<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hi there,</div>
<div> </div>
<div>Today, I upgraded my Debian Bookworm to the latest updates. After that upgrade, apparmor started complaining about certain libvirtd actions. The errors may not be related to the update, but when I was trying to investigate the problem, I noticed that my installation (apparmor 3.0.3-6) does not have the aa-complain and aa-enforce commands in /usr/sbin/ or /sbin/ only aa-status, etc. Is that normal? Any idea how to fix that or how to change into complain-mode? Btw, the installation is only a few weeks old and not much has happened to it.</div>
<div> </div>
<div>Thanks for any help.</div>
<div>Kind regards,</div>
<div>Stefan</div>
<div> </div>
<div> </div>
<div>
<div><strong># systemctl status apparmor</strong><br/>
● apparmor.service - Load AppArmor profiles<br/>
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)<br/>
Active: active (exited) since Mon 2022-01-17 18:37:37 CET; 4h 7min ago<br/>
Docs: man:apparmor(7)<br/>
https://gitlab.com/apparmor/apparmor/wikis/home/<br/>
Main PID: 421 (code=exited, status=0/SUCCESS)<br/>
CPU: 19ms</div>
<div>Jan 17 18:37:37 server2 systemd[1]: Starting Load AppArmor profiles...<br/>
Jan 17 18:37:37 server2 apparmor.systemd[421]: Restarting AppArmor<br/>
Jan 17 18:37:37 server2 apparmor.systemd[421]: Reloading AppArmor profiles<br/>
Jan 17 18:37:37 server2 systemd[1]: Finished Load AppArmor profiles.<br/>
</div>
</div>
<div class="signature"><strong># aa-status</strong><br/>
apparmor module is loaded.<br/>
13 profiles are loaded.<br/>
13 profiles are in enforce mode.<br/>
/usr/bin/man<br/>
/usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session<br/>
/usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session//chromium<br/>
docker-default<br/>
libvirt-bb560a08-0f58-4813-8707-23e0f9885ad3<br/>
libvirtd<br/>
libvirtd//qemu_bridge_helper<br/>
lsb_release<br/>
man_filter<br/>
man_groff<br/>
nvidia_modprobe<br/>
nvidia_modprobe//kmod<br/>
virt-aa-helper<br/>
0 profiles are in complain mode.<br/>
0 profiles are in kill mode.<br/>
0 profiles are in unconfined mode.<br/>
1 processes have profiles defined.<br/>
1 processes are in enforce mode.<br/>
/usr/sbin/libvirtd (23436) libvirtd<br/>
0 processes are in complain mode.<br/>
0 processes are unconfined but have a profile defined.<br/>
0 processes are in mixed mode.<br/>
0 processes are in kill mode.<br/>
</div></div></body></html>