"Expanded Security Maintenance for Applications" shown every time I log on!

Keith keithw at caramail.com
Mon Mar 13 15:17:09 UTC 2023 

On 3/13/23 4:00 AM, Bo Berglund wrote:
> On Sun, 12 Mar 2023 20:00:22 -0500, Keith <keithw at caramail.com> wrote:
> 
>> Anyways, they're simple text files that I've copied to termbin
>> https://termbin.com/4wp7  - proc
>> https://termbin.com/xoib8 - sys
>>
>> Save and copy them to /etc/apparmor.d/tunables
> 
> Thanks a million!!
> 
> I did this:
> 
> $ cd ~/Downloads
> $ wget https://termbin.com/4wp7
> $ wget https://termbin.com/xoib8
> $ mv 4wp7 proc
> $ mv xoib8 sys
> $ sudo cp proc sys /etc/apparmor.d/tunables
> $ sudo pro enable livepatch
> 
> This did no longer throw any errors but finished successfully
> 
> and now the status reads:
> 
> $ sudo pro status
> SERVICE          ENTITLED  STATUS    DESCRIPTION
> esm-apps         yes       enabled   Expanded Security Maintenance for
> Applications
> esm-infra        yes       enabled   Expanded Security Maintenance for
> Infrastructure
> fips             yes       disabled  NIST-certified core packages
> fips-updates     yes       disabled  NIST-certified core packages with priority
> security updates
> livepatch        yes       enabled   Canonical Livepatch service <=== NOW YES!
> usg              yes       disabled  Security compliance and audit tools
> 
> Enable services with: pro enable <service>
> 
> So it seems like this was the solution!
> And the strange thing is that:
> 
> sys only contains commented out lines
> 
> and
> 
> proc only contains one valid line:
> @{PROC}=/proc/
> 
> So one could presumably just create these two files and it would work.
> How strange that the Ubuntu crew does not catch such a problem....
> 
Well, that's the thing. Reinstalling the apparmor package should have 
replaced those files if they were missing as was indicated by the 
directory listing you posted. But evidently they weren't, even though 
dpkg was able to do a md5sum verification on them and found them to have 
been changed. That leads me to think there's may be some issue with the 
filesystem.

Anyway, glad you got the apparmor/livepatch working again.

-- 
Keith

More information about the ubuntu-users mailing list