[Bug 1015249] New: libapparmor[1093]: Can't create cache directory '/etc/apparmor.d/cache': File exists
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249 Bug ID: 1015249 Summary: libapparmor[1093]: Can't create cache directory '/etc/apparmor.d/cache': File exists Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor Assignee: suse-beta@cboltz.de Reporter: Ulrich.Windl@rz.uni-regensburg.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- During boot the journal is filled with multiple errors like this (in 42.1 this was not present): Dec 13 07:59:22 linux-n9gv libapparmor[1117]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:22 linux-n9gv libapparmor[1121]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:22 linux-n9gv libapparmor[1131]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:23 linux-n9gv libapparmor[1149]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:23 linux-n9gv libapparmor[1154]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:23 linux-n9gv libapparmor[1161]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:23 linux-n9gv libapparmor[1173]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:23 linux-n9gv libapparmor[1180]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1184]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1189]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1200]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1204]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1208]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1218]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1226]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1237]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:24 linux-n9gv libapparmor[1253]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:25 linux-n9gv libapparmor[1285]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:25 linux-n9gv libapparmor[1289]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:25 linux-n9gv libapparmor[1320]: Can't create cache directory '/etc/apparmor.d/cache': File exists Dec 13 07:59:25 linux-n9gv libapparmor[1342]: Can't create cache directory '/etc/apparmor.d/cache': File exists I think this kind of problem should NOT be logged. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249#c1
--- Comment #1 from Ulrich Windl
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249#c2
--- Comment #2 from Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249#c3
--- Comment #3 from Ulrich Windl
The next AppArmor update for Leap (which I'm preparing right now) will delete the /etc/apparmor.d/cache symlink. It will be recreated as "real" directory so that the cache no longer depends on having /var/ mounted.
Why not fix the mount/execution order? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249#c5
--- Comment #5 from Christian Boltz
/var is from BtrFS (/var/lib/machines is a subvolume mount of the same device). Jan 02 07:53:24 linux-n9gv kernel: AppArmor: AppArmor initialized Jan 02 07:53:45 linux-n9gv systemd[1]: var.mount: Directory /var to mount over is not empty, mounting anyway.
That explains it.
So blame systemd for that?
I have "better" things to blame systemd for ;-) but they are slightly OT here. In this case, AppArmor doesn't specify a dependency on local-fs, so I'm not too surprised about the order.
Why not fix the mount/execution order?
Because AppArmor profiles should be loaded as early as possible. If a process was started before loading its AppArmor profile, it will run unconfined forever - you can't "apply" an AppArmor profile on it. (Well, at least unless you restart it, but that results in a new process.) Note that reloading profiles is different - if a process is already running with AppArmor confinement, the updated profile will be used for it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249#c7
--- Comment #7 from Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249
http://bugzilla.opensuse.org/show_bug.cgi?id=1015249#c8
Christian Boltz
participants (1)
-
bugzilla_noreply@novell.com