apparmor gets killed during change_hat operation

This document (7010509) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 11 Service Pack 2


A customer created a  simple role based access control with Apparmor on SLES11SP1.
This worked fine, but broke after updating the system to SLES11SP2.

Excerpt from audit log:

type=AVC msg=audit(1339184509.487:79554): apparmor="KILLED" operation="change_hat"....


Remove all entries for from the files in /etc/pam.d/

after that, run:

pam-config -a --apparmor

This correctly configures pam to make use of apparmor.


pam_apparmor configuration changed in between SP1 and SP2

On SP1 it's necessary to configure pam manually. See /usr/share/doc/packages/pam_apparmor/README for details.

However, this is errorprone and breaks the pam configuration if the pam_apparmor rpm package is deinstalled without removing the added lines from the pam config files.

Decision was made to configure pam_apparmor on SP2 automatically to be able to remove the configuration while deinstallation of the rpm package.

Additional Information


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010509
  • Creation Date: 24-Jul-2012
  • Modified Date:04-Oct-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center