Join Log in
Score:1
Lucas Holt avatar Ubuntu

How do I repair an ubuntu install with apparmor running forever at startup?

cl flag
Lucas Holt

I tried to upgrade an Ubuntu 22.04.2 LTS install to 23.04 last night. Upon reboot, the system will hang trying to start AppArmor. I found a few posts in the past about disabling app armor from starting in recovery mode. I also can't boot into recovery mode (same behavior). I've tried systemd.mask=apparmor.service on grub screen with recovery mode as suggested on old threads with no luck. When I say it hangs, I let it go overnight and it ran for 9 hours with no end in sight.

I was thinking about booting an ubuntu installer on a flash drive and then trying to repair that way. I thought about trying to chroot the file system on the SSD and see if I can cleanup some old apps and make sure everything got updated. Is that the right approach? Is there a way to disable AppArmor from the mounted filesystem so it doesn't startup?

I saw two warnings during the install about samba and ntpd config files recommending a reboot, but nothing else that seemed out of place.

I did have a fair number of snaps and one flatpak installed on this system going into it.

270
2 + 4
user535733 avatar
cn flag
user535733
"*tried to upgrade an Ubuntu 22.04.2 LTS install to 23.04*" The question should include the steps you used for this, as there is no supported one-step method to accomplish it.
1
Reply
Lucas Holt avatar
cl flag
Lucas Holt
Recovery mode has the exact same behavior as a regular boot. App Armor runs forever.
0
Reply
guiverc avatar
cn flag
guiverc
There is one currently supported upgrade path from 22.04; to the next release which is Ubuntu 22.10. There is **no supported** upgrade path currently from 22.04 to 23.04; so please clarify how you upgraded, as you're outside of the *supported* & fully tested upgrade paths.
0
Reply
Lucas Holt avatar
cl flag
Lucas Holt
I upgraded using this guide. https://jumpcloud.com/blog/how-to-upgrade-ubuntu-22-04-to-ubuntu-23-04
0
Reply
Score:1
Lucas Holt avatar Ubuntu
cl flag
Lucas Holt

To fix this, I had to boot off the ubuntu installer USB image for 23.04, mount the file system the OS is installed on with sudo mount /dev/nvme0n1p2 /mnt, run chroot /mnt, edit /etc/resolv.conf to add a valid DNS server,

sudo apt update; sudo apt upgrade; sudo apt dist-upgrade

Then I disabled AppArmor sudo systemctl disable apparmor.service

After rebooting, the system came up fine.

+ 2
user535733 avatar
cn flag
user535733
Does AppArmor work properly now when re-enabled?
1
Reply
Lucas Holt avatar
cl flag
Lucas Holt
It didn't initially. I had to reinstall app armor and several of it's dependencies, remove some old configs from previous installs, and reinstall snap related stuff to get it back.
1
Reply
Score:0
Roman Divacky avatar Ubuntu
ne flag
Roman Divacky

I experienced the same. It's stuck in kernel. It creates a bunch of processes like this:

root@lenovo:/home/roman# ps axlwww | grep apparmor
4     0   30504       1  20   0   2732  1664 do_wai Ss   ?          0:00 /bin/sh /lib/apparmor/apparmor.systemd reload
1     0   30513       1  20   0  38444 27520 aa_rep D    ?          0:01 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d
0     0   30677   30504  20   0  11044  1792 do_wai S    ?          0:00 xargs -n1 -0r -P 12 /sbin/apparmor_parser --write-cache --replace --
0     0   30691   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/lsb_release
0     0   30694   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/nvidia_modprobe
1     0   30697   30691  20   0  12420  1668 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/lsb_release
1     0   30700   30694  20   0  12420  1668 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/nvidia_modprobe
0     0   30703   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/sbin.dhclient
1     0   30706   30703  20   0  12552  1796 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/sbin.dhclient
0     0   30709   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.bin.evince
0     0   30712   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.bin.man
1     0   30713   30709  20   0  39812 28004 -      R    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.bin.evince
0     0   30714   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.bin.tcpdump
1     0   30717   30712  20   0  12412  1668 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.bin.man
1     0   30718   30714  20   0  12544  1796 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.bin.tcpdump
0     0   30719   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.ioquake3.ioq3ded
0     0   30723   30677  20   0  12332  3328 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.ioquake3.ioquake3
1     0   30725   30719  20   0  12412  1668 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.ioquake3.ioq3ded
0     0   30726   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.oosplash
1     0   30729   30723  20   0  12556  1796 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.ioquake3.ioquake3
0     0   30730   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.senddoc
1     0   30733   30726  20   0  12412  1668 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.oosplash
1     0   30734   30730  20   0  12412  1668 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.senddoc
0     0   30735   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
1     0   30738   30735  20   0  14572  2820 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
0     0   30739   30677  20   0  12332  3200 do_wai S    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.xpdfimport
1     0   30744   30739  20   0  12412  1540 aa_rep D    ?          0:00 /sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d/usr.lib.libreoffice.program.xpdfimport
root@lenovo:/home/roman# cat /proc/30697/wchan
aa_replace_profiles

So it's sleeping on wchan "aa_replace_profiles".

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.