Full System AppArmor Policy - Testers Wanted!

News
31

We are getting closer to a working OS, however sdwdate is broken still on boot. The sdwdate-gui is looping. When you go to status in the gui it displays - Time fetching in progress. When you try to stop or restart sdwdate-gui, it does not work and when you open the log, a terminal shows up but is blank.

sudo apt dist-upgrade && sudo apt update && sudo apt upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Hit:1 tor+https://deb.debian.org/debian-security buster/updates InRelease
Hit:2 tor+https://deb.debian.org/debian buster-updates InRelease
Hit:3 tor+http://sgvtcaew4bxjd7ln.onion buster/updates InRelease
Hit:4 tor+http://vwakviie2ienjx6t.onion/debian buster-updates InRelease
Hit:5 tor+https://deb.debian.org/debian buster InRelease
Hit:6 tor+https://deb.Whonix.org buster InRelease
Hit:7 tor+http://vwakviie2ienjx6t.onion/debian buster InRelease
Reading package lists… Done
E: Release file for tor+https://deb.debian.org/debian/dists/buster-updates/InRelease is not valid yet (invalid for another 4h 26min 21s). Updates for this repository will not be applied.
E: Release file for tor+http://vwakviie2ienjx6t.onion/debian/dists/buster-updates/InRelease is not valid yet (invalid for another 4h 26min 20s). Updates for this repository will not be applied.

However, when I run sudo sdwdate

2020-12-20 03:38:08 - sdwdate - INFO - sdwdate started. PID: 2955
2020-12-20 03:38:08 - sdwdate - INFO - create temp_dir: /tmp/tmp.ZnnDVEdjIk
2020-12-20 03:38:08 - sdwdate - INFO - Tor socks host: 127.0.0.1 Tor socks port: 9050
2020-12-20 03:38:08 - sdwdate - INFO - Running sdwdate main loop. iteration: 1 / 10000
2020-12-20 03:38:09 - sdwdate - INFO - Prerequisite check: The clock is sane.
Within build timestamp Sat 12 Dec 2020 05:44:06 AM UTC and expiration timestamp Tue 17 May 2033 10:00:00 AM UTC.
2020-12-20 03:38:09 - sdwdate - INFO - Prerequisite check: The clock might be too slow. Clock is slower than consensus/valid-after 2020-12-20 10:00:00.

Possible causes:

  • The host clock is wrong → shut down the VM, fix the clock in the host and restart the VM.

  • The VM clock is wrong → manually fix the clock. Restart Tor if necessary. Then restart sdwdate.

  • A host clock attack succeeded.

  • A hardware issue (for example bios clock issues).

Tor fully bootstrapped.
2020-12-20 03:38:09 - sdwdate - INFO - Start fetching remote times.
2020-12-20 03:38:09 - sdwdate - INFO - Initial time fetching in progress…
2020-12-20 03:38:09 - sdwdate - INFO - Running sdwdate fetch loop. iteration: 1
2020-12-20 03:38:09 - sdwdate - INFO - Requested urls [‘mprt35sjunnxfa76.onion’, ‘o2jdk5mdsijm2b7l.onion’, ‘privacyintyqcroe.onion’]
2020-12-20 03:38:59 - sdwdate - INFO - Returned urls “[‘mprt35sjunnxfa76.onion’, ‘o2jdk5mdsijm2b7l.onion’, ‘privacyintyqcroe.onion’]”
2020-12-20 03:38:59 - sdwdate - INFO - remote 0: mprt35sjunnxfa76.onion
2020-12-20 03:38:59 - sdwdate - INFO - * comment: https://informant.taz.de https://web.archive.org/web/20170329061908/https://informant.taz.de
2020-12-20 03:38:59 - sdwdate - INFO - * remote_unixtime: 1608460283
2020-12-20 03:38:59 - sdwdate - INFO - * consensus/valid-after: 2020-12-20 10:00:00
2020-12-20 03:38:59 - sdwdate - INFO - * remote_time : 2020-12-20 10:31:23
2020-12-20 03:38:59 - sdwdate - INFO - * consensus/valid-until: 2020-12-20 13:00:00
2020-12-20 03:38:59 - sdwdate - INFO - * time_diff: 24744 second(s)
2020-12-20 03:38:59 - sdwdate - INFO - * timesanitycheck: sane
2020-12-20 03:38:59 - sdwdate - INFO - * time_consensus_sanity_check: sane
2020-12-20 03:38:59 - sdwdate - INFO - * remote_status: True
2020-12-20 03:38:59 - sdwdate - INFO - remote 1: o2jdk5mdsijm2b7l.onion
2020-12-20 03:38:59 - sdwdate - INFO - * comment: https://search.gibberfish.orghttps://gibberfish.org/community-resources/ Community Resources - Gibberfish, Inc
2020-12-20 03:38:59 - sdwdate - INFO - * status: False
2020-12-20 03:38:59 - sdwdate - INFO - * value: Timeout
2020-12-20 03:38:59 - sdwdate - INFO - remote 2: privacyintyqcroe.onion
2020-12-20 03:38:59 - sdwdate - INFO - * comment: https://www.privacyinternational.org https://twitter.com/privacyint/status/762656779272593408 https://web.archive.org/web/20170421233214/https:/twitter.com/privacyint/status/762656779272593408
2020-12-20 03:38:59 - sdwdate - INFO - * remote_unixtime: 1608460282
2020-12-20 03:38:59 - sdwdate - INFO - * consensus/valid-after: 2020-12-20 10:00:00
2020-12-20 03:38:59 - sdwdate - INFO - * remote_time : 2020-12-20 10:31:22
2020-12-20 03:38:59 - sdwdate - INFO - * consensus/valid-until: 2020-12-20 13:00:00
2020-12-20 03:38:59 - sdwdate - INFO - * time_diff: 24743 second(s)
2020-12-20 03:38:59 - sdwdate - INFO - * timesanitycheck: sane
2020-12-20 03:38:59 - sdwdate - INFO - * time_consensus_sanity_check: sane
2020-12-20 03:38:59 - sdwdate - INFO - * remote_status: True
2020-12-20 03:38:59 - sdwdate - INFO - Pool 1: mprt35sjunnxfa76.onion, web unixtime: 1608460283, web time: Sun Dec 20 10:31:23 UTC 2020, diff: 24744 seconds
2020-12-20 03:38:59 - sdwdate - INFO - Pool 3: privacyintyqcroe.onion, web unixtime: 1608460282, web time: Sun Dec 20 10:31:22 UTC 2020, diff: 24743 seconds
2020-12-20 03:38:59 - sdwdate - INFO - Running sdwdate fetch loop. iteration: 2
2020-12-20 03:38:59 - sdwdate - INFO - Requested urls [‘nxhhwbbxc4khvvlw.onion’]
2020-12-20 03:39:03 - sdwdate - INFO - Returned urls “[‘nxhhwbbxc4khvvlw.onion’]”
2020-12-20 03:39:03 - sdwdate - INFO - remote 0: nxhhwbbxc4khvvlw.onion
2020-12-20 03:39:03 - sdwdate - INFO - * comment: https://searx.gotrust.de https://web.archive.org/web/20170519171857/https://github.com/asciimoo/searx/wiki/Searx-instances
2020-12-20 03:39:03 - sdwdate - INFO - * remote_unixtime: 1608460920
2020-12-20 03:39:03 - sdwdate - INFO - * consensus/valid-after: 2020-12-20 10:00:00
2020-12-20 03:39:03 - sdwdate - INFO - * remote_time : 2020-12-20 10:42:00
2020-12-20 03:39:03 - sdwdate - INFO - * consensus/valid-until: 2020-12-20 13:00:00
2020-12-20 03:39:03 - sdwdate - INFO - * time_diff: 25377 second(s)
2020-12-20 03:39:03 - sdwdate - INFO - * timesanitycheck: sane
2020-12-20 03:39:03 - sdwdate - INFO - * time_consensus_sanity_check: sane
2020-12-20 03:39:03 - sdwdate - INFO - * remote_status: True
2020-12-20 03:39:03 - sdwdate - INFO - Pool 2: nxhhwbbxc4khvvlw.onion, web unixtime: 1608460920, web time: Sun Dec 20 10:42:00 UTC 2020, diff: 25377 seconds
2020-12-20 03:39:03 - sdwdate - INFO - End fetching remote times.
2020-12-20 03:39:03 - sdwdate - INFO - Pool differences, sorted: [24743, 24744, 25377]
2020-12-20 03:39:03 - sdwdate - INFO - Median time difference: +24744.000000000
2020-12-20 03:39:03 - sdwdate - INFO - randomize : +0.052989251
2020-12-20 03:39:03 - sdwdate - INFO - New time difference : +24744.052989251
2020-12-20 03:39:03 - sdwdate - INFO - Old unixttime: 1608435543.369919062
2020-12-20 03:39:03 - sdwdate - INFO - New unixtime : 1608460287.422908306
2020-12-20 03:39:03 - sdwdate - INFO - Instantly setting the time by using command: /bin/date --set “@1608460287.422908306
2020-12-20 10:31:27 - sdwdate - INFO - /bin/date output: Sun 20 Dec 2020 10:31:27 AM UTC

2020-12-20 10:31:27 - sdwdate - INFO - Success. Sleeping for 66.08333333333333 minutes.
2020-12-20 10:31:27 - sdwdate - INFO - Running command: sleep 3965.178781784
^Z
[1]+ Stopped sudo sdwdate

The icon for the sdwdate-gui does display the working icon but then loops between the X and inactive icon and keeps looping.

TOR Browser works and I’m able to update:

sudo apt dist-upgrade && sudo apt update && sudo apt upgrade
[sudo] password for user:
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Hit:1 tor+https://deb.debian.org/debian-security buster/updates InRelease
Hit:2 tor+https://deb.debian.org/debian buster-updates InRelease
Hit:3 tor+http://vwakviie2ienjx6t.onion/debian buster-updates InRelease
Hit:4 tor+https://deb.debian.org/debian buster InRelease
Hit:5 tor+https://deb.Whonix.org buster InRelease
Hit:6 tor+http://sgvtcaew4bxjd7ln.onion buster/updates InRelease
Hit:7 tor+http://vwakviie2ienjx6t.onion/debian buster InRelease
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

But for some reason, I cannot acquire the merged packages such as apparmor-info and hardened-kernel.

I run sudo apt reinstall helper-scripts and sudo apparmor-info
sudo: apparmor-info: command not found

I switched to the older kernel for these test - uname -r
4.19.0-13-amd64 so that it wouldn’t be a hardened kernel issue

I also tested sudo sdwdate-gui
[sudo] password for user:
access control disabled, clients can connect from any host
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to ‘/tmp/runtime-sdwdate-gui’
tor_status_changed unexpected error: <class ‘NameError’>
^Z
[2]+ Stopped sudo sdwdate-gui

And lastly, I ran this just now:

sudo journalctl _TRANSPORT=audit --output cat “${@}” | grep “DENIED” | sed -e ‘s/pid=.* comm/comm/g’ | sed -e 's/ fsuid.//g’ | awk ‘!x[$0]++’
AVC apparmor=“DENIED” operation=“exec” profile=“dbus-daemon” name=“/usr/lib/at-spi2-core/at-spi2-registryd” comm=“dbus-daemon” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/dirname” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/rm” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/mv” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/gzip” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/apt-get” comm=“apt.systemd.dai” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“open” profile="/**/-browser/Browser/firefox" name=“/proc/5064/cgroup” comm=“firefox.real” requested_mask=“r” denied_mask=“r”

System Monitor does briefly show the 2 tabs that were not showing up but then disables access to it. I ran it just now and did another journalctl:

sudo journalctl _TRANSPORT=audit --output cat “${@}” | grep “DENIED” | sed -e ‘s/pid=.* comm/comm/g’ | sed -e 's/ fsuid.//g’ | awk ‘!x[$0]++’
AVC apparmor=“DENIED” operation=“exec” profile=“dbus-daemon” name=“/usr/lib/at-spi2-core/at-spi2-registryd” comm=“dbus-daemon” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/dirname” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/rm” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/mv” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/gzip” comm=“savelog” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“exec” profile=“apt.systemd.daily” name=“/usr/bin/apt-get” comm=“apt.systemd.dai” requested_mask=“x” denied_mask=“x”
AVC apparmor=“DENIED” operation=“open” profile="/**/-browser/Browser/firefox" name=“/proc/5064/cgroup” comm=“firefox.real” requested_mask=“r” denied_mask=“r”
AVC apparmor=“DENIED” operation=“open” profile=“dbus-daemon” name=“/proc/cmdline” comm=“dconf-service” requested_mask=“r” denied_mask=“r”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.N4ZIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.VVZIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.77ZIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.U9ZIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.R9XIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.7LYIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.U2YIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.MJZIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.JBEDV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.WVEDV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.S7SHV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.SPTHV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.BDNFV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.0OKFV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.HIOOV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.G0OOV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.I14EV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.6T4EV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.G1PPV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.NCQPV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.GT5GV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.7A6GV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.B5KXV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.QUKXV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.090UV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.TR1UV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.S7JQV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.UOKQV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.1ADKV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.0RDKV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.5UIIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.1CJIV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.6EVDV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.3WVDV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.VAEWV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.FXEWV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.DKQRV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.S9PRV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.BUPPV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.5BQPV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.FF8JV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.Z47JV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.84OEV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.YMPEV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.HLCYV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.1Y9XV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.7ETSV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.5QQSV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.9DWQV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.0VWQV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.H8VLV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.UQWLV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.W4VJV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.7TVJV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.S1VEV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.ZQVEV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.OH4WV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.KA4WV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.AA1MV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.KT1MV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.UF2QV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.VSZQV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.R1ZQV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”
AVC apparmor=“DENIED” operation=“mknod” profile=“dbus-daemon” name=“/home/user/.config/dconf/user.OI0QV0” comm=“dconf-service” requested_mask=“c” denied_mask=“c”

I also noticed this in boot log:

Warning from stdin (line 1): config file ‘/etc/apparmor/parser.conf’ not found
Warning from stdin (line 1): config file ‘/etc/apparmor/parser.conf’ not found
Warning from stdin (line 1): config file ‘/etc/apparmor/parser.conf’ not found
Warning from stdin (line 1): config file ‘/etc/apparmor/parser.conf’ not found

Failed to start Load AppArmor profiles.
See ‘systemctl status apparmor.service’ for details.

When checking out systemctl status apparmor.service within the OS, the result is:

● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/apparmor.service.d
└─30_live_mode.conf
Active: failed (Result: exit-code) since Sun 2020-12-20 05:57:21 UTC; 7h ago
Docs: man:apparmor(7)
Home · Wiki · AppArmor / apparmor · GitLab
Process: 783 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=1/FAILURE)
Main PID: 783 (code=exited, status=1/FAILURE)

Dec 20 05:57:20 os systemd[1]: Starting Load AppArmor profiles…
Dec 20 05:57:20 os apparmor.systemd[783]: Restarting AppArmor
Dec 20 05:57:20 os apparmor.systemd[783]: Reloading AppArmor profiles
Dec 20 05:57:20 os apparmor.systemd[783]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/abstractions/init-systemd at line 252: Found unexpected character: ‘2’
Dec 20 05:57:20 os apparmor.systemd[783]: AppArmor parser error for /etc/apparmor.d/init-systemd in /etc/apparmor.d/abstractions/init-systemd at line 252: Found unexpected character: ‘2’
Dec 20 05:57:21 os apparmor.systemd[783]: Error: At least one profile failed to load
Dec 20 05:57:21 os systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Dec 20 05:57:21 os systemd[1]: apparmor.service: Failed with result ‘exit-code’.
Dec 20 05:57:21 os systemd[1]: Failed to start Load AppArmor profiles.
~

Thanks,
sudobash

1 Like