[pkg-apparmor] Bug#1121917: Bug#1121917: apparmor: Kernel version out of sync / doesn't conform to protocol
intrigeri
intrigeri at debian.org
Wed Jan 7 15:49:41 GMT 2026
Hi,
These problems were reported shortly after the 4.1.0-1+b1 binNMU,
which was built against linux-libc-dev 6.17.9-1, while 4.1.1-0 was
built against 6.12.21-1, while I see Tomáš is running 6.17.8, so
I think we're hit by the problem documented in the upstream FAQ,
namely "apparmor_parser [built] against newer kernel headers than the
currently running kernel":
https://gitlab.com/apparmor/apparmor/-/wikis/FAQ#what-causes-the-error-profile-doesnt-conform-to-protocol
However C.W. is running 6.17.9 which does not track. C.W., can you
please confirm you can still reproduce this bug on current
sid's kernel?
In terms of solutions, I suppose we could make the apparmor binary
package depend on a version of the kernel at least as recent as the
one it was built against (not sure how but this could be worth
researching). This should help in some cases; but it's not going to
help in all cases, and for example this would not have helped Tomáš,
because we don't have a way to express a versioned dependency about
the *currently running* kernel, and in the most symptomatic case
(src:linux update quickly followed by src:apparmor rebuild), the user
is going to upgrade the kernel and apparmor at the same time, before
a reboot can occur.
I'm curious how other distros handle this.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list