Is Zorin Support messing with me? It's not April 1st...just wondering

General Help
1

So, let's get the basics out of the way first: Long time (and reluctant) Windows user, (and also long time Linux user, but never as my main desktop). Just switched over to Zorin 18 for good (burned all my ships so there's no going back). Recently during an update I saw some errors with apparmor....I did some troubleshooting, but couldn't resolve it. Since I bought the 'pro' version that comes with support I decided to open a support ticket. This is what I sent:

Errors during an upgrade:

Error Message: AppArmor parser error for /etc/apparmor.d/tunables/home at line 15: syntax error, unexpected TOK_EQUALS, expecting TOK_MODE.

Troubleshooting already done:

  1. Reinstalled apparmor package with --force-confnew.
  2. Verified no missing brackets in /etc/apparmor.d/.
  3. Temporarily disabled the apparmor service to allow dpkg to finish installing LibreWolf and Chrome.
  4. Error persists even with a default 4-line tunables/home file. Goal: Restore AppArmor functionality without the parser crashing on the "home" tunable.

And this is the response I got back (mind you, this is the first response)

It appears that some prior modification(s) you may have made to Zorin OS could have overwritten some core system components and caused this issue. These modifications may include one or more of the following:

  • adding third-party software repositories to your system
  • manually editing system files
  • executing unofficial scripts/commands

In order to resolve this issue, we would recommend you to replace your current installation of Zorin OS with a clean install by following these instructions: Replace Your Zorin OS Installation - Zorin Help

Since I'm new here, I'm wondering if this could be the equivalent of telling the freshmen that there's a "pool on the third floor of the school".

I'm frankly shocked that the support response was "reinstall the operating system". At least Microsoft will tell you to go back to a restore point...What in the Deep Fried F*&$%K is that?

So let's take the temperature here...AITA here? (always a dangerous question for an 'A' to ask, but I'm legitimately awed that Linux 'support' would offer that as the first suggestion without asking for logs or asking me to run commands or something).

2

Hi and welcome.

"This error occurs during system upgrades (often to Ubuntu 24.04 or similar) when an updated AppArmor configuration uses syntax incompatible with the currently loaded, older, or improperly configured parser, specifically regarding variable definitions like @{HOMEDIRS} in /etc/apparmor.d/tunables/home.

Immediate Solution:

  1. Edit the file: Open /etc/apparmor.d/tunables/home with root privileges (e.g., sudo nano /etc/apparmor.d/tunables/home).
  2. Comment out line 15: Place a # at the beginning of the line causing the error (typically @{HOMEDIRS}=/home/ or similar).
  3. Reload AppArmor: Run sudo systemctl restart apparmor to verify the fix.

If the line is necessary, ensure it is in the correct header section, or wait for the system to finalize the upgrade of the apparmor package itself.

Syntax error in /etc/apparmor.d/abstractions/lxc/container-base

2 Apr 2014 — stgraber commented. ... Not a syntax error, you just have an old apparmor. The solution is indeed to comment that stanza. We'll also add an extra two later this...

GitHub

[apparmor] Apparmor parser error ... syntax error, unexpected ...

22 Sept 2015 — The defines are read and partially processed during the preprocessing phase of the parse and it is choking on @{HOME}= being assigned inside of the profile scop...

[image]

Ubuntu Mailing Lists

Bug #2139312 “apparmor error” - Ubuntu - Launchpad Bugs

28 Jan 2026 — System reports: "apparmor.systemd[1713]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/tunables/home at line 15: syntax error, unexpected...

[image]

Launchpad Bugs

AI responses may include mistakes. Learn more"

I also found this:

" AppArmor update errors in Ubuntu 24.04 are commonly reported after upgrading from earlier versions, particularly 23.10, and are often linked to profile misconfigurations or missing profiles for applications like Chrome, Webex, and Flatpak apps.

  • Common Errors :
    • Unable to replace [package name]. Profile doesn't exist and Profile doesn't conform to protocol indicate corrupted or missing AppArmor profiles after upgrade.
    • apparmor="DENIED" operation="userns_create" errors (e.g., in Chrome or Webex) suggest missing or improperly configured profiles for unprivileged user namespaces.
  • Root Causes :
    • Ubuntu 24.04 introduced changes to AppArmor’s handling of unprivileged user namespaces and profile loading.
    • Some third-party applications (e.g., Chrome via .deb , Webex, Flatpak apps) require updated or custom profiles that are not automatically applied during upgrades.
    • The unconfined flag was introduced to allow additional permissions (like userns ) without full confinement, but profiles must be explicitly updated to use it.
  • Solutions :
    • Reload AppArmor profiles : Run sudo systemctl enable apparmor && sudo systemctl start apparmor to ensure the service is active and profiles are loaded.
    • Fix missing profiles :
      • For Chrome , ensure /etc/apparmor.d/chrome exists and includes flags=(unconfined) and userns .
      • For Webex , create a profile at /etc/apparmor.d/Webex with flags=(unconfined) and reload with sudo systemctl reload apparmor .
      • Remove conflicting profiles (e.g., capitalized Webex vs. lowercase webex ).
    • Reinstall AppArmor :
      • Backup /etc/apparmor.d , then run:
sudo apt purge apparmor apparmor-utils
sudo apt install apparmor apparmor-utils
  • Fix Flatpak apps : A recent update to AppArmor fixed issues with Telegram, KeePassXC, and Steam Flatpaks—ensure your system is fully updated via sudo apt update && sudo apt upgrade .
  • Troubleshooting :
    • Use sudo aa-status to check which profiles are loaded.
    • Use sudo aa-logprof to update profiles from audit logs (if not broken by known bugs).
    • If issues persist, temporarily disable AppArmor via GRUB_CMDLINE_LINUX="apparmor=0" in /etc/default/grub , then sudo update-grub , but do not leave it disabled long-term due to security risks.

Note : These issues are largely resolved in later updates to Ubuntu 24.04 LTS. Ensure your system is fully updated to avoid known bugs.

AI-generated answer. Please verify critical facts."

As Ubuntu updates get fed into their releases, e.g., Ubuntu 24.04.x, Zorin will have a delay in applying updates to ensure Zorin doesn't break.

So have you installed any Flatpak software or does Pro come with a raft of Flatpak Apps? (I don't use Zorin any more). One of the first things I did do was remove flatpak and snap, and install Synaptic Package Manager then removed gnome-software (Software).

3

No, not at all. But I can see why your immediate response might be, "How can this be the answer?"

Coming from Windows OS, your familiar environment is Sterile. On WIndows OS, there is One Desktop. One package Management standard (More or less...), one Operating System.
You get what they give you.

On Linux, GnuLinux, BSD, it is like leaving the prison and arriving in Amsterdam.
Many options, many different Desktop Environments, many sources for packages and even... many package formats.
For many arrivals from WIndows OS, this is even overwhelming. And some, dive into the deep end of the pool. Me. Cough.
Headfirst.
To our familiar environment, a user adding third party repositories or making changes is by far and above - the Most Common Thing we first face.

It is not an accusation.

Why a reinstall is the first best choice:
Let's say you have freshly installed Zorin OS, and did nothing else. No customizing. No additional software. No repositories.
But... the appamor configuration file, somewhere in the process of

  • Burning the .iso to LiveUSb for Try Zorin / Install
  • During install write
  • During package download...

Got corrupted. Maybe due to a bit of packet loss in the download or maybe to a questionable sector on the hard drive...
Then it is Corrupted and you are looking at a potential fix (Which I will post a suggested fix below if you would like to try it out) that may frustrate, unnerve you as a new user or not work... OR... perform a much easier 30 minute re-installation of the O.S.
For me personally even, I prefer to perform a fresh install on my system rather than untangle an explosion in a kite string factory.

That said Here is a fix you can try:
Run each in terminal, stop if you get an error displayed and relay that error here

sudo apt update

sudo apt download apparmor apparmor-profiles apparmor-profiles-extra

dpkg-deb -x apparmor_*.deb /tmp/aa-extract

dpkg-deb -x apparmor-profiles*.deb /tmp/aa-prof-extract

sudo rsync -a /tmp/aa-extract/etc/apparmor.d/ /etc/apparmor.d/

sudo rsync -a /tmp/aa-prof-extract/etc/apparmor.d/ /etc/apparmor.d/

sudo mkdir -p /etc/apparmor.d/local

sudo systemctl restart apparmor

sudo aa-status

1 Like
4

Just to add to the mix Debian users have been facing similar issues lately with same TOK= issue.

5

I do get your point. Allow me to add a follow-up question. Is this procedure asking for a Zorin/Linux installation with two partitions of your harddrive.
One for the OS, which could be formatted, in case of the need for a fresh installation.
A second partition (or harddrive) for all the private files which one wants to keep.
I do understand that this should be standard user knowledge, still would it not be good if the OS installer could act in such a way at the beginning? Like reserve 20-30 GB for OS and future updates and create a vault for all the rest.

6

Zorin OS 18 is using the Subiquity installer, which is the next iteration after the previous Ubiquity installer used in previous editions.

The installer is intended to be simple and straight forward.
Yes, separating data from system per partition can be a good idea, but it also has some downsides, including that splitting can introduce risks of data loss and permissions issues.
It's preferable to let that be an End User choice that has a better understanding of their hardware and needs, than to assume those kinds of variables.

And the installer has that option built in with the "Something Else" selection.

1 Like
7

Thanks all for the suggestions. Although none exclusively were the solution, they did point me towards what ultimately did solve the issue and get my apparmor back up and running:

@swarfendor437 (purge suggestion)

I had tried reloading AA, but it kept failing even with a minimal config file. But, the purge command was the key. I actually had to do a full purge (sudo apt purge apparmor) and manually deleting the "/etc/apparmor.d" folder since it failed to delete with the purge.

Then a complete reinstall with all new config files not present during the last upgrade attempt. And that did it.

I actually tried this method before but without the purge in between, so yeah...that was definitely it. Running some of Aravisian's suggestions also gave me some clues that I might need to wipe everything

shaddam-apparmor
shaddam-apparmor780Ă—438 107 KB

I'm totally outing myself here as both nerd and old with this pic, but what the hell?
:grimacing:

2 Likes