在新安装的 Ubuntu 上,只添加了几个软件包,尝试重新启动 apparmor 后,它不再启动,并且所有配置文件都出现相同的错误
-- Unit apparmor.service has begun starting up.
Jan 14 17:36:24 panel apparmor[1922]: * Starting AppArmor profiles
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/sbin.dhclient in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/lxc-containers in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.bin.lxc-start in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.lib.lxd.lxd-bridge-proxy in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.lib.snapd.snap-confine.real in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.sbin.tcpdump in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/lxc-containers in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/sbin.dhclient in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.bin.lxc-start in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.lib.lxd.lxd-bridge-proxy in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.lib.snapd.snap-confine.real in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Jan 14 17:36:24 panel apparmor[1922]: AppArmor parser error for /etc/apparmor.d/usr.sbin.tcpdump in /etc/apparmor.d/tunables/kernelvars at line 16: syntax error, unexpected TOK_SET_VAR, expecting TOK_END_OF_RULE
Jan 14 17:36:24 panel apparmor[1922]: ...fail!
Jan 14 17:36:24 panel systemd[1]: apparmor.service: Control process exited, code=exited status=123
Jan 14 17:36:24 panel systemd[1]: Failed to start LSB: AppArmor initialization.
如果我在 kernelvars 中注释掉一行,下一行 @{tid} 就会出错。注释掉所有行,会在另一个设置变量的文件中出错。我该如何修复它?
答案1
使用时apparmor_parser -qp /etc/apparmor.d/sbin.dhclient我发现错误来自于之前加载的配置文件/etc/apparmor.d/tunables/alias,该配置文件末尾没有逗号(添加 mysql lib 别名后没有注意)。