Ubuntu
apparmor package

Parse error of /etc/apparmor.d/tunables/home.d/ubuntu after unattended-upgrades

Bug #1778984 reported by Serge Yagolnikov
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Environment:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

Docker Details:
Client:
 Version: 17.06.2-ce
 API version: 1.30
 Go version: go1.8.3
 Git commit: cec0b72
 Built: Tue Sep 5 20:00:17 2017
 OS/Arch: linux/amd64

Server:
 Version: 17.06.2-ce
 API version: 1.30 (minimum version 1.12)
 Go version: go1.8.3
 Git commit: cec0b72
 Built: Tue Sep 5 19:59:11 2017
 OS/Arch: linux/amd64
 Experimental: false

Problem: Docker containers will not restart due error /etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: ''

How to recreate problem:
1. initiate unattended upgrades: sudo unattened-upgrades -d
2. Wait until Apparmor is installing...

Installing new version of config file /etc/init.d/apparmor ...
Installing new version of config file /etc/init/apparmor.conf ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

3. Pull the power from the computer to simulate a complete power failure.
4. Plug the system back in and try to restart a docker container using "sudo docker restart <container-name>
Error upon attempting to restart docker container:
Error response from daemon: Cannot restart container updater-nodejs: AppArmor enabled on system but the docker-default profile could not be loaded: running /sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default480199246 failed with output: AppArmor parser error for /var/lib/docker/tmp/docker-default480199246 in /etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: ''

error: exit status 1

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hi Serge, can you please attach your /etc/apparmor.d/tunables/home.d/ubuntu file?

Thanks

Revision history for this message
Shawn Authement (thesteelrider) wrote :

I have just hit this problem on Ubuntu 18.04, and I was able to solve it by running
root@ubuntu:~# sudo dpkg-reconfigure apparmor

Unlike the previous poster, I am not aware of any sudden powercycles. I simply attempted to run a docker container. The docker command and output are below, with PII redacted.

docker run --rm -v /home/[REDACTED]/projects/snap/out/log:/log -v /home/[REDACTED]/projects/snap/django:/tmslogs -v /home/[REDACTED]/projects/snap/out/db:/db -v /home/[REDACTED]/projects/snap/out/media:/media -v /home/[REDACTED]/projects/snap/out/dumps:/dumps -v /home/[REDACTED]/projects/snap/config:/config -t -i [REDACTED].com/tmslogs:latest /bin/bash

docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default964375229` failed with output: AppArmor parser error for /var/lib/docker/tmp/docker-default964375229 in /etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: ''

root@ubuntu:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04 LTS"

root@ubuntu:~# uname -a
Linux ubuntu 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

root@ubuntu:~# docker --version
Docker version 17.12.1-ce, build 7390fc6

root@ubuntu:~# cat /etc/apparmor.d/tunables/home.d/ubuntu
# This file is auto-generated. It is recommended you update it using:
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}. See tunables/home for details.
root@ubuntu:~#

I followed the hint in /etc/apparmor.d/tunables/home.d/ubuntu and ran

root@ubuntu:~# sudo dpkg-reconfigure apparmor

This solved the problem.

After this solved the problem, this reminded me that I have modified my /home directories. After installing Ubuntu 18.04 and creating my default user account, I logged in and mounted a second drive into '/home'. Perhaps anyone looking into this issue, or experiencing this issue could take this clue and run with it.

Revision history for this message
Shawn Authement (thesteelrider) wrote :

Clarification:

I followed the hint in /etc/apparmor.d/tunables/home.d/ubuntu and ran

root@ubuntu:~# sudo dpkg-reconfigure apparmor

In the window that popped up, I added "/home/" (which is the location of my home directories) and clicked OK.

This solved the problem

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
aleksei (aleksei.timashkov) wrote :

I followed previous hint , but issue still occurs.

Revision history for this message
Evandro Sutil (evandrosutil) wrote :

I followed Shawn's hint I my problem was also solved.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.