This seems to have regressed in karmic recently (it still worked in
alpha-5 at least). Now we ship quite a fair bunch of apparmor profiles,
and none work on the live system:
[ 315.217585] type=1503 audit(1253718188.795:69): operation=open pid=4505
parent=4504 profile=/usr/sbin/cupsd
crakarjax [2008-05-18 1:54 -]:
setting to complain worked but I noticed that the bug was marked as
fixed in casper, so I thought I'd chime in.
Thanks. However, casper only affects the live CD system, and casper's
workaround is to disable AppArmor on it. The actual bug in AA is still
open.
I think that I just ran into this problem when upgrading to 8.04 to 7.10
on my usb stick...
Preconfiguring packages ...
Setting up cupsys (1.3.2-1ubuntu7.7) ...
Reloading AppArmor profiles Skipping profile
/etc/apparmor.d/usr.sbin.cupsd.dpkg-old
: Warning.
* Starting Common Unix Printing
** Summary changed:
- fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd)
+ fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd - usb
Vincent can you attach your /var/log/messages if present
/var/log/audit/audit.log
--
fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd)
https://bugs.launchpad.net/bugs/131976
You received this bug notification
Hmm, I think I got a similar problem:
===
Setting up mysql-server-5.0 (5.0.51a-1ubuntu1) ...
* Stopping MySQL database server mysqld
/usr/sbin/mysqld: error while loading shared libraries:
/lib/tls/i686/cmov/libc.so.6: cannot apply additional memory
** Tags added: qa-hardy-desktop
** Tags removed: qa-hardy-list
--
fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd)
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a
** Tags added: qa-hardy-list
--
fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd)
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug
sudo aa-complain /usr/sbin/cupsd/ sort of fixes the problem, but I
suspect only partially.
The error:
There was a problem committing changes. Possibly there was a problem
downloading some packages or the commit would break packages.
goes away, but if I look in the log, I still get:
Setting up
Just wanted to thank Christopher Barth - this fix worked flawlessly.
Except that final slash was not needed for me.
This issue was a real pain for me...
Cheers to persistent USB community :)
--
fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work
Thanks for the welcome, as bittersweet as it is. Just to confirm, 'sudo
aa-complain cupsd' fixed my problem, so thanks for that as well.
On on unrelated note be sure to pin your upstart at edgy.
I looked into this issue from this suggestion, but it doesn't seem that I'm
having this problem. I
@aselya1 Welcome to the world of persistent USB where when things get rebroken
noone notices.
'sudo aa-complain /usr/sbin/cupsd/' will fix your problem super fast.
On on unrelated note be sure to pin your upstart at edgy.
--
fails to start: cannot apply additional memory protection after
I was really happy to see that someone else had this problem and that
its being worked on. Can I ask, what would be the workaround in the
meantime to get apt-get/synaptic to work? Mathias' update-rc.d
suggestion above didn't seem to solve the problem... It appears apt just
starts AppArmor anyway
** Changed in: apparmor (Ubuntu)
Importance: Medium = Wishlist
--
fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd)
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a
** Summary changed:
- fails to start: cannot apply additional memory protection after relocation
+ fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd)
--
fails to start: cannot apply additional memory protection
casper (1.102) gutsy; urgency=low
* Rename 42disable_cups_apparmor to 42disable_apparmor and remove AppArmor's
rc.d startup links instead of just disabling the cups profile. AA profiles
will not generally work on the live system, so disabling it completely
allows us to ship more
Mathias, good idea. Then we should also able to deliver the profile for
dhclient.
** Changed in: casper (Ubuntu)
Status: Fix Released = In Progress
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You received this bug
This will be a problem for every profiles that would be shipped by
packages on the livecd. Why not completly disabling apparmor on the live
cd with update-rc.d -f apparmor remove ?
--
fails to start: cannot apply additional memory protection after relocation
casper (1.101) gutsy; urgency=low
* Add scripts/casper-bottom/42disable_cups_apparmor: Disable AppArmor
protection for cups on the live CD by switching the profiles to complain
mode. This is necessary until AppArmor works properly on stacked file
systems. (LP: #131976)
-- Martin
Feasible yes, but too clumsy IMHO. Instead I'll just set the profiles to
complain mode on the live CD, that's a good enough workaround IMHO.
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You received this bug notification
I just played around with this a bit. It is not enough to add just two
or three prefixes here and there to work around the problem, it needs
dozens. So it would be utterly preferable to get this fixed in apparmor
proper.
--
fails to start: cannot apply additional memory protection after
I'll create a casper hook with:
sed -i '/{/ s/{/flags=(complain) {/' /etc/apparmor.d/usr.sbin.cupsd
** Changed in: casper (Ubuntu)
Sourcepackagename: cupsys = casper
Status: Triaged = In Progress
--
fails to start: cannot apply additional memory protection after relocation
While I agree this is something needs to address with mount rules, I
can't give an eta for when it will happen.
In the mean time is it feasible to use variables so the prefixes can be
all added in one place?
--
fails to start: cannot apply additional memory protection after relocation
For both of these cases, if you look in /var/log/messages you can see
that AppArmor is rejecting access to
/rofs/lib/tls/i686/cmov/libc-2.6.1.so
A simple fix is to update the profiles to use
{/rofs,/cow,}/lib/tls/i686/cmov/*.so
AppArmor can block access to stacked filesystem paths depending on
** Tags added: iso-testing
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Printing does not work with the Gutsy Tribe 5 live CD fully updated.
'sudo cupsd -f' and 'sudo /etc/init.d/cupsys start' both crashes.
In folder /var/log/cups there is only one empty file cups-pdf_log, no error_log.
--
fails to start: cannot apply additional memory protection after relocation
Jonathan gets that, too.
** Summary changed:
- package cupsys 1.2.12-3ubuntu2 failed to install/upgrade: subprocess
post-installation script returned error exit status 127
+ fails to start: cannot apply additional memory protection after relocation
** Changed in: cupsys (Ubuntu)
Importance:
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact
Ah, this only happens on the live system. Apparmor seems to stuble over
the /rofs and /cow prefixes.
** Changed in: cupsys (Ubuntu)
Status: Incomplete = Triaged
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You
Preferably this should be fixed in apparmor itself, layered file systems
like unionfs and squashfs with underlying different prefixes shouldn't
break AppArmor rules.
A shy workaround in cups itself would be to install a casper hook to
disable cups' apparmor protection on the live CD.
** Changed
30 matches
Mail list logo