Watch Out Upgrading To Linux 4.14 If You Use AppArmor

Written by Michael Larabel in Linux Kernel on 18 October 2017 at 08:16 AM EDT. 32 Comments
LINUX KERNEL
Just a quick public service announcement if you rely upon AppArmor for security on your Linux distribution like Ubuntu/Debian and plan to soon upgrade to the Linux 4.14 kernel...

At least with AppArmor as packaged on Ubuntu and Debian, if moving to the Linux 4.14 kernel you will find your network no longer working. For weeks all of my test boxes that upgraded to Linux 4.14 Git (such as the daily systems for LinuxBenchmarking.com) have failed to bring up a working network connection.


I initially thought it was due to a regression in the network stack, but it's happened for all of my systems trying out Linux 4.14. Though I hadn't the time to investigate due to all of my other work and never-ending TODO list. Fortunately, a few days ago another Phoronix reader mentioned he too experienced this issue and found the culprit to be AppArmor.

Sure enough, if taking down AppArmor, networking works again on Linux 4.14. Though surprisingly I haven't seen much (any?) noise about this showstopping issue yet that appears to affect at least any Ubuntu/Debian user running AppArmor and switching to this latest kernel code.


Overnight is now a bug report entitled apparmor is broken for kernel 4.14 in Launchpad. That report mentions besides AppArmor breaking network support on Linux 4.14, the MySQL server reportedly breaks too and then it also mentions this older Debian bug report about 4.14 breakage.

If you don't want to disable or remove AppArmor, there is a patch causing significant modifications to a number of AppArmor profiles for Linux 4.14 compatibility. Hopefully a stable release update will soon take care of the AppArmor breakage, but until then, you've been forewarned.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week