1

I just updated my RPI5 today. Using Ubuntu 24.04 LTS. During the upgrade I got errors messages saying that Apparmor had some problems about sssd.service (/etc/sssd/conf.d)...

First time it happened.. Is is important OR I just leave it as it is....?? Here is some output..

I did apply the available Apt security Updates.

sudo apt update && sudo apt upgrade -y

Had errors messages during the update mainly talking about apparmor and sssd (service). /etc/sssd/conf.d AND /etc/sssd/conf.d conditions not met..

bt92200@BTRPI-5:/etc/sssd/conf.d$ systemctl status sssd.service
○ sssd.service - System Security Services Daemon
     Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset: enabled)
     Active: inactive (dead)
  Condition: start condition unmet at Tue 2024-06-18 07:20:02 EDT; 3min 43s ago
             ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
             └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met

Jun 18 07:09:10 BTRPI-5 systemd[1]: sssd.service - System Security Services Daemon was skipped because no trigger condition checks were met.
Jun 18 07:20:02 BTRPI-5 systemd[1]: sssd.service - System Security Services Daemon was skipped because no trigger condition checks were met.


sudo aa-status:
3 profiles are in complain mode.
   /usr/sbin/sssd
   libreoffice-oosplash
   libreoffice-soffice


bt92200@BTRPI-5:/etc/sssd/conf.d$ systemctl status apparmor.service
● apparmor.service - Load AppArmor profiles
     Loaded: loaded (/usr/lib/systemd/system/apparmor.service; enabled; preset: enabled)
     Active: active (exited) since Tue 2024-06-18 07:08:38 EDT; 23min ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
   Main PID: 822 (code=exited, status=0/SUCCESS)
        CPU: 515ms


Jun 18 07:08:37 BTRPI-5 systemd[1]: Starting apparmor.service - Load AppArmor profiles...
Jun 18 07:08:37 BTRPI-5 apparmor.systemd[822]: Restarting AppArmor
Jun 18 07:08:37 BTRPI-5 apparmor.systemd[822]: Reloading AppArmor profiles
Jun 18 07:08:38 BTRPI-5 apparmor.systemd[955]: Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode
Jun 18 07:08:38 BTRPI-5 apparmor.systemd[955]: Warning from /etc/apparmor.d (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' du>
Jun 18 07:08:38 BTRPI-5 systemd[1]: Finished apparmor.service - Load AppArmor profiles.
Benoît Tremblay
  • 11

2 Answers2

0

I too have the same error when apt upgrading 24.04. apparmor and libapparmor1 are only packages updated. Output below. I do not use enterprise authentication so this is unlikely to affect me but I hope it is useful.

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
  libcjson1 libpostproc57 libavcodec60 libavutil58 libswscale7 libswresample4
  libavformat60 libavfilter9
Learn more about Ubuntu Pro at https://ubuntu.com/pro
The following upgrades have been deferred due to phasing:
  libegl-mesa0 libgbm1 libgl1-mesa-dri libglapi-mesa libglx-mesa0
  libxatracker2 mesa-va-drivers mesa-vdpau-drivers mesa-vulkan-drivers
  xdg-desktop-portal
The following packages will be upgraded:
  apparmor libapparmor1
2 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
Need to get 691 kB of archives.
After this operation, 33.8 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://gb.archive.ubuntu.com/ubuntu noble-updates/main amd64  libapparmor1 amd64 4.0.1-0ubuntu0.24.04.2 [50.0 kB]
Get:2 http://gb.archive.ubuntu.com/ubuntu noble-updates/main amd64 apparmor amd64 4.0.1-0ubuntu0.24.04.2 [641 kB]
Fetched 691 kB in 0s (2,470 kB/s) 
Preconfiguring packages ...
(Reading database ... 195263 files and directories currently installed.)
Preparing to unpack .../libapparmor1_4.0.1-0ubuntu0.24.04.2_amd64.deb ...
Unpacking libapparmor1:amd64 (4.0.1-0ubuntu0.24.04.2) over (4.0.0-beta3-0ubuntu3) ...
Preparing to unpack .../apparmor_4.0.1-0ubuntu0.24.04.2_amd64.deb ...
Unpacking apparmor (4.0.1-0ubuntu0.24.04.2) over (4.0.0-beta3-0ubuntu3) ...
Setting up libapparmor1:amd64 (4.0.1-0ubuntu0.24.04.2) ...
Setting up apparmor (4.0.1-0ubuntu0.24.04.2) ...
Installing new version of config file /etc/apparmor.d/abstractions/authentication ...
Installing new version of config file /etc/apparmor.d/abstractions/samba ...
Installing new version of config file /etc/apparmor.d/firefox ...
Reloading AppArmor profiles 
Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode
Warning from /etc/apparmor.d (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for libc-bin (2.39-0ubuntu8.2) ...
Matt
  • 43
0

Looks like this is a long standing issue although I also only noticed it recently.

Workaround #2 from this post works nicely for me and "feels" reasonably clean.

I suppose that - per Matt's answer - if one doesn't have any need for sssd, it might also be ok to remove it altogether (sudo apt remove sssd). I haven't tried that.

If you need to research it more to make an informed call, the documentation looks pretty solid...

sxc731
  • 1,244