systemd-udevd running unconfined after fresh boot

[Jeroen0494]

Hi,

Like the title, the apparmor profile is not applied during boot. If I restart the service, the apparmor profile is applied:

jeroen@jeroen-VirtualBox:~$ ps auxZ | grep udev
unconfined                      root        1111  0.2  0.1  26084  5012 ?        Ss   11:03   0:00 /lib/systemd/systemd-udevd
unconfined                      jeroen     10182  0.0  0.0  17868  1512 pts/0    S+   11:05   0:00 grep --color=auto udev
jeroen@jeroen-VirtualBox:~$ sudo systemctl restart systemd-udevd
[sudo] password for jeroen: 
jeroen@jeroen-VirtualBox:~$ ps auxZ | grep udev
systemd-udevd (complain)        root       10382  2.5  0.1  25348  5104 ?        Ss   11:06   0:00 /lib/systemd/systemd-udevd
unconfined                      jeroen     10384  0.0  0.0  17868  1480 pts/0    S+   11:06   0:00 grep --color=auto udev
jeroen@jeroen-VirtualBox:~$

Maybe we need to update the AppArmor service to load before systemd-udevd is loaded?

[roddhjav]

Hi, this is on purpose. See b3a28da

On some system, the udevd profile has a bug and prevent the system to mount the partition breaking the boot process. So I ensure udevd is not confined while I figure out what is the issue.

You can just add the systemd/systemd-udevd.service file again and it should confined it as it used to be.