AppArmor profiles missing in kernel 5.15.0-1051+ release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
livecd-rootfs (Ubuntu) |
Fix Committed
|
Undecided
|
Unassigned | ||
Focal |
Fix Committed
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
After the kernel roll to linux-gcp-5.15 to version 5.15.0-
This test checks the output of `snap debug seeding` to assert `seed-completion` is present and not empty.
``
❯ snap debug seeding
seeded: true
preseeded: true
image-preseeding: 39.367s
seed-completion: 1.335s
```
If `/var/lib/
With the recent kernel update this test is failing which indicates a kernel feature mismatch between
the running kernel and the feature set hard-coded in livecd-rootfs for this image.
Boot will be slowed by ~200ms until this is resolved in livecd-rootfs.
This solution is to add a 5.15 apparmor configuration to the focal branch of livecd-rootfs
The issue is also present with the recent 5.15 kernels in Jammy.
Related bugs LP: #2031943 and LP: #2045384
[ Impact ]
Boot will be slowed by ~200ms until this is resolved in livecd-rootfs
[ Test Plan ]
* for focal build any cloud image with preseeded snaps with HWE 5.15 kernel
* for jammy build any cloud image with preseeded snaps with up to date 5.15 kernel
* boot
* run `snap debug seeding`
* assert the test described above passes
[ Where problems could occur ]
* Similar patches already exist for later releases 6.2, 6.5 kernel etc. and have been used on other private customer kernels and all kernels released after 22.04, so there is already a good track record for this patchset and it shouldn't create any issues.
[ Other Info ]
* This is a time-sensitive issue for a paying customer
Related branches
- Brian Murray: Approve
- Jess Jang (community): Approve
-
Diff: 23 lines (+9/-0)2 files modifieddebian/changelog (+8/-0)
live-build/apparmor/generic/ipc/posix_mqueue (+1/-0)
- Jess Jang: Approve
-
Diff: 16 lines (+8/-0)1 file modifieddebian/changelog (+8/-0)
- Philip Roche (community): Disapprove
-
Diff: 32 lines (+11/-0) (has conflicts)2 files modifieddebian/changelog (+10/-0)
live-build/apparmor/generic/ipc/posix_mqueue (+1/-0)
- Jess Jang (community): Approve
- Ankush Pathak (community): Approve
- Steve Langasek: Approve
-
Diff: 289 lines (+71/-1)34 files modifieddebian/changelog (+7/-0)
live-build/apparmor/5.15/capability (+1/-0)
live-build/apparmor/5.15/caps/mask (+1/-0)
live-build/apparmor/5.15/dbus/mask (+1/-0)
live-build/apparmor/5.15/domain/attach_conditions/xattr (+1/-0)
live-build/apparmor/5.15/domain/change_hat (+1/-0)
live-build/apparmor/5.15/domain/change_hatv (+1/-0)
live-build/apparmor/5.15/domain/change_onexec (+1/-0)
live-build/apparmor/5.15/domain/change_profile (+1/-0)
live-build/apparmor/5.15/domain/computed_longest_left (+1/-0)
live-build/apparmor/5.15/domain/fix_binfmt_elf_mmap (+1/-0)
live-build/apparmor/5.15/domain/post_nnp_subset (+1/-0)
live-build/apparmor/5.15/domain/stack (+1/-0)
live-build/apparmor/5.15/domain/version (+1/-0)
live-build/apparmor/5.15/file/mask (+1/-0)
live-build/apparmor/5.15/ipc/posix_mqueue (+1/-0)
live-build/apparmor/5.15/mount/mask (+1/-0)
live-build/apparmor/5.15/namespaces/pivot_root (+1/-0)
live-build/apparmor/5.15/namespaces/profile (+1/-0)
live-build/apparmor/5.15/network/af_mask (+1/-0)
live-build/apparmor/5.15/network/af_unix (+1/-0)
live-build/apparmor/5.15/network_v8/af_mask (+1/-0)
live-build/apparmor/5.15/policy/set_load (+1/-0)
live-build/apparmor/5.15/policy/versions/v5 (+1/-0)
live-build/apparmor/5.15/policy/versions/v6 (+1/-0)
live-build/apparmor/5.15/policy/versions/v7 (+1/-0)
live-build/apparmor/5.15/policy/versions/v8 (+1/-0)
live-build/apparmor/5.15/ptrace/mask (+1/-0)
live-build/apparmor/5.15/query/label/data (+1/-0)
live-build/apparmor/5.15/query/label/multi_transaction (+1/-0)
live-build/apparmor/5.15/query/label/perms (+1/-0)
live-build/apparmor/5.15/rlimit/mask (+1/-0)
live-build/apparmor/5.15/signal/mask (+1/-0)
live-build/functions (+32/-1)
Changed in livecd-rootfs (Ubuntu): | |
status: | Confirmed → Fix Committed |
tags: | added: verification-done-jammy |
tags: | added: verification-needed |
tags: | removed: verification-needed |
tags: | added: verification-needed |
upstream linux bug that tracked the change.
https:/ /bugs.launchpad .net/ubuntu/ +source/ linux/+ bug/2045384