Ubuntu
apparmor package

kernel needs apparmor 2.4 compatibility patch

Bug #680485 reported by dino99
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Linux
Fix Released
Undecided
Unassigned
apparmor (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: apparmor

maverick i386 updated

have removed/purged then reinstalled apparmor and got this error:

- cache read/write disabled /sys/kernel/security/apparmor/features interface file missing
(kernel needs apparmor 2.4 compatibility patch)

- lot of network rules not enforced

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: apparmor 2.5.1-0ubuntu0.10.10.2
ProcVersionSignature: Ubuntu 2.6.36-0.4-generic 2.6.36-rc7
Uname: Linux 2.6.36-0-generic i686
ApparmorStatusOutput: Error: command ['gksu', '-D', 'Apport', '--', '/usr/sbin/apparmor_status'] failed with exit code 4: apparmor module is loaded.
Architecture: i386
Date: Tue Nov 23 14:34:23 2010
ProcEnviron:
 LANG=fr_FR.utf8
 SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-2.6.36-0-generic root=UUID=4e45911e-80fc-46b3-b8d0-d36b50a0fb2c ro radeon.modeset=1 quiet
SourcePackage: apparmor

Revision history for this message
dino99 (9d9) wrote :
Revision history for this message
roger64 (rogqip-suse) wrote :

I installed the latest Maverick kernel from mainline some days ago due to some Compiz problems.

Something was slowing down the startup a little, I suppressed the quiet splash option in Grub to read it and it was:

"Kernel needs AppArmor 2.4 compatibility patch" repeated some times.

roger@roger-laptop:~$ uname -r
2.6.37-020637rc2-generic

Revision history for this message
John Johansen (jjohansen) wrote :

dino99,

The kernel reported by your rocKernelCmdline,
  BOOT_IMAGE=/boot/vmlinuz-2.6.36-0-generic

is not an official distro kernel, and as such certain features are likely to be missing or not enabled.

Revision history for this message
John Johansen (jjohansen) wrote :

roger64,

The current Natty 2.6.37 kernels have the compatibility patches enabled.

Revision history for this message
John Johansen (jjohansen) wrote :

So just an added note,

The upstream kernel does not have the compatibility patches, and never will. So mainline kernels will report this problem, and Ubuntu kernels that have not the patches forward ported yet will report this temporarily.

Changed in apparmor (Ubuntu):
status: New → Fix Released
Changed in linux:
status: New → Fix Released
Revision history for this message
yossarian_uk (morgancoxuk) wrote :

dino99 - you can get patches for the mainline kernel here

http://kernel.org/pub/linux/security/apparmor/apparmor-2.6.36-patches.tgz

just go to the source dir then

patch -p1 < patchfile (for all 3)

then check you have the compatibility option enabled.

See : https://apparmor.wiki.kernel.org/index.php/Apparmor/upstream_release_notes

Revision history for this message
roger64 (rogqip-suse) wrote : Re: [Bug 680485] Re: kernel needs apparmor 2.4 compatibility patch

Thank you. I'll try it.

2011/1/6 yossarian_uk <email address hidden>

> dino99 - you can get patches for the mainline kernel here
>
> http://kernel.org/pub/linux/security/apparmor/apparmor-2.6.36-patches.tgz
>
> just go to the source dir then
>
> patch -p1 < patchfile (for all 3)
>
> then check you have the compatibility option enabled.
>
> See :
> https://apparmor.wiki.kernel.org/index.php/Apparmor/upstream_release_notes
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/680485
>
> Title:
> kernel needs apparmor 2.4 compatibility patch
>

Revision history for this message
antoirehew (antoirehew-uk) wrote :

i just upgrade from 2.6.37rc8 to 2.6.38 rc2 having the same bug.

Revision history for this message
John Johansen (jjohansen) wrote :

antoirehew,

yes the mainline kernels will never have the above compatibility patch. There are different patches in development that will replace the current compatibility patches and that will go upstream when they are ready

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.