Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2095370
Title:
AppArmor early policy load not funcitoning
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
Profile cache files in /etc/apparmor/earlypolicy/ should be loaded by
systemd during early boot to enable full system confinement. Systemd
should load the cache and try to enter confinement as documented in
https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorInSystemd
However this is not happening on noble. The early policy is not being loaded
and systemd does not appear to attempt to enter the systemd profile, which
should result in the following error if the systemd profile is not part of the
early cache set.
Failed to change to AppArmor profile 'systemd'. Please ensure that one
of the binary profile files in policy cache directory
/etc/apparmor/earlypolicy/XXXXX contains a profile with that name."
systemd on boot does report that it has been built with apparmor support
[ 2.011794] systemd[1]: systemd 257-2ubuntu1 running in system mode
(+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK +SECCOMP +GCRYPT
-GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC
+KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2
+PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD
+BPF_FRAMEWORK -BTF -XKBCOMMON -UTMP +SYSVINIT +LIBARCHIVE)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2095370/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
