Here is an 'sudo systemd-analyze plot > ./1871148-vm-no-varlib- mount.svg' on a focal VM that reports the following critical-chain:
$ sudo systemd-analyze critical-chain apparmor.service The time when unit became active or started is printed after the "@" character. The time the unit took to start is printed after the "+" character. apparmor.service +222ms └─local-fs.target @2.562s └─run-user-122.mount @4.834s └─swap.target @1.687s └─dev-disk-by\x2duuid-f5ea22a0\x2de078\x2d4d8e\x2d9412\x2d1fad2171a080.swap @1.663s +24ms └─dev-disk-by\x2duuid-f5ea22a0\x2de078\x2d4d8e\x2d9412\x2d1fad2171a080.device @1.662s Note that var.lib.mount is *not* listed in the critical chain. In the svg, we see: zfs-load-module.service (3ms) zfs-import-cache.service (268ms) zfs-import.target ... var-lib.mount (156ms) ... zfs-volume-wait.service (235ms) ... zfs-volumes.target ... zfs-mount.service (66ms) local-fs.target apparmor.service (222ms) ... Maybe everything is fine but critical-chain has a bug? ** Attachment added: "1871148-vm-no-varlib-mount.svg" https://bugs.launchpad.net/apparmor/+bug/1871148/+attachment/5349686/+files/1871148-vm-no-varlib-mount.svg -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1871148 Title: services start before apparmor profiles are loaded Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Fix Released Status in zsys package in Ubuntu: New Status in apparmor source package in Focal: Fix Released Status in zsys source package in Focal: New Bug description: Per discussion with Zyga in #snapd on Freenode, I have hit a race condition where services are being started by the system before apparmor has been started. I have a complete log of my system showing the effect somewhere within at https://paste.ubuntu.com/p/Jyx6gfFc3q/. Restarting apparmor using `sudo systemctl restart apparmor` is enough to bring installed snaps back to full functionality. Previously, when running any snap I would receive the following in the terminal: --- cannot change profile for the next exec call: No such file or directory snap-update-ns failed with code 1: File exists --- Updated to add for Jamie: $ snap version snap 2.44.2+20.04 snapd 2.44.2+20.04 series 16 ubuntu 20.04 kernel 5.4.0-21-generic To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp