FS#65847 - [apparmor] service fails to start in version 2.13.4-1: "Invalid capability net_bind_service"

Attached to Project: Arch Linux
Opened by Jonas Witschel (diabonas) - Sunday, 15 March 2020, 23:03 GMT
Last edited by David Runge (dvzrv) - Monday, 16 March 2020, 09:41 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To David Runge (dvzrv)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Since upgrading to apparmor 2.13.4-1 in [testing], starting apparmor.service fails with the following error message:

[...]
AppArmor parser error for /etc/apparmor.d/usr.sbin.winbindd in /etc/apparmor.d/abstractions/nis at line 14: Invalid capability net_bind_service.
Error: /etc/apparmor.d/usr.sbin.winbindd failed to load
Main process exited, code=exited, status=1/FAILURE
Failed with result 'exit-code'.
Failed to start Load AppArmor profiles.

As a result, no AppArmor profiles can be loaded and all applications are running unconstrained.

Applying "rules.patch" taken from the upstream bug report https://gitlab.com/apparmor/apparmor/issues/74 in the PKGBUILD fixes the issue.

Additional info:
* apparmor 2.13.4-1

Steps to reproduce:
- Install apparmor.
- Execute "systemctl start apparmor.service", which fails with "Job for apparmor.service failed because the control process exited with error code."
- Execute "systemctl status apparmor.service" to observe the error messages reported above.
This task depends upon

Closed by  David Runge (dvzrv)
Monday, 16 March 2020, 09:41 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed with apparmor 2.13.4-2
Comment by David Runge (dvzrv) - Monday, 16 March 2020, 09:02 GMT
@diabonas: Thanks for the report and investigation!

The above mentioned patch also fixes problems with most of the tests. I've commented upstream and included the patch for now so we can get this out.

Loading...