With a default apparmor configuration and apparmor running (as a boot service) apache2 restart failes with Permission denied: AH00057: sending signal to server.

Setting /usr/sbin/apache2 to complain (aa-complain) or trying aa-logprof the following rule is suggested:

signal send set=term peer=unconfined,

The current rule regarding signals is

signal (send) peer=@{profile_name}//*,

Which would also be converted to send without braces (through aa-logprof). After auto-adjustment through aa-logprof, changing both rules, /etc/init.d/apache2 restart works as expected.

Apache package version is 2.4.46 and AppArmor 2.13.4. Kernel version is 5.4.60.

Reproducible: Always

Steps to Reproduce:
1. enable apparmor, default profiles/ no changes
2. restart apache
3. error message displayed
4. stop apparmor
5. repeat /etc/init.d/apache restart
6. suddenly works
7. re-enable apparmar
8. stops working again, same error
Actual Results:  
/etc/init.d/apache2 restart bails out with Permission denied: AH00057: sending signal to server

Expected Results:  
simply restarts apache