issues removing apparmor

Z

Zanthius

Member
May 18, 2019
17
0
21
44
Hi all,

Seems at some point upgrading to 6.2-5 apparmor has installed itself again and is causing issues with clamav:

Code: 
Aug 18 10:12:48 MTA audit[9549]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/clamd" name="/var/spool/pmg/active/609115F3B2407EA27E" pid=9549 comm="clamd" requested_mask="r" denied_mask="r" fsuid=109 ouid=0
Aug 18 10:12:48 MTA clamd[9549]: /var/spool/pmg/active/609115F3B2407EA27E: Can't open file or directory ERROR
Aug 18 10:12:48 MTA clamd[9549]: SelfCheck: Database status OK.
Aug 18 10:12:48 MTA clamd[9549]: /var/spool/pmg/active/609115F3B2407EA27E: Can't open file or directory ERROR
Aug 18 10:12:48 MTA kernel: audit: type=1400 audit(1597711367.996:654): apparmor="DENIED" operation="open" profile="/usr/sbin/clamd" name="/var/spool/pmg/active/609115F3B2407EA27E" pid=9549 comm="clamd" requested_mask="r" denied_mask="r" fsuid=109 ouid=0

I've gone through what I can think of to uninstall it, but the error still continues.
systemctl stop apparmor
systemctl disable apparmor
apt remove --assume-yes --purge apparmor
and rebooted the node.

Can anyone think of anything else to try?
 
If you've purged apparmor and rebooted those messages should not happen anymore
check the status of apparmor:
`dpkg -l |grep apparmor`

I hope this helps!
 
Thanks Stoiko,
I know, it's weird... I get this as a result to that command:
sudo dpkg -l |grep apparmor
ii libapparmor1:amd64 2.13.2-10 amd64 changehat AppArmor library
 
try to purge libapparmor1 as well?
Code: 
apt purge libapparmor1

(alternatively - out of curiosity - try running apt autoremove beforehand)
 
Autoremove gave me nothing:
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

trying to purge that library gives me the following:

$ sudo apt purge libapparmor1
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
glib-networking : Depends: gsettings-desktop-schemas but it is not going to be installed
libgtk-3-common : Depends: dconf-gsettings-backend but it is not going to be installed or
gsettings-backend
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
 
Zanthius said:
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
Click to expand...
what's the output of apt update ?

try removing glib-networking and libgtk-3-common - what's the output there?
 
Output of apt update:
Code: 
$ sudo apt update
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Hit:2 http://download.proxmox.com/debian/pmg buster InRelease
Hit:3 http://ftp.au.debian.org/debian buster InRelease
Get:4 http://ftp.au.debian.org/debian buster-updates InRelease [51.9 kB]
Fetched 117 kB in 11s (10.4 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.

The output from trying to remove glib-networking was a bit scary (i didn't go ahead with it as it looked like it would remove a pmg asset too)

Code: 
$ sudo apt remove glib-networking
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  adwaita-icon-theme at-spi2-core bubblewrap dconf-gsettings-backend dconf-service enchant gir1.2-atk-1.0 gir1.2-freedesktop gir1.2-gdkpixbuf-2.0 gir1.2-glib-2.0 gir1.2-javascriptcoregtk-4.0 gir1.2-pango-1.0
  glib-networking-common glib-networking-services gsettings-desktop-schemas gstreamer1.0-gl gstreamer1.0-libav gstreamer1.0-plugins-base gstreamer1.0-pulseaudio gstreamer1.0-x gtk-update-icon-cache hicolor-icon-theme
  hunspell-en-us i965-va-driver intel-media-va-driver libaa1 libaacs0 libaom0 libasound2 libasound2-data libass9 libasyncns0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libavahi-client3
  libavahi-common-data libavahi-common3 libavc1394-0 libavcodec58 libavfilter7 libavformat58 libavutil56 libbdplus0 libbluray2 libbrotli1 libbs2b0 libcaca0 libcairo-gobject-perl libcairo-gobject2 libcairo-perl
  libcdparanoia0 libchromaprint1 libcodec2-0.8.1 libcolord2 libcroco3 libcrystalhd3 libcups2 libdconf1 libdrm-amdgpu1 libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdv4 libegl-mesa0 libegl1 libenchant1c2a libepoxy0
  libfftw3-double3 libflac8 libflite1 libgbm1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgirepository-1.0-1 libgl1 libgl1-mesa-dri libglapi-mesa libglib-object-introspection-perl libglib-perl
  libglvnd0 libglx-mesa0 libglx0 libgme0 libgomp1 libgraphene-1.0-0 libgsm1 libgstreamer-gl1.0-0 libgstreamer-plugins-base1.0-0 libgstreamer1.0-0 libgtk-3-common libgudev-1.0-0 libharfbuzz-icu0 libhunspell-1.7-0
  libhyphen0 libice6 libiec61883-0 libigdgmm5 libjack-jackd2-0 libjavascriptcoregtk-4.0-18 libjbig0 libjpeg62-turbo libjson-glib-1.0-0 libjson-glib-1.0-common liblcms2-2 liblilv-0-0 liblzo2-2 libmp3lame0 libmpg123-0
  libmysofa0 libnorm1 libnotify4 libnuma1 libogg0 libopenjp2-7 libopenmpt0 libopus0 liborc-0.4-0 libpangoxft-1.0-0 libpciaccess0 libpgm-5.2-0 libpostproc55 libproxy1v5 libpulse0 libraw1394-11 librsvg2-2 librsvg2-common
  librubberband2 libsamplerate0 libsecret-1-0 libsecret-common libserd-0-0 libshine3 libshout3 libsm6 libsnappy1v5 libsndfile1 libsodium23 libsord-0-0 libsoxr0 libspeex1 libsratom-0-0 libssh-gcrypt-4 libswresample3
  libswscale5 libtag1v5 libtag1v5-vanilla libtheora0 libtiff5 libtwolame0 libv4l-0 libv4lconvert0 libva-drm2 libva-x11-2 libva2 libvdpau-va-gl1 libvdpau1 libvidstab1.1 libvisual-0.4-0 libvorbis0a libvorbisenc2
  libvorbisfile3 libvpx5 libwavpack1 libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 libwebp6 libwebpdemux2 libwebpmux3 libwoff1 libx11-xcb1 libx264-155 libx265-165 libxcb-dri2-0 libxcb-dri3-0
  libxcb-glx0 libxcb-present0 libxcb-sync1 libxcb-xfixes0 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 libxft2 libxi6 libxinerama1 libxkbcommon0 libxrandr2 libxshmfence1 libxt6 libxtst6 libxv1 libxvidcore4
  libxxf86vm1 libzmq5 libzvbi-common libzvbi0 mesa-va-drivers mesa-vdpau-drivers squashfs-tools va-driver-all vdpau-driver-all x11-common xdg-dbus-proxy
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  gir1.2-gtk-3.0 gir1.2-soup-2.4 gir1.2-webkit2-4.0 glib-networking gstreamer1.0-plugins-good libgtk-3-0 libgtk-3-bin libgtk3-perl libgtk3-webkit2-perl librest-0.7-0 libsoup-gnome2.4-1 libsoup2.4-1 libwebkit2gtk-4.0-37
  notification-daemon pmg-installer
0 upgraded, 0 newly installed, 15 to remove and 0 not upgraded.
After this operation, 74.0 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

Oh and the same thing for the libgtk-3-common:

Code: 
$ sudo apt remove libgtk-3-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  adwaita-icon-theme at-spi2-core bubblewrap enchant gir1.2-atk-1.0 gir1.2-freedesktop gir1.2-gdkpixbuf-2.0 gir1.2-glib-2.0 gir1.2-javascriptcoregtk-4.0 gir1.2-pango-1.0 gir1.2-soup-2.4 gstreamer1.0-gl gstreamer1.0-libav
  gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-pulseaudio gstreamer1.0-x gtk-update-icon-cache hicolor-icon-theme hunspell-en-us i965-va-driver intel-media-va-driver libaa1 libaacs0 libaom0 libasound2
  libasound2-data libass9 libasyncns0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libavahi-client3 libavahi-common-data libavahi-common3 libavc1394-0 libavcodec58 libavfilter7 libavformat58 libavutil56
  libbdplus0 libbluray2 libbrotli1 libbs2b0 libcaca0 libcairo-gobject-perl libcairo-gobject2 libcairo-perl libcdparanoia0 libchromaprint1 libcodec2-0.8.1 libcolord2 libcroco3 libcrystalhd3 libcups2 libdrm-amdgpu1
  libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdv4 libegl-mesa0 libegl1 libenchant1c2a libepoxy0 libfftw3-double3 libflac8 libflite1 libgbm1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common
  libgirepository-1.0-1 libgl1 libgl1-mesa-dri libglapi-mesa libglib-object-introspection-perl libglib-perl libglvnd0 libglx-mesa0 libglx0 libgme0 libgomp1 libgraphene-1.0-0 libgsm1 libgstreamer-gl1.0-0
  libgstreamer-plugins-base1.0-0 libgstreamer1.0-0 libgudev-1.0-0 libharfbuzz-icu0 libhunspell-1.7-0 libhyphen0 libice6 libiec61883-0 libigdgmm5 libjack-jackd2-0 libjavascriptcoregtk-4.0-18 libjbig0 libjpeg62-turbo
  libjson-glib-1.0-0 libjson-glib-1.0-common liblcms2-2 liblilv-0-0 liblzo2-2 libmp3lame0 libmpg123-0 libmysofa0 libnorm1 libnotify4 libnuma1 libogg0 libopenjp2-7 libopenmpt0 libopus0 liborc-0.4-0 libpangoxft-1.0-0
  libpciaccess0 libpgm-5.2-0 libpostproc55 libpulse0 libraw1394-11 librest-0.7-0 librsvg2-2 librsvg2-common librubberband2 libsamplerate0 libsecret-1-0 libsecret-common libserd-0-0 libshine3 libshout3 libsm6 libsnappy1v5
  libsndfile1 libsodium23 libsord-0-0 libsoup-gnome2.4-1 libsoup2.4-1 libsoxr0 libspeex1 libsratom-0-0 libssh-gcrypt-4 libswresample3 libswscale5 libtag1v5 libtag1v5-vanilla libtheora0 libtiff5 libtwolame0 libv4l-0
  libv4lconvert0 libva-drm2 libva-x11-2 libva2 libvdpau-va-gl1 libvdpau1 libvidstab1.1 libvisual-0.4-0 libvorbis0a libvorbisenc2 libvorbisfile3 libvpx5 libwavpack1 libwayland-client0 libwayland-cursor0 libwayland-egl1
  libwayland-server0 libwebp6 libwebpdemux2 libwebpmux3 libwoff1 libx11-xcb1 libx264-155 libx265-165 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-sync1 libxcb-xfixes0 libxcomposite1 libxcursor1
  libxdamage1 libxfixes3 libxft2 libxi6 libxinerama1 libxkbcommon0 libxrandr2 libxshmfence1 libxt6 libxtst6 libxv1 libxvidcore4 libxxf86vm1 libzmq5 libzvbi-common libzvbi0 mesa-va-drivers mesa-vdpau-drivers squashfs-tools
  va-driver-all vdpau-driver-all x11-common xdg-dbus-proxy
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  gir1.2-gtk-3.0 gir1.2-webkit2-4.0 libgtk-3-0 libgtk-3-bin libgtk-3-common libgtk3-perl libgtk3-webkit2-perl libwebkit2gtk-4.0-37 notification-daemon pmg-installer
0 upgraded, 0 newly installed, 10 to remove and 0 not upgraded.
After this operation, 90.6 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
 
Why do you have the pmg-installer package installed on your installation?! - I would suggest to remove those packages... (make a backup first in any case!!!)
 
I have no idea... This from memory is as stock as there is. I remember there was some issues going from 5 to 6, but apart from that.

Thanks so much for your time too, it's very much appreciated. Along with great software, there's also great support.

I've created a snapshot of the VM, and i'll remove away, see what happens.
 
Well, that was a fail... didn't read it properly and said yes... restored snapshot.

Looks like this thing is baked right into the kernel/systemd level of it now.

Code: 
$ sudo apt purge libapparmor1
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  adwaita-icon-theme apt-transport-https at-spi2-core bubblewrap clamav clamav-base clamav-daemon clamav-freshclam clamdscan enchant fetchmail fontconfig fontconfig-config fonts-dejavu-core fonts-font-awesome
  fonts-glyphicons-halflings gdisk geoip-database-extra gir1.2-atk-1.0 gir1.2-freedesktop gir1.2-gdkpixbuf-2.0 gir1.2-glib-2.0 gir1.2-javascriptcoregtk-4.0 gir1.2-pango-1.0 glib-networking-common glib-networking-services
  gstreamer1.0-gl gstreamer1.0-libav gstreamer1.0-plugins-base gstreamer1.0-pulseaudio gstreamer1.0-x gtk-update-icon-cache hicolor-icon-theme hunspell-en-us i965-va-driver idn intel-media-va-driver javascript-common
  libaa1 libaacs0 libanyevent-http-perl libanyevent-perl libaom0 libappconfig-perl libapt-pkg-perl libarchive-perl libarchive-zip-perl libarchive13 libargon2-1 libasound2 libasound2-data libass9 libasync-interrupt-perl
  libasyncns0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libauthen-pam-perl libavahi-client3 libavahi-common-data libavahi-common3 libavc1394-0 libavcodec58 libavfilter7 libavformat58 libavutil56
  libbdplus0 libberkeleydb-perl libbluray2 libbrotli1 libbs2b0 libcaca0 libcairo-gobject-perl libcairo-gobject2 libcairo-perl libcairo2 libcdparanoia0 libcgi-fast-perl libcgi-pm-perl libchromaprint1 libclamav9
  libclone-perl libcodec2-0.8.1 libcolord2 libcompress-bzip2-perl libconvert-binhex-perl libcroco3 libcrypt-openssl-bignum-perl libcrypt-openssl-random-perl libcrypt-openssl-rsa-perl libcryptsetup12 libcrystalhd3 libcups2
  libdatrie1 libdbd-pg-perl libdbi-perl libdbi1 libdbus-1-3 libdconf1 libdevel-cycle-perl libdigest-bubblebabble-perl libdrm-amdgpu1 libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdv4 libegl-mesa0 libegl1 libenchant1c2a
  libencode-detect-perl libepoxy0 liberror-perl libev-perl libfcgi-perl libfftw3-double3 libfile-readbackwards-perl libfile-sync-perl libfilesys-df-perl libflac8 libflite1 libfontconfig1 libgbm1 libgdk-pixbuf2.0-0
  libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgeo-ip-perl libgirepository-1.0-1 libgl1 libgl1-mesa-dri libglapi-mesa libglib-object-introspection-perl libglib-perl libglvnd0 libglx-mesa0 libglx0 libgme0 libgomp1
  libgraphene-1.0-0 libgraphite2-3 libgsm1 libgstreamer-gl1.0-0 libgstreamer-plugins-base1.0-0 libgstreamer1.0-0 libguard-perl libgudev-1.0-0 libharfbuzz-icu0 libharfbuzz0b libhtml-scrubber-perl libhunspell-1.7-0
  libhyphen0 libice6 libiec61883-0 libigdgmm5 libio-multiplex-perl libio-stringy-perl libjack-jackd2-0 libjavascriptcoregtk-4.0-18 libjbig0 libjpeg62-turbo libjs-bootstrap libjs-extjs libjs-framework7 libjs-jquery
  libjson-glib-1.0-0 libjson-glib-1.0-common liblcms2-2 liblilv-0-0 liblinux-inotify2-perl liblockfile-simple-perl liblog-agent-perl libltdl7 liblzo2-2 libmail-dkim-perl libmail-spf-perl libmime-base32-perl
  libmime-tools-perl libmp3lame0 libmpg123-0 libmysofa0 libnet-cidr-lite-perl libnet-cidr-perl libnet-dbus-perl libnet-dns-perl libnet-dns-sec-perl libnet-ident-perl libnet-ip-perl libnet-server-perl libnetaddr-ip-perl
  libnorm1 libnotify4 libnuma1 libogg0 libopenjp2-7 libopenmpt0 libopus0 liborc-0.4-0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libpciaccess0 libpgm-5.2-0 libpixman-1-0 libpostproc55
  libproxmox-acme-perl libproxy1v5 libpulse0 libpve-apiclient-perl libpve-common-perl libpve-http-server-perl libraw1394-11 librrd8 librrds-perl librsvg2-2 librsvg2-common librubberband2 libsamplerate0 libsecret-1-0
  libsecret-common libserd-0-0 libshine3 libshout3 libsm6 libsnappy1v5 libsndfile1 libsodium23 libsord-0-0 libsoxr0 libspeex1 libsratom-0-0 libssh-gcrypt-4 libstring-shellquote-perl libswresample3 libswscale5
  libsys-hostname-long-perl libtag1v5 libtag1v5-vanilla libtemplate-perl libtfm1 libthai-data libthai0 libtheora0 libtie-ixhash-perl libtiff5 libtwolame0 libv4l-0 libv4lconvert0 libva-drm2 libva-x11-2 libva2
  libvdpau-va-gl1 libvdpau1 libvidstab1.1 libvisual-0.4-0 libvorbis0a libvorbisenc2 libvorbisfile3 libvpx5 libwavpack1 libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 libwebp6 libwebpdemux2
  libwebpmux3 libwoff1 libx11-xcb1 libx264-155 libx265-165 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-render0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcomposite1 libxcursor1 libxdamage1
  libxdgmime-perl libxfixes3 libxft2 libxi6 libxinerama1 libxkbcommon0 libxml-twig-perl libxml-xpathengine-perl libxrandr2 libxrender1 libxshmfence1 libxt6 libxtst6 libxv1 libxvidcore4 libxxf86vm1 libzmq5 libzvbi-common
  libzvbi0 mesa-va-drivers mesa-vdpau-drivers p7zip p7zip-full pmg-api pmg-docs pmg-gui pmg-i18n pmg-log-tracker proxmox-mini-journalreader proxmox-spamassassin proxmox-widget-toolkit pve-xtermjs razor rrdcached rsync
  spf-tools-perl squashfs-tools sudo tnef va-driver-all vdpau-driver-all x11-common xdg-dbus-proxy
Use 'sudo apt autoremove' to remove them.

The following additional packages will be installed:
  initscripts insserv psmisc startpar sysv-rc sysvinit-core
Suggested packages:
  bootchart2 bootlogd
The following packages will be REMOVED:
  dbus* dbus-user-session* dconf-gsettings-backend* dconf-service* gsettings-desktop-schemas* libapparmor1* libnss-systemd* libpam-systemd* proxmox-mailgateway* pve-kernel-helper* systemd* systemd-sysv*

The following NEW packages will be installed:
  initscripts insserv psmisc startpar sysv-rc sysvinit-core

0 upgraded, 6 newly installed, 12 to remove and 0 not upgraded.
Need to get 524 kB of archives.
After this operation, 18.7 MB disk space will be freed.
Do you want to continue? [Y/n]
 
Zanthius said:
Well, that was a fail... didn't read it properly and said yes... restored snapshot.

Looks like this thing is baked right into the kernel/systemd level of it now.
Click to expand...
sorry - I just checked on a local system - libapparmor is installed (and there is no apparmor running) - so that was a wrong direction
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back