🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Service starts then fails with permission-like behavior despite correct UNIX permissions. Business functionality is partially blocked.

Environment & Reproduction

Ubuntu 22.04 with AppArmor enforcing default profiles. Reproduce by changing app data paths not covered by existing profile rules.

Root Cause Analysis

AppArmor policy denies file, network, or capability access outside profile allowances, generating audit denials.

Quick Triage

Run sudo aa-status and search denials in logs with sudo journalctl | grep DENIED.

Step-by-Step Diagnosis

Inspect /var/log/syslog and journalctl for apparmor=”DENIED” entries, map denied path/capability to active profile, and test in complain mode.

Illustrative mockup for ubuntu-22-04-lts — ubuntu2204-common-problem-13-apparmor-01.webp
Application fails due to AppArmor profile denial events. — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Update relevant AppArmor profile to permit required paths/capabilities, then reload with sudo apparmor_parser -r and return to enforce mode.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-22-04-lts — ubuntu2204-common-problem-13-apparmor-02.webp
Adjust profile rules and reload AppArmor cleanly. — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Create a local profile override under /etc/apparmor.d/local to minimize direct edits to vendor-managed profile files.

Verification & Acceptance Criteria

Service runs without denials, required operations succeed, and security posture remains enforced.

Rollback Plan

Restore previous profile from backup and reload AppArmor if new rules introduce regressions.

Prevention & Hardening

Include AppArmor policy updates in deployment changes and review denials after major application upgrades.

apparmor=DENIED, Permission denied despite file mode, service exits with code 1 under confinement.

Related tutorial: View the step-by-step tutorial for Ubuntu 22.04 LTS.

View all Ubuntu 22.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu AppArmor docs, man apparmor, man aa-status, profile language reference.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.