Unable to enforce/disable profiles using aa-enforce/aa-disable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Trying to enforce an apparmor profile on a newly installed Ubuntu 24.04 server (ubuntu-
# aa-enforce podman
ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')
Searching for runbindable in /etc/apparmor.d shows this
# grep -r "runbindable*/*" /etc/apparmor.d
/etc/apparmor.
# aa-logprof
ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')
# aa-disable passt
ERROR: Operation {'runbindable'} cannot have a source. Source = AARE('/')
# aa-status --filter.
apparmor module is loaded.
98 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 profiles are in prompt mode.
0 profiles are in kill mode.
1 profiles are in unconfined mode.
podman
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble
affects: | apparmor → apparmor (Ubuntu) |
This is fixed in 4.0.2 and should be part of the next SRU