This is a side effect of linux personalities. When booting on an ia32 machine hardy has the READ_IMPLIES_EXEC flag set in its personality. This causes an mmap for read permission to also ask for PROT_EXEC, which causes the extra 'm' request seen above. Ubuntu by default is mounting several things as nosuid which has the side effect of clearing the READ_IMPLIES_EXEC flag when a user logs in. This flag stays cleared even when the user sudo's, so starting the service from sudo is not asking for the extra 'm' permission.
If you enable the root account and log directly into root and try to start the given services, you will see the same reject as at boot. There are several way to fix this: - just stick the 'm' permission in the AppArmor profiles. This is pretty much required for ia32 machines that don't support noexec in the mmu - set the personality at boot so that READ_IMPLIES_EXEC is cleared. - don't use the nosuid mount option -- apparmor broken after reboot on i386 https://bugs.launchpad.net/bugs/202161 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs