Watch Out Upgrading To Linux 4.14 If You Use AppArmor
Just a quick public service announcement if you rely upon AppArmor for security on your Linux distribution like Ubuntu/Debian and plan to soon upgrade to the Linux 4.14 kernel...
At least with AppArmor as packaged on Ubuntu and Debian, if moving to the Linux 4.14 kernel you will find your network no longer working. For weeks all of my test boxes that upgraded to Linux 4.14 Git (such as the daily systems for LinuxBenchmarking.com) have failed to bring up a working network connection.
I initially thought it was due to a regression in the network stack, but it's happened for all of my systems trying out Linux 4.14. Though I hadn't the time to investigate due to all of my other work and never-ending TODO list. Fortunately, a few days ago another Phoronix reader mentioned he too experienced this issue and found the culprit to be AppArmor.
Sure enough, if taking down AppArmor, networking works again on Linux 4.14. Though surprisingly I haven't seen much (any?) noise about this showstopping issue yet that appears to affect at least any Ubuntu/Debian user running AppArmor and switching to this latest kernel code.
Overnight is now a bug report entitled apparmor is broken for kernel 4.14 in Launchpad. That report mentions besides AppArmor breaking network support on Linux 4.14, the MySQL server reportedly breaks too and then it also mentions this older Debian bug report about 4.14 breakage.
If you don't want to disable or remove AppArmor, there is a patch causing significant modifications to a number of AppArmor profiles for Linux 4.14 compatibility. Hopefully a stable release update will soon take care of the AppArmor breakage, but until then, you've been forewarned.
At least with AppArmor as packaged on Ubuntu and Debian, if moving to the Linux 4.14 kernel you will find your network no longer working. For weeks all of my test boxes that upgraded to Linux 4.14 Git (such as the daily systems for LinuxBenchmarking.com) have failed to bring up a working network connection.
I initially thought it was due to a regression in the network stack, but it's happened for all of my systems trying out Linux 4.14. Though I hadn't the time to investigate due to all of my other work and never-ending TODO list. Fortunately, a few days ago another Phoronix reader mentioned he too experienced this issue and found the culprit to be AppArmor.
Sure enough, if taking down AppArmor, networking works again on Linux 4.14. Though surprisingly I haven't seen much (any?) noise about this showstopping issue yet that appears to affect at least any Ubuntu/Debian user running AppArmor and switching to this latest kernel code.
Overnight is now a bug report entitled apparmor is broken for kernel 4.14 in Launchpad. That report mentions besides AppArmor breaking network support on Linux 4.14, the MySQL server reportedly breaks too and then it also mentions this older Debian bug report about 4.14 breakage.
If you don't want to disable or remove AppArmor, there is a patch causing significant modifications to a number of AppArmor profiles for Linux 4.14 compatibility. Hopefully a stable release update will soon take care of the AppArmor breakage, but until then, you've been forewarned.
32 Comments