  Uname: Linux 3.19.0-13-lowlatency x86_64
  ApportVersion: 2.17-0ubuntu2
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Wed Apr 15 09:49:54 2015
  InstallationDate: Installed on 2015-03-22 (23 days ago)
  InstallationMedia: Ubuntu-Studio 15.04 "Vivid Vervet" - Alpha amd64 (20150224)
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.19.0-13-lowlatency root=/dev/mapper/fedora-root ro quiet splash threadirqs vt.handoff=7
  SourcePackage: apparmor
  Syslog:
   
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1444356/+subscriptions