"Expanded Security Maintenance for Applications" shown every time I log on!
Keith
keithw at caramail.com
Mon Mar 13 15:17:09 UTC 2023
On 3/13/23 4:00 AM, Bo Berglund wrote:
> On Sun, 12 Mar 2023 20:00:22 -0500, Keith <keithw at caramail.com> wrote:
>
>> Anyways, they're simple text files that I've copied to termbin
>> https://termbin.com/4wp7 - proc
>> https://termbin.com/xoib8 - sys
>>
>> Save and copy them to /etc/apparmor.d/tunables
>
> Thanks a million!!
>
> I did this:
>
> $ cd ~/Downloads
> $ wget https://termbin.com/4wp7
> $ wget https://termbin.com/xoib8
> $ mv 4wp7 proc
> $ mv xoib8 sys
> $ sudo cp proc sys /etc/apparmor.d/tunables
> $ sudo pro enable livepatch
>
> This did no longer throw any errors but finished successfully
>
> and now the status reads:
>
> $ sudo pro status
> SERVICE ENTITLED STATUS DESCRIPTION
> esm-apps yes enabled Expanded Security Maintenance for
> Applications
> esm-infra yes enabled Expanded Security Maintenance for
> Infrastructure
> fips yes disabled NIST-certified core packages
> fips-updates yes disabled NIST-certified core packages with priority
> security updates
> livepatch yes enabled Canonical Livepatch service <=== NOW YES!
> usg yes disabled Security compliance and audit tools
>
> Enable services with: pro enable <service>
>
> So it seems like this was the solution!
> And the strange thing is that:
>
> sys only contains commented out lines
>
> and
>
> proc only contains one valid line:
> @{PROC}=/proc/
>
> So one could presumably just create these two files and it would work.
> How strange that the Ubuntu crew does not catch such a problem....
>
Well, that's the thing. Reinstalling the apparmor package should have
replaced those files if they were missing as was indicated by the
directory listing you posted. But evidently they weren't, even though
dpkg was able to do a md5sum verification on them and found them to have
been changed. That leads me to think there's may be some issue with the
filesystem.
Anyway, glad you got the apparmor/livepatch working again.
--
Keith
More information about the ubuntu-users
mailing list