After upgrading from Ubuntu 24.10 to 25.04, I noticed that WireGuard does not start. Investigating the problem I found the following error message in system log:
May 15 17:09:31 ocasrv wg-quick[14511]: [#] /etc/wireguard/helper/log-info.sh startdate
May 15 17:09:31 ocasrv wg-quick[14521]: /usr/bin/wg-quick: /etc/wireguard/helper/log-info.sh: /bin/bash: bad interpreter: Permission denied
May 15 17:09:31 ocasrv wg-quick[14523]: Unable to access interface: No such device
Here log-info.sh is my custom script that ran without problems in the previous version of Ubuntu.
I checked the system-provided /usr/bin/wg-quick and it is exactly the same as in the previous version of Ubuntu.
However, I see the following errors also:
[ 2875.720653] audit: type=1400 audit(1747318171.354:3330): apparmor="DENIED" operation="open" class="file" profile="wg-quick" name="/etc/nsswitch.conf" pid=14511 comm="wg-quick" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 2875.720673] audit: type=1400 audit(1747318171.355:3331): apparmor="DENIED" operation="open" class="file" profile="wg-quick" name="/etc/passwd" pid=14511 comm="wg-quick" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 2875.740073] audit: type=1400 audit(1747318171.374:3332): apparmor="DENIED" operation="exec" class="file" profile="wg-quick" name="/etc/wireguard/helper/log-info.sh" pid=14521 comm="wg-quick" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Checking the /etc/apparmor.d/ directory, I noticed two new files named wg and wg-quick. These files were not present in the previous versions of Ubuntu.
ChatGPT recommended this:
# ln -s /etc/apparmor.d/wg-quick /etc/apparmor.d/disable/
# ln -s /etc/apparmor.d/wg /etc/apparmor.d/disable/
# apparmor_parser -R /etc/apparmor.d/wg-quick
# apparmor_parser -R /etc/apparmor.d/wg
# systemctl reload apparmor
which solves the problem.
However, what is the recommended action? Is this a new bug?
