Mainline kernel 4.14 does not start apparmor

Bug #1737005 reported by Klaus Bielke on 2017-12-07

This bug report will be marked for expiration in 56 days if no further activity occurs. (find out why)

6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned

Bug Description

With Ubuntu 16.04.3 LTS (Xenial Xerus), and Ubuntu mainline kernel 4.14.3 or 4.14.4 systemd fails allways starting apparmor.service and ureadahead.service. Sometimes udisks2.service fails too.

$ uname -a
Linux lieselotte 4.14.4-041404-generic #201712050630 SMP Tue Dec 5 12:07:25 UTC 2017 i686 i686 i686 GNU/Linux

$ systemctl --failed
  UNIT LOAD ACTIVE SUB DESCRIPTION
● apparmor.service loaded failed failed LSB: AppArmor initialization
● udisks2.service loaded failed failed Disk Manager
● ureadahead.service loaded failed failed Read required files in advance

$ systemctl status apparmor.service
● apparmor.service - LSB: AppArmor initialization
   Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Do 2017-12-07 18:04:51 CET; 52min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 689 ExecStart=/etc/init.d/apparmor start (code=exited, status=1/FAILURE)

Dez 07 18:04:51 lieselotte systemd[1]: Starting LSB: AppArmor initialization...
Dez 07 18:04:51 lieselotte apparmor[689]: * Starting AppArmor profiles
Dez 07 18:04:51 lieselotte apparmor[689]: * AppArmor not available as kernel LSM.
Dez 07 18:04:51 lieselotte apparmor[689]: ...fail!
Dez 07 18:04:51 lieselotte systemd[1]: apparmor.service: Control process exited, code=exited status=1
Dez 07 18:04:51 lieselotte systemd[1]: Failed to start LSB: AppArmor initialization.
Dez 07 18:04:51 lieselotte systemd[1]: apparmor.service: Unit entered failed state.
Dez 07 18:04:51 lieselotte systemd[1]: apparmor.service: Failed with result 'exit-code'.

Klaus Bielke (k-bielke) on 2017-12-07
description: updated
description: updated
affects: apparmor (Ubuntu) → linux (Ubuntu)
Klaus Bielke (k-bielke) on 2017-12-07
description: updated

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1737005

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
John Johansen (jjohansen) wrote :

The Ubuntu mainline kernel build unfortunately currently does not have apparmor set as the default LSM. This is due to some config changes done when adding the LSM stacking patches (Ubuntu tries to keep the configs as close as possible). Addressing this is wip and should land with the next revision of the LSM stacking patches

until then you can enable apparmor by editing the grub kernel command line by adding
  security=apparmor

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers