Apparmor.d users: action required!

General
1

In the near future AppArmor 5.0 is expected to be released. Shortly after it will be available in the Arch/CachyOS repos.

The new version will come with numerous improvements. E.g., finally unix and dbus mediation will be available for non-Ubuntu distros (requiring kernel 6.17+).

If you’re using the apparmor.d package it is required that you edit /etc/apparmor/parser.conf as roddhjav, the maintainer of that project, informs us in order to prevent breakage:

Warning

apparmor.d now requires early policy loads

Ensure you have cache-loc /etc/apparmor/earlypolicy/ in /etc/apparmor/parser.conf. Otherwise some profiles won't load (or worst will partially load) and your system may not boot.

See: https://apparmor.pujol.io/install/#configure-apparmor

I suggest that you implement this change before the new versions will be out.

2

Already Done! :wink:

 paru -Q apparmor.d                                                                                    ─╯
apparmor.d 0.4900-1

Important

bat /etc/apparmor/parser.conf | rg cache-loc                                                          ─╯
cache-loc /etc/apparmor/earlypolicy/

As explained in the links from @worknix

sudo aa-status --count                                                                                ─╯
[sudo] password for me: 
apparmor module is loaded.
2162
107

Great heads up though. :+1:

EDIT New information for apparmor:

nano /etc/apparmor/parser.conf

Amend to this, just add to the bottom:

## Add the following lines:
write-cache
Optimize=compress-fast
cache-loc /etc/apparmor/earlypolicy/

And avoid apparmor.d-git.