Recently, my laptop has started to act a little quirky, AppArmor profile violations failed to log properly (showed up in dmesg, but not in /var/log/messages) and sometimes I can't fork off new processes (even to kill run away processes). I thought that there may be a bug in XFCE or Java, or somehow AppArmor was messing with things, but after submitting Ubuntu Bug #157952, and spending a few days working out the problem, I narrowed all my problems to a single root cause, Bastille Linux.
For those of you know don't know, Bastille Linux is a GUI that steps you through configuring your system to be more secure (removing SUID bits on some files, adding per-user limits, etc…). I ran it on my system and things seemed to work out fine. I was wrong, things would intermittenily go wrong. Below are the problems I found, and how to fix them.
- Getting 'fork: Resource unavailable errors' – Change your /etc/security/limits.conf so you can run more than 100 processes.
- AppArmor logprof never asks you about profile violations, even if they are happening. Make sure that the user klog can run the klogd daemon, otherwise it can't run properly.
Well, that's all for now, hope this helps you if you decide to use Bastille.
Peace and chow,