I’m also affected by this issue on Ubuntu 24.04, kernel 6.8.0-58-generic (pending upgrade to 6.8.0-59-generic), with AppArmor version 4.0.1really4.0.1-0ubuntu0.24.04.4. I encountered the error /lib/apparmor/apparmor.systemd: 148: [: ILLEGAL NUMBER: YES during AppArmor service startup.
The error originates from /lib/apparmor/rc.apparmor.functions at line 148, where the script uses if [ "$unconfined_users" -eq 0 ], but $unconfined_users contains the string YES. I fixed it locally by changing the line to if [ "$unconfined_users" = "NO" ]. After this change, the error no longer appears, and aa-status confirms AppArmor is working. I’ve attached screenshot for reference. ** Attachment added: "systemctl status.png" https://bugs.launchpad.net/apparmor/+bug/2102680/+attachment/5876729/+files/systemctl%20status.png -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2102680 Title: Installation of AppArmor on a 6.14 kernel produces error message "Illegal number: yes" Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Fix Released Bug description: Installing the AppArmor package on a Plucky machine that is running a 6.14 kernel produces the error message "/var/lib/dpkg/info/apparmor.postinst: 148: [: Illegal number: yes". This is due to an underlying kernel sysctl (/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns) changing from a 0/1 integer (semantic boolean) to a "no"/"yes" string in Ubuntu's 6.14 kernel, causing our debian/patches/ubuntu/userns- runtime-disable.patch to fail because it expects a 0/1 integer. The switch to "no"/"yes" will be needed if/when the sysctl is upstreamed. As such, we should patch our debian/patches/ubuntu/userns-runtime- disable.patch to be robust and handle both 0/1 and "no"/"yes" values for the sysctl. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2102680/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
