[pkg-apparmor] Bug#959811: Bug#959811: apparmor: Failed to start Load AppArmor profiles

intrigeri intrigeri at debian.org
Mon May 25 09:55:07 BST 2020 

Control: tag -1 + moreinfo

Hi marco,

Marco (2020-05-05):
> I was getting an error message when starting apparmor:
>
> # systemctl status apparmor.service
>
> ● apparmor.service - Load AppArmor profiles
>      Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
>      Active: failed (Result: exit-code) since Tue 2020-05-05 13:02:26 -03; 2min 3s ago
>        Docs: man:apparmor(7)
>              https://gitlab.com/apparmor/apparmor/wikis/home/
>    Main PID: 6936 (code=exited, status=1/FAILURE)
>
> systemd[1]: Starting Load AppArmor profiles...
> apparmor.systemd[6936]: Restarting AppArmor
> apparmor.systemd[6936]: Reloading AppArmor profiles
> apparmor.systemd[6955]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/abstractions/authentication at line 49: Could not open 'abstractions/smbpass'
> apparmor.systemd[7039]: AppArmor parser error for /etc/apparmor.d/usr.sbin.cupsd in /etc/apparmor.d/abstractions/authentication at line 49: Could not open 'abstractions/sm>
> apparmor.systemd[6936]: Error: At least one profile failed to load
> systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
> systemd[1]: apparmor.service: Failed with result 'exit-code'.
> systemd[1]: Failed to start Load AppArmor profiles.

Thank you for reporting this. I cannot reproduce this problem here, so
I'll need some more information from you.

Could you please try to load a profile that uses
abstractions/authentication, for example this one (included in the
cups-daemon package):

  sudo apparmor_parser --verbose -r /etc/apparmor.d/usr.sbin.cupsd

This should be sufficient to trigger the bug and should display
more information about the problem.

Also, I suspect the problem comes from a conflict between
the default abstractions/smbpass rules, and another rule coming from
somewhere else, such as a local addition. So:

 - Did you add/modify any file in /etc/apparmor.d/tunables/*.d?

 - What's the output of this command:

     sudo rgrep samba /etc/apparmor.d/local/

Cheers!

More information about the pkg-apparmor-team mailing list