Ubuntu
apparmor package

xargs: /sbin/apparmor_parser: terminated by signal 11

Bug #670318 reported by Delan Azabani
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

As of recent update, the following error messages about AppArmor appear right before X starts, in /var/log/boot.log:

/etc/rcS.d/S37apparmor: 150: cannot open /sys/kernel/security/apparmor/features: No such file
xargs: /sbin/apparmor_parser: terminated by signal 11
xargs: /sbin/apparmor_parser: terminated by signal 11
---
ApparmorStatusOutput:
 Error: command /usr/sbin/apparmor_status failed with exit code 4: You do not have enough privilege to read the profile set.
 apparmor module is loaded.
Architecture: amd64
DistroRelease: Ubuntu 10.10
Package: apparmor 2.5.1~rc1-0ubuntu2
PackageArchitecture: amd64
ProcCmdline: root=UUID=1950f462-9790-4f2e-9a56-316e28275e03 ro
ProcEnviron:
 LANGUAGE=en
 PATH=(custom, user)
 LANG=en_AU.utf8
 SHELL=/bin/bash
ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature'
Tags: maverick
Uname: Linux 2.6.37-rc1+ x86_64
UserGroups: adm admin admin cdrom dialout lp lpadmin mlocate plugdev sambashare saned

See original description
Revision history for this message
Delan Azabani (azabani) wrote : Re: [Bug 670318] [NEW] xargs: /sbin/apparmor_parser: terminated by signal 11

The problem is in /etc/rcS.d/S37apparmor.

Nicola Ferralis (feranick)
affects: ubuntu → apparmor (Ubuntu)
Revision history for this message
Kees Cook (kees) wrote :

Thanks for the report. Can you perform an "apport-collect -p apparmor 670318" to add your OS details to this bug report? I assume you're using a mainline kernel, but getting the full Apport report would be best. Thanks!

Changed in apparmor (Ubuntu):
status: New → Incomplete
Revision history for this message
Delan Azabani (azabani) wrote :

Thank you for reminding me of this. It doesn't seem to happen on the Ubuntu-supplied 2.6.35-23, but did happen on 2.6.37 from git. I had recently removed it; I will fetch it, install it and see if it happens there, then apport-collect. Thanks!

Revision history for this message
Delan Azabani (azabani) wrote : ApparmorPackages.txt

apport information

tags: added: apport-collected
description: updated
Revision history for this message
Delan Azabani (azabani) wrote : Dependencies.txt

apport information

Revision history for this message
Delan Azabani (azabani) wrote : KernLog.txt

apport information

Revision history for this message
Delan Azabani (azabani) wrote : PstreeP.txt

apport information

Changed in apparmor (Ubuntu):
status: Incomplete → New
Revision history for this message
WebNuLL (babciastefa) wrote :

This bug affects me too.

WebNuLL (babciastefa)
description: updated
Revision history for this message
Pavol C (developer-1976) wrote : apport information

ApparmorStatusOutput:
 Error: command /usr/sbin/apparmor_status failed with exit code 4: You do not have enough privilege to read the profile set.
 apparmor module is loaded.
Architecture: i386
DistroRelease: LinuxMint 10
InstallationMedia: Linux Mint 10 "Julia" - Release i386 (20101007)
Package: apparmor 2.5.1~rc1-0ubuntu2
PackageArchitecture: i386
ProcCmdline: BOOT_IMAGE=/vmlinuz-2.6.36-020636-generic root=/dev/mapper/vg00-lvroot ro quiet splash
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.utf8
 SHELL=/bin/bash
ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature'
Tags: julia
Uname: Linux 2.6.36-020636-generic i686
UnreportableReason: This is not a genuine LinuxMint package
UserGroups:

Revision history for this message
Pavol C (developer-1976) wrote : ApparmorPackages.txt

apport information

Revision history for this message
Pavol C (developer-1976) wrote : Dependencies.txt

apport information

Revision history for this message
Pavol C (developer-1976) wrote : KernLog.txt

apport information

Revision history for this message
Pavol C (developer-1976) wrote : PstreeP.txt

apport information

Revision history for this message
Kees Cook (kees) wrote :

Can you re-test with the latest apparmor in the maverick-updates archive? I suspect it will have fixed this problem already. Thanks!

Changed in apparmor (Ubuntu):
status: New → Incomplete
Revision history for this message
ubu64 (santiago-beckenried) wrote :
Download full text (19.0 KiB)

No apparmor does not work

* Starting AppArmor profiles Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from /etc/apparmor.d/gdm-guest-session (/etc/apparmor.d/gdm-guest-session line 48): profile /usr/share/gdm/guest-session/Xsession network rules not enforced
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
AppArmor parser error for /etc/apparmor.d/sbin.dhclient3 in /etc/apparmor.d/sbin.dhclient3 at line 58: Could not open 'local/sbin.dhclient3'
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from /etc/apparmor.d/bin.ping (/etc/apparmor.d/bin.ping line 28): profile /bin/ping network rules not enforced
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from /etc/apparmor.d/sbin.klogd (/etc/apparmor.d/sbin.klogd line 35): profile /sbin/klogd network rules not enforced
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from /etc/apparmor.d/sbin.syslog-ng (/etc/apparmor.d/sbin.syslog-ng line 47): profile /sbin/syslog-ng network rules not enforced
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from /etc/apparmor.d/sbin.syslogd (/etc/apparmor.d/sbin.syslogd line 40): profile /sbin/syslogd network rules not enforced
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
AppArmor parser error for /etc/apparmor.d/usr.bin.evince in /etc/apparmor.d/abstractions/evince at line 119: Could not open 'local/usr.bin.evince'
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from /etc/apparmor.d/usr.lib.dovecot.deliver (/etc/apparmor.d/usr.lib.dovecot.deliver line 24): profile /usr/lib/dovecot/deliver network rules not enforced
Cache read/write disabled: /sys/kernel/security/apparmor/features interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning from /etc/apparmor.d/usr.lib.dovecot.dovecot-auth (/etc/apparmor.d/usr.lib.dovecot.dovecot-auth line 24): profile /usr/lib/dovecot/dovecot-auth network rules not enforced
Cache read/write disabled: /sys/kernel/security/apparmor/features interface ...

Revision history for this message
Kees Cook (kees) wrote :

Okay, excellent. It has stopped crashing. Since you're running an upstream kernel, AppArmor will not work, but that is not a bug, since AppArmor's upstream interface is not compatible with the existing AppArmor userspace tools. Thanks for re-checking!

Changed in apparmor (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.