从 Ubuntu 14.04 跳转到 19.04,一切都正常,直到我开始收到错误消息,指出无法在‘tunables/global/’第 17 行打开‘tunables/proc’:
error: cannot perform the following tasks:
- Setup snap "core" (7917) security profiles (cannot setup apparmor for snap "core": cannot create host snap-confine apparmor configuration: cannot reload snap-confine apparmor profile: cannot load apparmor profiles: exit status 1
apparmor_parser output:
AppArmor parser error for /var/lib/snapd/apparmor/profiles/snap-confine.core.7917 in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
)
- Setup snap "core" (7917) security profiles (cannot create host snap-confine apparmor configuration: cannot reload snap-confine apparmor profile: cannot load apparmor profiles: exit status 1
apparmor_parser output:
AppArmor parser error for /var/lib/snapd/apparmor/profiles/snap-confine.core.7917 in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
)
和
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default031282080` failed with output: AppArmor parser error for /var/lib/docker/tmp/docker-default031282080 in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
error: exit status 1.
我一直在关注有关“tunables/proc”和“tunables/global”的古怪 apparmor 问题的各种兔子洞。我尝试重新安装 Ubuntu 18.04,手动从apparmor 源文件到系统上的相应目录。
我很困惑。我该如何解决这个问题?
Systemctl AppArmor 状态:
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2019-10-24 11:41:59 UTC; 31min ago
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
Main PID: 1669 (code=exited, status=1/FAILURE)
Oct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/nvidia_modprobe in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
Oct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/sbin.dhclient in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
Oct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/usr.bin.man in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
Oct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/usr.lib.snapd.snap-confine.real in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
Oct 24 11:41:59 caligula apparmor.systemd[1669]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Oct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/usr.sbin.tcpdump in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
Oct 24 11:41:59 caligula apparmor.systemd[1669]: Error: At least one profile failed to load
Oct 24 11:41:59 caligula systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Oct 24 11:41:59 caligula systemd[1]: apparmor.service: Failed with result 'exit-code'.
Oct 24 11:41:59 caligula systemd[1]: Failed to start Load AppArmor profiles.
ubuntu@caligula:~/apparmor-2.10.95/profiles$
答案1
当我将加密系统移动到具有更高存储容量的新 SSD 时,这种情况就发生在我身上。rsync似乎错过了它 :(
我通过创建无法找到的文件解决了这个问题:
/etc/apparmor.d/tunables/proc
使用默认内容(有趣的是,在 /proc 中搜索可调参数文件夹时,在一个旧文件中找到):
# Copyright (C) 2012 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# @{PROC} is the location where proc is mounted.
@{PROC}=/proc/
因此对于 Linux 新手来说命令如下:
cd /etc/apparmor.d/tunables
sudo nano proc
然后复制粘贴默认值,control + x然后y按 Enter 保存。