[Desktop-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

Wed, 08 Apr 2020 09:02:24 -0700 

Daniel responded on irc and said after several reboots with the new
apparmor, everything was fine on every boot (though his critical-chain
has var.lib.mount listed).

My attached systemd-analyze plot svg shows that apparmor.service is
indeed starting after var.lib.mount on the VM where the critical-chain
didn't show it or zfs. On irc Didier thought that critical-chain would
only list the longest path to apparmor.service starting and may not show
everything (the man page isn't clear on this point IMHO).

Based on all of this, I'm going to tentatively mark the zsys task back
to Invalid. If people continue to see this bug, we can reopen as
necessary (in which case it might be a systemd task for not generating
the mount units/requires/after correctly/in a race-free manner or it
might indicate zfs initialization is perhaps slow and apparmor.service
is starting before var.lib.mount is generated (and therefore
RequiresMountsFor is satisfied. Or it is something else ;)

** Changed in: zsys (Ubuntu Focal)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to zsys in Ubuntu.
https://bugs.launchpad.net/bugs/1871148

Title:
  services start before apparmor profiles are loaded

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Fix Released
Status in zsys package in Ubuntu:
  Invalid
Status in apparmor source package in Focal:
  Fix Released
Status in zsys source package in Focal:
  Invalid

Bug description:
  Per discussion with Zyga in #snapd on Freenode, I have hit a race
  condition where services are being started by the system before
  apparmor has been started. I have a complete log of my system showing
  the effect somewhere within at https://paste.ubuntu.com/p/Jyx6gfFc3q/.
  Restarting apparmor using `sudo systemctl restart apparmor` is enough
  to bring installed snaps back to full functionality.

  Previously, when running any snap I would receive the following in the
  terminal:

  ---
  cannot change profile for the next exec call: No such file or directory
  snap-update-ns failed with code 1: File exists
  ---

  Updated to add for Jamie:

  $ snap version
  snap    2.44.2+20.04
  snapd   2.44.2+20.04
  series  16
  ubuntu  20.04
  kernel  5.4.0-21-generic

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to