This also affects unbound: the name resolution service didn't start (it was possible to start unbound outside of service management, because it doesn't look for /run/systemd/notify in that case). I do use dracut.
Upgrading systemd and related packages to 255.4-1ubuntu8.1 (upgrading udev regenerates the initramfs) fixes it.
This also affects unbound: the name resolution service didn't start (it was possible to start unbound outside of service management, because it doesn't look for /run/systemd/notify in that case). I do use dracut.
Upgrading systemd and related packages to 255.4-1ubuntu8.1 (upgrading udev regenerates the initramfs) fixes it.
Before that, errors looked like: 2.487:146) : apparmor="DENIED" operation="sendmsg" class="file" profile="unbound" name="/ systemd/ journal/ dev-log" pid=1175 comm="unbound" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 2.487:147) : apparmor="DENIED" operation="connect" class="file" profile="unbound" name="/ systemd/ userdb/ io.systemd. DynamicUser" pid=1175 comm="unbound" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 2.542:153) : apparmor="DENIED" operation="sendmsg" class="file" profile="unbound" name="/ systemd/ notify" pid=1175 comm="unbound" requested_mask="w" denied_mask="w" fsuid=126 ouid=0
journalctl -k -b-1 --grep 'apparmor.*unbound'
mai 27 10:02:22 host kernel: audit: type=1400 audit(171679694
mai 27 10:02:22 host kernel: audit: type=1400 audit(171679694
mai 27 10:02:22 host kernel: audit: type=1400 audit(171679694