"Failure registering capabilities with primary security module."

Bug #163616 reported by Alexander Jones on 2007-11-18
20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Kees Cook

Bug Description

I get this error message twice in my system log every time I boot.

I have no idea what exactly this pertains to.

ProblemType: Bug
Architecture: i386
Date: Sun Nov 18 17:41:18 2007
DistroRelease: Ubuntu 7.10
NonfreeKernelModules: vmnet vmblock vmmon fglrx
Uname: Linux flash 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007 i686 GNU/Linux

mithuna (sowmyam1) wrote :

Well, I get this too and I only looked in the log because I was having issues with my VPN. I haven't been able to configure VPN successfully with 7.1. I did everything that was suggested in the forums i.e. install network-manager, network-manager-vpnc, network-manager-gnome, network-manager-kde etc. I am running KDE btw.

I guess the problem is that the security module may not be loaded. But what's the name of the module to load? Can someone help?

Henri Cook (henricook) wrote :

I also experience this error - pretty vanilla ubuntu install!

Jamie Strandboge (jdstrand) wrote :

I am also seeing this on gutsy server (2.6.22-14.51) and gutsy -generic. 2.6.22-14.51, but it doesn't seem to be affecting apparmor. dmesg has (on laptop) has:
...
[ 6.103676] AppArmor: AppArmor initialized<5>audit(1202732341.528:2): type=1505 info="AppArmor initialized" pid=1196
[ 6.111624] fuse init (API version 7.8)
[ 6.115436] Failure registering capabilities with primary security module.
...

This gets triggered on my server if I restart bind9 (which is using an apparmor profile).

Confirmed in my up-to-date gutsy.
It has also been reported at <http://ubuntuforums.org/showthread.php?t=604312>.

Ludovic Claude (ludovicc) wrote :

Hello, I think that I have this bug too. The problem for me is that the computer simply doesn't want to boot up. When booting, the progress bar advances normally, then the screen switches to a blank screen in graphic mode and with the round wait cursor, then it switches again to text mode with a flashing cursor at the top left of the screen. Then nothing happens. After a few minutes of waiting, I reboot the computer and try again.

This gives me the following log in /var/log/messages:
http://pastebin.ubuntu.com/5827/

I have noticed also that it may be linked to my internet connection: my ADSL router doesn't always connect automatically to Internet, so if I force the Internet connection to work with my other computer (a Win XP notebook), then the Ubuntu computer starts properly and I get the login screen and everything.

My system:
Gutsy x64, NVidia
I have fixed /etc/hosts (see http://ubuntuforums.org/showthread.php?t=611711) and disabled IPv6, so the system is responsive.

I see the same message in dmesg also. My problem is a wacom bamboo one that refuses to be recognized. More specifically, not /dev/input/wacom exists. Could this message have anything to do with this? Should I register something with AppArmour? If so, how do I do that?

I do not know if that message was already there before I compiled the wacom driver module.

Correction: My tablet works now, but the messages are still there: one after fuse-init and one after nfsd. I do not experience problems with my system, though.

Steven (stebalien) wrote :

The capability module loads fine (sudo modprobe capability) if I first disable apparmor (sudo modprobe -r apparmor) but I can't load both at the same time. Is it safe to simply blacklist the capability module or should I disable apparmor?

nullack (nullack) wrote :

This occurs in default Hardy, as well as todays latest Hardy proposed kernel :

Linux ppp 2.6.24-19-generic #1 SMP Wed Jun 18 14:15:37 UTC 2008 x86_64 GNU/Linux

Being generic .34 in proposed.

Kees Cook (kees) wrote :

This is a harmless (though annoying) warning. The "capabilities" functions are basically already loaded internally by AppArmor, so it's not possible to load it the 2nd time. If you were for some reason not using AppArmor (and not using SELinux) then having raw capabilities loaded would be what you want. With either of the other LSM front-ends running (AppArmor or SELinux) it is redundant to have the capabilities front-end running.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments