Ubuntu
linux package

Mainline kernel 4.14 does not start apparmor

Bug #1737005 reported by Klaus Bielke
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

With Ubuntu 16.04.3 LTS (Xenial Xerus), and Ubuntu mainline kernel 4.14.3 or 4.14.4 systemd fails allways starting apparmor.service and ureadahead.service. Sometimes udisks2.service fails too.

$ uname -a
Linux lieselotte 4.14.4-041404-generic #201712050630 SMP Tue Dec 5 12:07:25 UTC 2017 i686 i686 i686 GNU/Linux

$ systemctl --failed
  UNIT LOAD ACTIVE SUB DESCRIPTION
● apparmor.service loaded failed failed LSB: AppArmor initialization
● udisks2.service loaded failed failed Disk Manager
● ureadahead.service loaded failed failed Read required files in advance

$ systemctl status apparmor.service
● apparmor.service - LSB: AppArmor initialization
   Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Do 2017-12-07 18:04:51 CET; 52min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 689 ExecStart=/etc/init.d/apparmor start (code=exited, status=1/FAILURE)

Dez 07 18:04:51 lieselotte systemd[1]: Starting LSB: AppArmor initialization...
Dez 07 18:04:51 lieselotte apparmor[689]: * Starting AppArmor profiles
Dez 07 18:04:51 lieselotte apparmor[689]: * AppArmor not available as kernel LSM.
Dez 07 18:04:51 lieselotte apparmor[689]: ...fail!
Dez 07 18:04:51 lieselotte systemd[1]: apparmor.service: Control process exited, code=exited status=1
Dez 07 18:04:51 lieselotte systemd[1]: Failed to start LSB: AppArmor initialization.
Dez 07 18:04:51 lieselotte systemd[1]: apparmor.service: Unit entered failed state.
Dez 07 18:04:51 lieselotte systemd[1]: apparmor.service: Failed with result 'exit-code'.

See original description
Klaus Bielke (k-bielke)
description: updated
description: updated
affects: apparmor (Ubuntu) → linux (Ubuntu)
Klaus Bielke (k-bielke)
description: updated
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1737005

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
John Johansen (jjohansen) wrote :

The Ubuntu mainline kernel build unfortunately currently does not have apparmor set as the default LSM. This is due to some config changes done when adding the LSM stacking patches (Ubuntu tries to keep the configs as close as possible). Addressing this is wip and should land with the next revision of the LSM stacking patches

until then you can enable apparmor by editing the grub kernel command line by adding
  security=apparmor

Revision history for this message
Klaus Bielke (k-bielke) wrote :

Behavior was explained and confirmed by comment #2. Proposed kernel parameter works for me. Adding logs seems not helpfull to me, confirming anyway.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
John Johansen (jjohansen) wrote :

Klaus,

agreed logs are not needed, thanks for the confirmation. The comment in #1 is generated by a bot so don't worry about it.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.