Is there anymore info for this? Any kernel messages? >From the error itself we can determine The parser has root/admin privileges as it passed an early check for that without giving an error. It was able to open the kernel interface to remove the profile. The likely error here is that it is not policy_admin_capable in the current namespace (ie. container).
AppArmor would log a message to the kernel that the task does not have cap MAC_ADMIN if this is the case. If this is the case the container will need to be setup to have that capability. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1991141 Title: parser fails to unload profile via "aa-disable" on autopkgtest.u.c (armhf) - "Permission denied" Status in apparmor package in Ubuntu: New Status in django-auth-ldap package in Ubuntu: New Status in volatildap package in Ubuntu: New Bug description: This bug affects django-auth-ldap and other packages that call "aa- disable" in a dep8 test. For some reason that I wasn't able to determine, the command fails when it's executed on autopkgtest.ubuntu.com, but only when run on armhf. The error looks like this: ERROR: /sbin/apparmor_parser: Unable to remove "/usr/sbin/slapd". Permission denied; attempted to load a profile while confined? Disabling /usr/sbin/slapd. https://autopkgtest.ubuntu.com/results/autopkgtest- kinetic/kinetic/armhf/d/django-auth-ldap/20220927_015039_0a1ae@/log.gz I wasn't able to reproduce the problem. I believe it's something specific to how autopkgtest.u.c launches the armhf containers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1991141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
