📖 ~1 min read
Table of contents
Symptom & Impact
Application cannot read/write expected paths despite correct Unix permissions, causing runtime failures.
Environment & Reproduction
Ubuntu 20.04 with AppArmor enabled and confined service profile active.
Root Cause Analysis
AppArmor profile denies file/network capability needed by updated application behavior.
Quick Triage
Search logs using ‘sudo journalctl -k | grep DENIED’ and list profile mode with ‘aa-status’.
Step-by-Step Diagnosis
Correlate denial timestamps to service actions, identify profile name, and test in complain mode carefully.
Solution – Primary Fix
Adjust profile rules, reload with ‘sudo apparmor_parser -r’, and return profile to enforce mode.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Use package-provided profile updates or relocate app data paths to already-allowed directories.
Verification & Acceptance Criteria
Service completes denied operation and no new AppArmor DENIED entries appear in logs.
Rollback Plan
Restore previous profile file and reload parser if functional regressions occur.
Prevention & Hardening
Review denials after app upgrades and maintain profile changes in version control.
Related Errors & Cross-Refs
Permission denied with correct chmod, snap confinement restrictions, and SELinux confusion on mixed docs.
Related tutorial: View the step-by-step tutorial for Ubuntu 20.04 LTS.
View all Ubuntu 20.04 LTS tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
AppArmor Ubuntu wiki, aa-status, aa-logprof, and profile syntax references.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
