Daniel responded on irc and said after several reboots with the new
apparmor, everything was fine on every boot (though his critical-chain
has var.lib.mount listed).
My attached systemd-analyze plot svg shows that apparmor.service is
indeed starting after var.lib.mount on the VM where the critical-chain
didn't show it or zfs. On irc Didier thought that critical-chain would
only list the longest path to apparmor.service starting and may not show
everything (the man page isn't clear on this point IMHO).
Based on all of this, I'm going to tentatively mark the zsys task back
to Invalid. If people continue to see this bug, we can reopen as
necessary (in which case it might be a systemd task for not generating
the mount units/requires/after correctly/in a race-free manner or it
might indicate zfs initialization is perhaps slow and apparmor.service
is starting before var.lib.mount is generated (and therefore
RequiresMountsFor is satisfied. Or it is something else ;)
** Changed in: zsys (Ubuntu Focal)
Status: New => Invalid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to zsys in Ubuntu.
https://bugs.launchpad.net/bugs/1871148
Title:
services start before apparmor profiles are loaded
Status in AppArmor:
Invalid
Status in apparmor package in Ubuntu:
Fix Released
Status in zsys package in Ubuntu:
Invalid
Status in apparmor source package in Focal:
Fix Released
Status in zsys source package in Focal:
Invalid
Bug description:
Per discussion with Zyga in #snapd on Freenode, I have hit a race
condition where services are being started by the system before
apparmor has been started. I have a complete log of my system showing
the effect somewhere within at https://paste.ubuntu.com/p/Jyx6gfFc3q/.
Restarting apparmor using `sudo systemctl restart apparmor` is enough
to bring installed snaps back to full functionality.
Previously, when running any snap I would receive the following in the
terminal:
---
cannot change profile for the next exec call: No such file or directory
snap-update-ns failed with code 1: File exists
---
Updated to add for Jamie:
$ snap version
snap 2.44.2+20.04
snapd 2.44.2+20.04
series 16
ubuntu 20.04
kernel 5.4.0-21-generic
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
