Ubuntu 服务 apparmor 无法启动

Ubuntu 服务 apparmor 无法启动
ss@ss-System:~$ sudo service apparmor start
[sudo] password for ss: 
 * Starting AppArmor profiles                                                   Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
                                                                         [ OK ]
ss@ss-System:~$ service --status-all
 [ + ]  acpid
 [ - ]  anacron
 [ - ]  apparmor
 [ ? ]  apport
 [ - ]  avahi-daemon
 [ ? ]  binfmt-support
 [ - ]  bluetooth
 [ + ]  clamav-freshclam
 [ ? ]  console-setup
 [ + ]  cron
 [ ? ]  cryptdisks
 [ ? ]  cryptdisks-early
 [ - ]  cups
 [ - ]  cups-browsed
 [ - ]  dbus
 [ ? ]  dns-clean
 [ + ]  dnscrypt-proxy
 [ + ]  friendly-recovery
 [ - ]  grub-common
 [ ? ]  iptables-persistent
 [ ? ]  irqbalance
 [ + ]  kerneloops
 [ ? ]  killprocs
 [ ? ]  kmod
 [ ? ]  lightdm
 [ ? ]  networking
 [ ? ]  ondemand
 [ ? ]  pppd-dns
 [ - ]  procps
 [ - ]  pulseaudio
 [ ? ]  rc.local
 [ + ]  resolvconf
 [ + ]  saned
 [ ? ]  sendsigs
 [ ? ]  speech-dispatcher
 [ - ]  sudo
 [ ? ]  thermald
 [ - ]  udev
 [ ? ]  umountfs
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  unattended-upgrades
 [ - ]  urandom
 [ - ]  x11-common
ss@ss-System:~$ sudo service apparmor status
apparmor module is loaded.
17 profiles are loaded.
17 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/evince
   /usr/bin/evince-previewer
   /usr/bin/evince-previewer//sanitized_helper
   /usr/bin/evince-thumbnailer
   /usr/bin/evince-thumbnailer//sanitized_helper
   /usr/bin/evince//sanitized_helper
   /usr/bin/freshclam
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/cups/backend/cups-pdf
   /usr/lib/lightdm/lightdm-guest-session
   /usr/lib/lightdm/lightdm-guest-session//chromium
   /usr/sbin/cups-browsed
   /usr/sbin/cupsd
   /usr/sbin/dnscrypt-proxy
   /usr/sbin/tcpdump
0 profiles are in complain mode.
3 processes have profiles defined.
3 processes are in enforce mode.
   /usr/bin/freshclam (1268) 
   /usr/sbin/dnscrypt-proxy (861) 
   /usr/sbin/dnscrypt-proxy (931) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

答案1

检查apparmor的状态需要 root 权限:

$ aa-status                   
apparmor module is loaded.
You do not have enough privilege to read the profile set.
$ echo $?
4
$ sudo aa-status | head
apparmor module is loaded.
65 profiles are loaded.
32 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/evince
   /usr/bin/evince-previewer
   /usr/bin/evince-previewer//sanitized_helper
   /usr/bin/evince-thumbnailer
   /usr/bin/evince-thumbnailer//sanitized_helper
   /usr/bin/evince//sanitized_helper

aa-status是执行 时运行的命令service apparmor status。由于您在service --status-all没有 的情况下运行sudo,因此检查失败,状态为负面。

相关内容