Did you change the apparmor profile to be in enforcing mode? By default it's in complain mode as far as I can see:
lrwxrwxrwx 1 root root 16 Jun 19 20:48 /etc/apparmor.d/force- complain/usr.sbin.sssd -> ../usr.sbin.sssd That being said, I can see at least one more missing rule, this time for the chown capability: [ 1690.540498] audit: type=1400 audit(1497905549.525:43): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/sssd" pid=9946 comm="sssd" capability=0 capname="chown" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689387 Title: SSSD Prevented from Notifying Systemd on Startup by Apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1689387/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
