is there an apparmor message in the kernel log? what about failed profile loads in the system log/journal? what is the kernel version?
apparmor does return ECHILD for change_hat when the profile doesn't have any child profiles. this code hasn't changed in a fairly long time, so the question becomes why doesn't the profile have a child profiles. potential reasons - the child profile failed to compile (system log) - the child profile failed to load (system log) - the load/replacement went to the wrong profile? Unlikely as this code hasn't changed in a long time. - the task is in the wrong profile (kernel log will show the profile logging the error). - the task is in the wrong scope (potential there has been some changes to scope recently) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2139664 Title: snap service cannot change apparmor hat To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2139664/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
