I don’t install AppArmor. But have the same problem.
Welcome to Ubuntu Discourse 
I have moved your post to its own topic. Rarely are issues exactly the same and we want to provide you with the best possible help.
Please provide the following information:
- Ubuntu version and desktop
- errors you encountered when upgrading or installing
- system specifications such as RAM, graphic card, storage type etc.
- please explain what you mean by not installing AppArmor; it ships by default with recent Ubuntu versions
Thanks.
1 Like
Can’t upgrade packages.
apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
libnss-systemd : Depends: systemd (= 249.11-0ubuntu3.15) but 249.11-0ubuntu3.12 is installed
libpam-systemd : Depends: systemd (= 249.11-0ubuntu3.15) but 249.11-0ubuntu3.12 is installed
systemd : Depends: libsystemd0 (= 249.11-0ubuntu3.12) but 249.11-0ubuntu3.15 is installed
systemd-sysv : Depends: systemd (= 249.11-0ubuntu3.15) but 249.11-0ubuntu3.12 is installed
udev : Breaks: systemd (< 249.11-0ubuntu3.15) but 249.11-0ubuntu3.12 is installed
Recommends: systemd-hwe-hwdb but it is not installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).
apt --fix-broken install
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Correcting dependencies... Done
The following additional packages will be installed:
systemd
Suggested packages:
systemd-container libtss2-rc0
The following packages will be upgraded:
systemd
1 upgraded, 0 newly installed, 0 to remove and 40 not upgraded.
4 not fully installed or removed.
Need to get 0 B/4,581 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
(Reading database ... 99140 files and directories currently installed.)
Preparing to unpack .../systemd_249.11-0ubuntu3.15_amd64.deb ...
Unpacking systemd (249.11-0ubuntu3.15) over (249.11-0ubuntu3.12) ...
dpkg: error processing archive /var/cache/apt/archives/systemd_249.11-0ubuntu3.15_amd64.deb (--unpack):
unable to make backup link of './lib/systemd/systemd-shutdown' before installing new version: Operation not permitted
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
/var/cache/apt/archives/systemd_249.11-0ubuntu3.15_amd64.deb
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
System information
LSB Version: core-11.1.0ubuntu4-noarch:security-11.1.0ubuntu4-noarch
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
You should use sudo apt dist-upgrade (or sudo apt full-uprade), not sudo apt upgrade. What happens when you do that?
1 Like
I’m the OP from the original post. It’s exactly the same message when typing apt full-upgrade instead of ‘apt update’. The issue may be that AppArmor blocks the install action by some mistake/misconfiguration/confusion in somewhere. I didn’t install AppArmor by myself, even don’t know what it is before I hit the rock.
If it is in any way apparmor related (with is highly highly unlikely) you should see denial messages in journalctl…
Try running journalctl -f in a second terminal in parallel to see if it prints anything related while the issue happens…
I don’t see any AppArmor related logs.
When I run apt --fix-broken install, the log shows the following message
May 13 17:36:12 xxxxx systemd[1]: Reexecuting.
May 13 17:36:12 xxxxx systemd[1]: systemd 249.11-0ubuntu3.12 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
May 13 17:36:12 xxxxx systemd[1]: Detected virtualization kvm.
May 13 17:36:12 xxxxx systemd[1]: Detected architecture x86-64.
Looks like it just restarted systemd.
Same error message as when I used apt upgrade, both prompting me to use apt --fix-broken install. I can’t use the apt package manager properly anymore.
output of journalctl -f below, some veth-pair line omitted:
May 13 17:43:12 node4 systemd[1]: systemd-networkd-wait-online.service: Deactivated successfully.
May 13 17:43:12 node4 systemd[1]: Stopped Wait for Network to be Configured.
May 13 17:43:12 node4 systemd[1]: Stopping Wait for Network to be Configured...
May 13 17:43:12 node4 systemd[1]: Stopping Network Configuration...
May 13 17:43:12 node4 systemd-networkd[3656756]: eth0: DHCPv6 lease lost
May 13 17:43:12 node4 systemd[1]: systemd-networkd.service: Deactivated successfully.
May 13 17:43:12 node4 systemd[1]: Stopped Network Configuration.
May 13 17:43:12 node4 systemd[1]: Starting Network Configuration...
May 13 17:43:12 node4 systemd-networkd[3660482]: veth5de61f76: Link UP
May 13 17:43:12 node4 systemd-networkd[3660482]: veth5de61f76: Gained carrier
May 13 17:43:12 node4 systemd-networkd[3660482]: cni0: Link UP
May 13 17:43:12 node4 systemd-networkd[3660482]: cni0: Gained carrier
May 13 17:43:12 node4 systemd-networkd[3660482]: flannel.1: Link UP
May 13 17:43:12 node4 systemd-networkd[3660482]: flannel.1: Gained carrier
May 13 17:43:12 node4 systemd-networkd[3660482]: docker0: Link UP
May 13 17:43:12 node4 systemd-networkd[3660482]: eth0: Link UP
May 13 17:43:12 node4 systemd-networkd[3660482]: eth0: Gained carrier
May 13 17:43:12 node4 systemd-networkd[3660482]: lo: Link UP
May 13 17:43:12 node4 systemd-networkd[3660482]: lo: Gained carrier
May 13 17:43:12 node4 systemd-networkd[3660482]: veth5de61f76: Gained IPv6LL
May 13 17:43:12 node4 systemd-networkd[3660482]: veth05dcd036: Gained IPv6LL
May 13 17:43:12 node4 systemd-networkd[3660482]: cni0: Gained IPv6LL
May 13 17:43:12 node4 systemd-networkd[3660482]: flannel.1: Gained IPv6LL
May 13 17:43:12 node4 systemd-networkd[3660482]: eth0: Gained IPv6LL
May 13 17:43:12 node4 systemd-networkd[3660482]: Enumeration completed
May 13 17:43:12 node4 systemd[1]: Started Network Configuration.
May 13 17:43:12 node4 systemd[1]: Starting Wait for Network to be Configured...
May 13 17:43:12 node4 systemd[1]: Stopping Network Name Resolution...
May 13 17:43:12 node4 systemd[1]: systemd-resolved.service: Deactivated successfully.
May 13 17:43:12 node4 systemd[1]: Stopped Network Name Resolution.
May 13 17:43:12 node4 systemd[1]: Starting Network Name Resolution...
May 13 17:43:12 node4 systemd-networkd[3660482]: eth0: DHCPv4 address 172.21.1.209/24 via 172.21.1.253
May 13 17:43:12 node4 systemd[1]: Finished Wait for Network to be Configured.
May 13 17:43:12 node4 systemd-resolved[3660503]: Positive Trust Anchors:
May 13 17:43:12 node4 systemd-resolved[3660503]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
May 13 17:43:12 node4 systemd-resolved[3660503]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
May 13 17:43:12 node4 systemd-resolved[3660503]: Using system hostname 'node4'.
May 13 17:43:12 node4 systemd[1]: Started Network Name Resolution.
May 13 17:43:12 node4 systemd-journald[3656793]: Journal stopped
May 13 17:43:12 node4 systemd-journald[3660523]: Journal started
May 13 17:43:12 node4 systemd-journald[3660523]: System Journal (/var/log/journal/f2cced9588c74d2fab0f3b137d4ec261) is 4.0G, max 4.0G, 0B free.
May 13 17:43:15 node4 systemd-resolved[3660503]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 100.100.2.136.
In related topic, I posted kernel logs, it shows the option(seems when renaming old version of systemd) is blocked by AppArmor
Well, in the above logs there are no apparmor related lines at all, so this is definitely not apparmor related…
Where are these kernel logs you refer to ?
Kernel log is here. The weird thing is that I can’t reproduce it now.
Well, first of all, why did you move the conversation over to this thread, I guess it was split for a reason (i.e. to keep the two cases apart)…
Second, looking at the timestamps and log lines it looks like they are only related to the Ubuntu Pro client and the first messages seem to happen during or right after boot ( 200-something seconds after powering on your machine), this isn’t likely to be related to your update problem at all…
The OP didn’t split the topic. A moderator did.
We have seen many instances of two similar symptoms having very different causes, so such splitting is routine to avoid confusion and “the solution didn’t work for me” followups.
Now back to the troubleshooting…
I didn’t say the OP split it 
I was just asking why the OP went on with the conversation in the split-off part instead of the original thread, which kind of defeats the purpose of splitting …
Hi @ogra, Sorry for replying under the inappropriate topic.
I was a bit too hasty, eager to quickly seek assistance and investigate the cause of the issue. This problem has cost me a whole day, and it has appeared on at least 13 production environment nodes (a commonality is that these machines were installed and initialized around the same time). If I can’t resolve it within a certain timeframe, I may have to rebuild and do some data migration on all the affected machines in the next one or two weekends.
As you said, suspicion about AppArmor seems a wrong direction, so I and the OP of this topic went back to the same starting point. We met exactly same error and are using the same version of distributions. Please feel free to let me know if there’s any information I can provide.