Unable to enforce/disable profiles using aa-enforce/aa-disable

Bug #2079019 reported by Jörgen U
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Trying to enforce an apparmor profile on a newly installed Ubuntu 24.04 server (ubuntu-24.04-live-server-amd64.iso, updated and rebooted) results in the following

# aa-enforce podman

ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')

Searching for runbindable in /etc/apparmor.d shows this

# grep -r "runbindable*/*" /etc/apparmor.d
/etc/apparmor.d/abstractions/passt: mount options=(rw, runbindable) /,

# aa-logprof

ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')

# aa-disable passt

ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')

# aa-status --filter.profiles=podman
apparmor module is loaded.
98 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 profiles are in prompt mode.
0 profiles are in kill mode.
1 profiles are in unconfined mode.
   podman
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble

Jörgen U (jyrg)
affects: apparmor → apparmor (Ubuntu)
Revision history for this message
John Johansen (jjohansen) wrote :

This is fixed in 4.0.2 and should be part of the next SRU

Changed in apparmor (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.