"Expanded Security Maintenance for Applications" shown every time I log on!

Bo Berglund bo.berglund at gmail.com
Sun Mar 12 17:32:57 UTC 2023 

On Sat, 11 Mar 2023 00:23:18 +0100, Bo Berglund <bo.berglund at gmail.com> wrote:

>Thanks,
>I did sign up and attached my server to the Pro system.
>I have to check the consequences tomorrow.

Now I continued to another of my HP workstation laptops running the same:
 Ubuntu 20.04.5 LTS
The device is an HP Elitebook workstation 8440w

I went through the process that worked fine on the other devices but now I am
getting this:

AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.remove in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc

So I figured I could reboot to clean up stuff since I forgot to reboot after the
command:
  apt update && apt full-upgrade -y

After logging on again I checked the system:

$ sudo pro status
SERVICE          ENTITLED  STATUS    DESCRIPTION
esm-apps         yes       enabled   Expanded Security Maintenance for
Applications
esm-infra        yes       enabled   Expanded Security Maintenance for
Infrastructure
fips             yes       disabled  NIST-certified core packages
fips-updates     yes       disabled  NIST-certified core packages with priority
security updates
livepatch        yes       disabled  Canonical Livepatch service
usg              yes       disabled  Security compliance and audit tools

Enable services with: pro enable <service>

Next I tried:
$ sudo pro enable livepatch

One moment, checking your subscription first
Installing canonical-livepatch snap
Stderr: error: cannot perform the following tasks:
- Setup snap "canonical-livepatch" (164) security profiles (cannot setup
profiles for snap "canonical-livepatch": cannot load apparmor profiles: exit
status 1
apparmor_parser output:
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap-update-ns.canonical-livepatch in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.canonical-livepatch in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.canonical-livepatchd
in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.configure in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.connect-plug-etc-update-motd-d
in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.disconnect-plug-etc-update-motd-d
in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.remove in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
)

Then a number of similar messages, and then the last one:

Unable to install Livepatch client: Failed running command '/usr/bin/snap
install canonical-livepatch' [exit(1)]. Message: error: cannot perform the
following tasks:
- Setup snap "canonical-livepatch" (164) security profiles (cannot setup
profiles for snap "canonical-livepatch": cannot load apparmor profiles: exit
status 1
apparmor_parser output:
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.canonical-livepatchd
in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap-update-ns.canonical-livepatch in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.canonical-livepatch in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.configure in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.connect-plug-etc-update-motd-d
in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.disconnect-plug-etc-update-motd-d
in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
AppArmor parser error for
/var/lib/snapd/apparmor/profiles/snap.canonical-livepatch.hook.remove in
/etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
)


Is this really supposed to happen????

And what is apparmor?

This is what I see when checking:

$ apt policy apparmor
apparmor:
  Installed: 2.13.3-7ubuntu5.1
  Candidate: 2.13.3-7ubuntu5.1
  Version table:
 *** 2.13.3-7ubuntu5.1 500
        500 http://se.archive.ubuntu.com/ubuntu focal-updates/main amd64
Packages
        100 /var/lib/dpkg/status
     2.13.3-7ubuntu5 500
        500 http://se.archive.ubuntu.com/ubuntu focal/main amd64 Packages

What is the problem?

-- 
Bo Berglund
Developer in Sweden

More information about the ubuntu-users mailing list