Ubuntu
linux package

AppArmor does not and cannot start

Bug #786839 reported by andrey_campbell
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Setting up apparmor (2.6.1-0ubuntu3) ...
 * Starting AppArmor profiles
 * AppArmor not available as kernel LSM.
   ...fail!

AND:

root ~ # modprobe apparmor
FATAL: Module apparmor not found.

AND:

root ~ # /etc/init.d/apparmor status
 * AppArmor not available as kernel LSM.
   ...fail!
root ~ # /etc/init.d/apparmor start
 * Starting AppArmor profiles
 * AppArmor not available as kernel LSM.
   ...fail!

The internet is full of similar reports. Is AppArmor even supposed to work in Ubuntu? Or is it something like: it's great if it works with this particular kernel, but we're not debugging the issue if it doesn't work cause we have more important things to do?

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: linux-image-2.6.38-8-generic 2.6.38-8.42
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
Architecture: amd64
ArecordDevices:
 **** List of CAPTURE Hardware Devices ****
 card 0: Intel [HDA Intel], device 0: CONEXANT Analog [CONEXANT Analog]
   Subdevices: 1/1
   Subdevice #0: subdevice #0
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: andrei 2145 F.... pulseaudio
 /dev/snd/controlC1: andrei 2145 F.... pulseaudio
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
 Card hw:0 'Intel'/'HDA Intel at 0xd5400000 irq 42'
   Mixer name : 'Intel IbexPeak HDMI'
   Components : 'HDA:14f15069,104313f3,00100302 HDA:80862804,80860101,00100000'
   Controls : 12
   Simple ctrls : 6
Card1.Amixer.info:
 Card hw:1 'N700'/'Logitech Logitech Speaker Lapdesk N700 at usb-0000:00:1d.0-1.2, full speed'
   Mixer name : 'USB Mixer'
   Components : 'USB046d:0a1a'
   Controls : 2
   Simple ctrls : 1
Date: Mon May 23 08:58:04 2011
HibernationDevice: RESUME=UUID=d1b238f3-ed49-4724-8133-7ef98f115e5c
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110426)
MachineType: ASUSTeK Computer Inc. K52F
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-2.6.38-8-generic root=/dev/mapper/hostname-root ro quiet splash security=selinux selinux=1 vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-2.6.38-8-generic N/A
 linux-backports-modules-2.6.38-8-generic N/A
 linux-firmware 1.52
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/01/2010
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: K52F.212
dmi.board.asset.tag: ATN12345678901234567
dmi.board.name: K52F
dmi.board.vendor: ASUSTeK Computer Inc.
dmi.board.version: 1.0
dmi.chassis.asset.tag: ATN12345678901234567
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTeK Computer Inc.
dmi.chassis.version: 1.0
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrK52F.212:bd11/01/2010:svnASUSTeKComputerInc.:pnK52F:pvr1.0:rvnASUSTeKComputerInc.:rnK52F:rvr1.0:cvnASUSTeKComputerInc.:ct10:cvr1.0:
dmi.product.name: K52F
dmi.product.version: 1.0
dmi.sys.vendor: ASUSTeK Computer Inc.

Revision history for this message
andrey_campbell (andreycampbell) wrote :
Brad Figg (brad-figg)
Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Mark Russell (marrusl) wrote :

I was not able to reproduce this problem with VirtualBox 4.0.8 r71778 with 11.04 Guest (amd64) and Guest Additions installed. Though perhaps I'm missing something. Can you try upgrading Vbox and installing the latest Guest Additions to your guest?

Revision history for this message
andrey_campbell (andreycampbell) wrote :

I do have Virtual Box installed on my system, but the problem occurs on the host (main Ubuntu system) and not in any of my guests.

I know that Virtual Box does install some kernel components into the host's kernel: do you think this might cause problems with AppArmor?

Revision history for this message
Mark Russell (marrusl) wrote :

Ah. I see. I realize I was thinking guest because of LP bug #770565 involved the same symptoms in a vbox guest.

Forget VirtualBox actually, I see the problem: you are enabling selinux on your kernel command-line:
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-2.6.38-8-generic root=/dev/mapper/hostname-root ro quiet splash security=selinux selinux=1 vt.handoff=7

You can't run SELinux and AppArmor at the same time. If you want to run AppArmor, remove "security=selinux" and "selinux=1" from your kernel command-line parameters in /boot/grub/grub.cfg. You might need to add "security=apparmor" (not sure that's necessary though).

Revision history for this message
Mark Russell (marrusl) wrote :

For more info see: http://askubuntu.com/questions/23422/is-it-a-bad-idea-to-run-selinux-and-apparmor-at-the-same-time

Revision history for this message
andrey_campbell (andreycampbell) wrote :

Thanks for your help. Actually I did not currently have SELinux installed. I did install it some time ago, but then I swiftly uninstalled it. However, it seems that that line in grub.cfg was a leftover from the SELinux install (perhaps I should open a bug against SELinux?) and was enough to prevent AppArmor from running correctly. So, AppArmor now work. Thanks!

Revision history for this message
andrey_campbell (andreycampbell) wrote :

* now work -> now works

Revision history for this message
Mark Russell (marrusl) wrote :

Glad to hear it. Thanks for reporting back. I will mark this bug as invalid.

Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.