[Bug 2015596] Update Released
Ćukasz Zemczak
2015596 at bugs.launchpad.net
Mon Aug 28 10:36:22 UTC 2023
The verification of the Stable Release Update for livecd-rootfs has
completed successfully and the package is now being released to
-updates. Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2015596
Title:
Mismatched apparmor features on HWE kernel roll
Status in livecd-rootfs package in Ubuntu:
Fix Released
Status in livecd-rootfs source package in Jammy:
Fix Released
Bug description:
In Ubuntu 22.04, the HWE kernel has rolled to 5.19. the 5.19 kernel
includes the apparmor feature for ipc/posix_mqueue. livecd-rootfs only
contains features for the 5.15 kernel, thus missing ipc/posix_mqueue.
This leads to snap_preseed having a mismatch in features, and the
preseed is not optimized. in a cloud environment this can lead to boot
delays of between 5 and 10s (rough measurements observed while
debugging)
livecd-rootfs bind mounts apparmor features in
functions/setup_mountpoint. This occurs early in the process when the
final kernel is unknown. This only affects 22.04 at this time, but a
fix, when committed, should also be in the main branch, to ensure
future compatibility
TESTING
a failing system will present issues when checking `snap debug
seeding`
example bad output:
'preseed-system-key': {'apparmor-features': ['caps', 'dbus', 'domain', 'file',
'mount', 'namespaces', 'network',
'network_v8', 'policy', 'ptrace',
'query', 'rlimit', 'signal'],
'apparmor-parser-features': ['cap-audit-read',
'cap-bpf', 'mqueue',
'qipcrtr-socket', 'unsafe',
'xdp'],
'apparmor-parser-mtime': 1666191120,
'build-id': '79b62e11a4cf60b38c3e2449d220a6078db42607',
'cgroup-version': '2',
'nfs-home': False,
'overlay-root': '',
'seccomp-compiler-version': 'd9242946c125eab1ac4e30a3a7f48ee885551585 '
'2.5.4 '
'c3c9b282ef3c8dfcc3124b2aeaef62f56b813bfd21f8806b30a6c9dbc2e6e58d '
'bpf-actlog',
'seccomp-features': ['allow', 'errno', 'kill_process',
'kill_thread', 'log', 'trace',
'trap', 'user_notif'],
'version': 10},
'preseeded': True,
'seed-completion': '5.765s',
'seed-restart-system-key': {'apparmor-features': ['caps', 'dbus', 'domain',
'file', 'ipc', 'mount',
'namespaces', 'network',
'network_v8', 'policy',
'ptrace', 'query', 'rlimit',
'signal'],
'apparmor-parser-features': ['cap-audit-read',
'cap-bpf', 'mqueue',
'qipcrtr-socket',
'unsafe', 'xdp'],
'apparmor-parser-mtime': 1666191120,
'build-id': '79b62e11a4cf60b38c3e2449d220a6078db42607',
'cgroup-version': '2',
'nfs-home': False,
'overlay-root': '',
'seccomp-compiler-version': 'd9242946c125eab1ac4e30a3a7f48ee885551585 '
'2.5.4 '
'c3c9b282ef3c8dfcc3124b2aeaef62f56b813bfd21f8806b30a6c9dbc2e6e58d '
'bpf-actlog',
'seccomp-features': ['allow', 'errno',
'kill_process', 'kill_thread',
'log', 'trace', 'trap',
'user_notif'],
'version': 10},
'seeded': True}
This shows the comparison between what was seeded ('preseed-system-
key' and the running system 'seed-restart-system-key')
a passing test will only have times:
{'image-preseeding': '9.238s',
'preseeded': True,
'seed-completion': '9.726s',
'seeded': True}
to test:
1. create an image with an HWE kernel (for CPC this is ec2, gce, azure, oracle)
2. register image in cloud
3. run an instance
4. check `snap debug seeding`
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2015596/+subscriptions
More information about the foundations-bugs
mailing list