The following section lists the most common problems and error messages that may occur using Novell AppArmor.
AppArmor is installed by default if either the GNOME or KDE desktop is chosen during installation. If you chooseor , AppArmor is not included by default. In these cases, use YaST to install the missing packages.
If you notice odd application behavior or any other type of application problem, you should first check the reject messages in the log files to see if AppArmor is too closely constricting your application. To check reject messages, start+ and go to . Select and for the application audit report. You can filter dates and times to narrow down the specific periods when the unexpected application behavior occurred.
Apache is not starting properly or it is not serving Web pages and
you just installed a new module or made a configuration change.
When you install additional Apache modules (like
mod-apparmor) or make configuration changes to
Apache, you should profile Apache again to catch any
additional rules that need to be added to the profile.
When the reporting feature generates an HTML or CSV file that exceeds the default size, the file is not sent. Mail servers have a default, hard limit for e-mail size. This limitation can impede AppArmor's ability to send e-mails that are generated for reporting purposes. If your mail is not arriving, this could be why. Consider the mail size limits and check the archives if e-mails have not been received.
loads and applies all profiles that are available in its profile
/etc/apparmor.d/). If you decide not
to apply a profile to a certain application, delete the
appropriate profile or move it to another location where AppArmor would not
check for it.
AppArmor operation can generate various errors. Here is a list of possible errors and how to resolve them.
If you run logprof as a non-root user, such as tux, you are likely to see this error:
tux@localhost:~> /usr/sbin/logprof Can’t find apparmor_parser.
You should run logprof only as root.
Running genprof as a non-root user produces a similar result:
tux@localhost:~> /usr/sbin/genprof /usr/sbin/genprof must be run as root.
You must run the apparmor start and apparmor stop scripts as root. Running them as a non-root user produces this result:
tux@localhost:~> /etc/init.d/apparmor stop /sbin/apparmor_parser: Sorry. You need root priveleges to run this program. Unloading AppArmor profiles..failed
Manually editing Novell AppArmor profiles can introduce syntax errors. If you attempt to start or restart AppArmor with syntax errors in your profiles, error results are shown. This example shows the syntax of the entire parser error.
localhost:~ # /etc/init.d/apparmor start Loading AppArmor profiles AppArmor parser error, line 2: Found unexpected character: ’h’ Profile /etc/apparmor.d/usr.sbin.squid failed to load failed