You have been subscribed to a public bug:
Trying to enforce an apparmor profile on a newly installed Ubuntu 24.04
server (ubuntu-24.04-live-server-amd64.iso, updated and rebooted)
results in the following
# aa-enforce podman
ERROR: Operation {'runbindable'} cannot have a source. Source =
AARE('/')
Searching for runbindable in /etc/apparmor.d shows this
# grep -r "runbindable*/*" /etc/apparmor.d
/etc/apparmor.d/abstractions/passt: mount options=(rw, runbindable) /,
# aa-logprof
ERROR: Operation {'runbindable'} cannot have a source. Source =
AARE('/')
# aa-disable passt
ERROR: Operation {'runbindable'} cannot have a source. Source =
AARE('/')
# aa-status --filter.profiles=podman
apparmor module is loaded.
98 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 profiles are in prompt mode.
0 profiles are in kill mode.
1 profiles are in unconfined mode.
podman
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
Unable to enforce/disable profiles using aa-enforce/aa-disable
https://bugs.launchpad.net/bugs/2079019
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
