You are not logged in.
- Topics: Active | Unanswered
#1 2015-05-11 13:44:11
- adventurer
- Member
- Registered: 2014-05-04
- Posts: 119
[SOLVED] Start of AppArmor profiles failed
Hello,
I've been flawlessly running my AppArmor-enabled kernel with the apparmor package from the AUR for several weeks. Since two days I'm getting the message during the boot process that the AppArmor profiles were not loaded.
systemctl status apparmor.service gives:
● apparmor.service - AppArmor profiles
Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mo 2015-05-11 13:41:13 CEST; 1h 38min ago
Process: 527 ExecStart=/usr/bin/apparmor_load.sh (code=exited, status=1/FAILURE)
Main PID: 527 (code=exited, status=1/FAILURE)
Mai 11 13:41:11 MYARCH systemd[1]: Starting AppArmor profiles...
Mai 11 13:41:13 MYARCH systemd[1]: apparmor.service: main process exited, code=exited, status=1/FAILURE
Mai 11 13:41:13 MYARCH systemd[1]: Failed to start AppArmor profiles.
Mai 11 13:41:13 MYARCH systemd[1]: Unit apparmor.service entered failed state.
Mai 11 13:41:13 MYARCH systemd[1]: apparmor.service failed.journalctl _PID=527 doesn't report anything.
On the other hand, aa-status says that the apparmor module and the profiles are loaded:
apparmor module is loaded.
32 profiles are loaded.
13 profiles are in enforce mode.
/usr/lib/apache2/mpm-prefork/apache2
/usr/lib/apache2/mpm-prefork/apache2//DEFAULT_URI
/usr/lib/apache2/mpm-prefork/apache2//HANDLING_UNTRUSTED_INPUT
/usr/lib/apache2/mpm-prefork/apache2//phpsysinfo
...
19 profiles are in complain mode.
/opt/google/chrome/chrome-sandbox
/opt/google/chrome/google-chrome
/opt/google/chrome/nacl_helper_bootstrap
/usr/bin/avahi-daemon
/usr/bin/dnsmasq
/usr/bin/identd
...
5 processes have profiles defined.
0 processes are in enforce mode.
5 processes are in complain mode.
/usr/bin/avahi-daemon (566)
/usr/bin/avahi-daemon (572)
/usr/bin/dnsmasq (26096)
/usr/bin/syslog-ng (540)
/usr/lib/thunderbird/thunderbird (3724)
0 processes are unconfined but have a profile defined.This is apparmor.service:
[Unit]
Description=AppArmor profiles
DefaultDependencies=no
After=local-fs.target
Before=sysinit.target
[Service]
Type=oneshot
ExecStart=/usr/bin/apparmor_load.sh
ExecStop=/usr/bin/apparmor_unload.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.targetAnd /usr/bin/apparmor_load.sh :
#!/bin/sh
aa_profiles='/etc/apparmor.d/'
aa_log='/var/log/apparmor.init.log'
/usr/bin/apparmor_parser -r $(find "$aa_profiles" -maxdepth 1 -type f) 2>> "$aa_log"Again, up to two days ago there were no problems, and the last systemd update was on April 24th. So I wonder what's suddenly going wrong.
Do you have any ideas/suggestions?
Last edited by adventurer (2015-05-24 13:34:38)
Offline
#2 2015-05-11 17:07:43
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: [SOLVED] Start of AppArmor profiles failed
Offline
#3 2015-05-11 17:26:40
- adventurer
- Member
- Registered: 2014-05-04
- Posts: 119
Re: [SOLVED] Start of AppArmor profiles failed
jasonwryan wrote:
According to expac:
2015-05-09 11:30:33 gegl
2015-05-09 11:30:33 openexr
2015-05-09 11:30:34 gimp
2015-05-09 11:30:35 imagemagick
2015-05-09 11:30:36 kdelibs
2015-05-09 11:30:38 blas
2015-05-09 11:30:38 glpk
2015-05-09 11:30:38 lib32-libdrm
2015-05-09 11:30:38 libinput
2015-05-09 11:30:39 coin-or-cbc
2015-05-09 11:30:39 coin-or-cgl
2015-05-09 11:30:39 coin-or-clp
2015-05-09 11:30:39 coin-or-coinutils
2015-05-09 11:30:39 coin-or-mp
2015-05-09 11:30:39 coin-or-osi
2015-05-09 11:30:39 lapack
2015-05-09 11:30:39 suitesparse
2015-05-09 11:30:46 libreoffice-fresh
2015-05-09 11:30:47 libreoffice-fresh-de
2015-05-09 11:30:48 opencv
2015-05-09 18:45:05 libmariadbclient
2015-05-09 18:45:05 mariadb-clients
2015-05-09 18:45:06 mariadb
2015-05-09 19:16:34 hwinfo
2015-05-09 19:16:34 libass
2015-05-09 19:16:34 libsodium
2015-05-10 12:42:30 libtirpc
2015-05-10 12:42:31 attica-qt5
2015-05-10 12:42:31 extra-cmake-modules
2015-05-10 12:42:31 qt5-base
2015-05-10 12:42:31 qt5-declarative
2015-05-10 12:42:31 qt5-xmlpatterns
2015-05-10 12:42:32 gnutls
2015-05-10 12:42:32 karchive
2015-05-10 12:42:32 kconfig
2015-05-10 12:42:32 kcoreaddons
2015-05-10 12:42:32 kcrash
2015-05-10 12:42:32 kdbusaddons
2015-05-10 12:42:32 kjobwidgets
2015-05-10 12:42:32 kwidgetsaddons
2015-05-10 12:42:32 kwindowsystem
2015-05-10 12:42:32 qt5-x11extras
2015-05-10 12:42:32 solid
2015-05-10 12:42:33 kauth
2015-05-10 12:42:33 kbookmarks
2015-05-10 12:42:33 kcodecs
2015-05-10 12:42:33 kcompletion
2015-05-10 12:42:33 kconfigwidgets
2015-05-10 12:42:33 kglobalaccel
2015-05-10 12:42:33 kguiaddons
2015-05-10 12:42:33 ki18n
2015-05-10 12:42:33 kiconthemes
2015-05-10 12:42:33 kitemviews
2015-05-10 12:42:33 knotifications
2015-05-10 12:42:33 kservice
2015-05-10 12:42:33 ktextwidgets
2015-05-10 12:42:33 kwallet
2015-05-10 12:42:33 kxmlgui
2015-05-10 12:42:33 qt5-script
2015-05-10 12:42:33 qt5-svg
2015-05-10 12:42:33 sonnet
2015-05-10 12:42:34 frameworkintegration
2015-05-10 12:42:34 kactivities-frameworks
2015-05-10 12:42:34 kapidox
2015-05-10 12:42:34 kcmutils
2015-05-10 12:42:34 kdeclarative
2015-05-10 12:42:34 kded
2015-05-10 12:42:34 kinit
2015-05-10 12:42:34 kio
2015-05-10 12:42:34 kpackage
2015-05-10 12:42:34 kplotting
2015-05-10 12:42:34 kunitconversion
2015-05-10 12:42:34 qt5-location
2015-05-10 12:42:34 qt5-sensors
2015-05-10 12:42:34 qt5-webchannel
2015-05-10 12:42:35 kdelibs4support
2015-05-10 12:42:35 kdesignerplugin
2015-05-10 12:42:35 kdesu
2015-05-10 12:42:35 kdewebkit
2015-05-10 12:42:35 kemoticons
2015-05-10 12:42:35 kitemmodels
2015-05-10 12:42:35 kparts
2015-05-10 12:42:35 kpty
2015-05-10 12:42:35 qt5-webkit
2015-05-10 12:42:36 kdnssd
2015-05-10 12:42:36 kdoctools
2015-05-10 12:42:36 khtml
2015-05-10 12:42:36 kidletime
2015-05-10 12:42:36 kimageformats
2015-05-10 12:42:36 kjs
2015-05-10 12:42:36 kjsembed
2015-05-10 12:42:36 kmediaplayer
2015-05-10 12:42:36 knewstuff
2015-05-10 12:42:36 knotifyconfig
2015-05-10 12:42:36 kpeople
2015-05-10 12:42:36 kross
2015-05-10 12:42:36 qt5-quickcontrols
2015-05-10 12:42:37 krunner
2015-05-10 12:42:37 ktexteditor
2015-05-10 12:42:37 kxmlrpcclient
2015-05-10 12:42:37 man-pages
2015-05-10 12:42:37 modemmanager-qt
2015-05-10 12:42:37 plasma-framework
2015-05-10 12:42:37 threadweaver
2015-05-10 12:42:38 networkmanager-qt
2015-05-10 12:42:38 qt5-graphicaleffects
2015-05-10 12:42:38 qt5-imageformats
2015-05-10 12:42:38 qt5-multimedia
2015-05-10 12:42:38 qt5-quick1
2015-05-10 12:42:38 qt5-tools
2015-05-10 12:42:38 qt5-translations
2015-05-10 12:42:40 qt5-websockets
2015-05-10 12:42:41 vlc
2015-05-10 12:43:19 plasma-applet-network-monitor-git
2015-05-10 12:43:33 plasma-applet-weather-widget-git
2015-05-10 17:21:29 baloo
2015-05-10 17:21:29 bluedevil
2015-05-10 17:21:29 bluez-qt
2015-05-10 17:21:29 kfilemetadata
2015-05-10 17:21:30 kdecoration
2015-05-10 17:21:30 ttf-oxygen
2015-05-10 17:21:32 breeze
2015-05-10 17:21:32 breeze-kde4
2015-05-10 17:21:32 drkonqi
2015-05-10 17:21:32 kde-cli-tools
2015-05-10 17:21:32 kde-gtk-config
2015-05-10 17:21:33 kdeplasma-addons
2015-05-10 17:21:33 khelpcenter
2015-05-10 17:21:33 kwayland
2015-05-10 17:21:34 libkscreen
2015-05-10 17:21:34 libksysguard
2015-05-10 17:21:34 milou
2015-05-10 17:21:34 plasma-workspace
2015-05-10 17:21:35 khotkeys
2015-05-10 17:21:35 kinfocenter
2015-05-10 17:21:35 kio-extras
2015-05-10 17:21:35 kmenuedit
2015-05-10 17:21:37 kscreen
2015-05-10 17:21:37 ksshaskpass
2015-05-10 17:21:37 ksysguard
2015-05-10 17:21:38 kwin
2015-05-10 17:21:38 kwrited
2015-05-10 17:21:38 oxygen
2015-05-10 17:21:39 oxygen-cursors
2015-05-10 17:21:39 oxygen-kde4
2015-05-10 17:21:39 plasma-desktop
2015-05-10 17:21:39 polkit-kde-agent
2015-05-10 17:21:39 powerdevil
2015-05-10 17:21:39 systemsettings
2015-05-10 17:21:40 plasma-mediacenter
2015-05-10 17:21:40 plasma-nm
2015-05-10 17:21:42 plasma-workspace-wallpapersOffline
#4 2015-05-24 13:34:12
- adventurer
- Member
- Registered: 2014-05-04
- Posts: 119
Re: [SOLVED] Start of AppArmor profiles failed
Problem solved. The profile for syslog-ng (which comes with the apparmor package) obviously had syntax errors which prevented that all profiles were parsed correctly by AppArmor during the boot process. After removing this specific profile (I still have to evaluate what exactly is wrong in its code) all is well. I'm only surprised that his problem hadn't come up from the beginning ...
Offline