无法打开“/tunables/proc”

Question

从 Ubuntu 14.04 跳到 19.04，一切都很好，直到我开始收到错误消息，指出它无法在 \'tunables/global/\' 第 17 行打开 \'tunables/proc\'：

\n\n

error: cannot perform the following tasks:\n- Setup snap "core" (7917) security profiles (cannot setup apparmor for snap "core": cannot create host snap-confine apparmor configuration: cannot reload snap-confine apparmor profile: cannot load apparmor profiles: exit status 1\napparmor_parser output:\nAppArmor parser error for /var/lib/snapd/apparmor/profiles/snap-confine.core.7917 in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\n)\n- Setup snap "core" (7917) security profiles (cannot create host snap-confine apparmor configuration: cannot reload snap-confine apparmor profile: cannot load apparmor profiles: exit status 1\napparmor_parser output:\nAppArmor parser error for /var/lib/snapd/apparmor/profiles/snap-confine.core.7917 in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\n)\n

\n\n

和

\n\n

docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default031282080` failed with output: AppArmor parser error for /var/lib/docker/tmp/docker-default031282080 in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\n\nerror: exit status 1.\n

\n\n

我一直在关注围绕“tunables/proc”和“tunables/global”的奇怪 apparmor 问题的各种兔子洞。我已经尝试重新安装，全新安装 Ubuntu 18.04，手动将文件从apparmor 源文件复制到系统上的相应目录。

\n\n

我不知所措。我怎样才能解决这个问题？

\n\n

Systemctl AppArmor 状态：

\n\n

\xe2\x97\x8f apparmor.service - Load AppArmor profiles\n   Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)\n   Active: failed (Result: exit-code) since Thu 2019-10-24 11:41:59 UTC; 31min ago\n     Docs: man:apparmor(7)\n           https://gitlab.com/apparmor/apparmor/wikis/home/\n Main PID: 1669 (code=exited, status=1/FAILURE)\n\nOct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/nvidia_modprobe in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\nOct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/sbin.dhclient in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\nOct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/usr.bin.man in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\nOct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/usr.lib.snapd.snap-confine.real in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\nOct 24 11:41:59 caligula apparmor.systemd[1669]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd\nOct 24 11:41:59 caligula apparmor.systemd[1669]: AppArmor parser error for /etc/apparmor.d/usr.sbin.tcpdump in /etc/apparmor.d/tunables/global at line 17: Could not open \'tunables/proc\'\nOct 24 11:41:59 caligula apparmor.systemd[1669]: Error: At least one profile failed to load\nOct 24 11:41:59 caligula systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE\nOct 24 11:41:59 caligula systemd[1]: apparmor.service: Failed with result \'exit-code\'.\nOct 24 11:41:59 caligula systemd[1]: Failed to start Load AppArmor profiles.\nubuntu@caligula:~/apparmor-2.10.95/profiles$ \n

\n

Answer 1

当我将加密系统迁移到具有更高存储容量的新 SSD 时，就发生了这种情况。rsync好像错过了:(

我通过创建找不到的文件解决了这个问题： /etc/apparmor.d/tunables/proc

使用默认内容（在 /proc 中的旧文件中找到，同时搜索可调参数文件夹很有趣）：

#    Copyright (C) 2012 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

# @{PROC} is the location where proc is mounted.
@{PROC}=/proc/

所以对于 Linux 新手来说命令：

cd /etc/apparmor.d/tunables
sudo nano proc

然后复制粘贴默认值，然后按control + x然后y回车保存。