[pkg-apparmor] Bug#959811: apparmor: Failed to start Load AppArmor profiles
Marco
marco98 at gmail.com
Tue May 5 17:44:35 BST 2020
Package: apparmor
Version: 2.13.4-1+b1
Severity: normal
Dear Maintainer,
* What led up to the situation?
I was getting an error message when starting apparmor:
# systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2020-05-05 13:02:26 -03; 2min 3s ago
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
Main PID: 6936 (code=exited, status=1/FAILURE)
systemd[1]: Starting Load AppArmor profiles...
apparmor.systemd[6936]: Restarting AppArmor
apparmor.systemd[6936]: Reloading AppArmor profiles
apparmor.systemd[6955]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/abstractions/authentication at line 49: Could not open 'abstractions/smbpass'
apparmor.systemd[7039]: AppArmor parser error for /etc/apparmor.d/usr.sbin.cupsd in /etc/apparmor.d/abstractions/authentication at line 49: Could not open 'abstractions/sm>
apparmor.systemd[6936]: Error: At least one profile failed to load
systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: apparmor.service: Failed with result 'exit-code'.
systemd[1]: Failed to start Load AppArmor profiles.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Modified /etc/apparmor.d/abstractions/smbpass
But I don't know if this is Ok for everyone (or even for me). I just took a lucky guess.
This is the file now:
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
# Copyright (C) 2009 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# libpam-smbpass/pam_smbpass.so permissions
# /var/lib/samba/*.[lt]db rwk,
/var/lib/samba/*.tdb rwk,
* What was the outcome of this action?
No errors.
# systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2020-05-05 13:30:58 -03; 2s ago
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
Process: 9800 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=0/SUCCESS)
Main PID: 9800 (code=exited, status=0/SUCCESS)
systemd[1]: Starting Load AppArmor profiles...
apparmor.systemd[9800]: Restarting AppArmor
apparmor.systemd[9800]: Reloading AppArmor profiles
systemd[1]: Finished Load AppArmor profiles.
I don't post this as a patch, because I'm not sure if it is. But this is how I managed to get apparmor running. Probably there's something more correct to do in this case.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.4.0-2-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), LANGUAGE=es_AR:es (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.74
ii libc6 2.30-4
ii lsb-base 11.1.0
ii python3 3.8.2-3
apparmor recommends no packages.
Versions of packages apparmor suggests:
pn apparmor-profiles-extra <none>
pn apparmor-utils <none>
-- Configuration Files:
/etc/apparmor.d/abstractions/smbpass changed:
# libpam-smbpass/pam_smbpass.so permissions
/var/lib/samba/*.tdb rwk,
-- debconf information excluded
More information about the pkg-apparmor-team
mailing list