Mailinglist Archive: kubic-bugs (19 mails)

< Previous Next >
[kubic-bugs] [Bug 1069906] Race: systemd remounts filesystems while apparmor loads profiles
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 27 Nov 2017 21:10:52 +0000
  • Message-id: <>

--- Comment #2 from Christian Boltz <suse-beta@xxxxxxxxx> ---
This is... interesting ;-)

John already explained the reason for the errors. Let me add that running
"rcapparmor reload" in the running system (when /var/lib/apparmor/ is
writeable) will also update the cache.

There are more interesting things: apparmor.service has
After=var.mount var-lib.mount
so I'd expect it to start late enough.
(Note that apparmor.service should start as early as possible - the profiles
have to be loaded before the programs they confine start.)

I also wonder about a few lines in your log, especially

Nov 27 10:11:02 localhost systemd[1]: var-lib-overlay.mount: Unit is bound to
inactive unit dev-vda2.device. Stopping, too.
Nov 27 10:11:02 localhost systemd[1]: Requested transaction contradicts
existing jobs: Transaction is destructive.
Nov 27 10:11:02 localhost systemd[1]: var-lib-overlay.mount: Failed to enqueue
stop job, ignoring: Transaction is destructive.

I don't know what these messages mean exactly, but (assuming/guessing that they
refer to an overlay mount for /var/lib/) they could be a part of the puzzle.

I never tried Kubic or Caas, therefore I can only guess what happens, and hope
that the above hints help you to understand the problem. If you have an idea
how to handle this (ideally without delaying loading the profiles), please tell
me ;-)

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >