[Bug 2008393] Re: armhf dep8 failure due to restrictions changing apparmor profile status

Launchpad Bug Tracker 2008393 at bugs.launchpad.net
Fri Mar 3 23:36:08 UTC 2023 

This bug was fixed in the package rsyslog - 8.2302.0-1ubuntu2

---------------
rsyslog (8.2302.0-1ubuntu2) lunar; urgency=medium

  * d/t/simple-*, d/t/control: ignore aa-enforce error, which can happen
    on armhf in the Ubuntu DEP8 infrastructure, and allow-stderr for
    these tests (LP: #2008393)

 -- Andreas Hasenack <andreas at canonical.com>  Thu, 23 Feb 2023 18:56:07
-0300

** Changed in: rsyslog (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2008393

Title:
  armhf dep8 failure due to restrictions changing apparmor profile
  status

Status in rsyslog package in Ubuntu:
  Fix Released

Bug description:
  The armhf DEP8 testers in Ubuntu infrastructure have some restrictions
  and cannot change an apparmor profile. This is causing the tests to
  fail, because they try to make sure rsyslog is being tested in
  enforced mode:

  Enforcing the /etc/apparmor.d/usr.sbin.rsyslogd apparmor profile
  Setting /etc/apparmor.d/usr.sbin.rsyslogd to enforce mode.

  ERROR: /sbin/apparmor_parser: Unable to replace "rsyslogd".
  Permission denied; attempted to load a profile while confined?

  The package migrated to lunar even with this error because it never
  had DEP8 tests before, and the armhf baseline was born in this error
  state.

  These are the LXD settings used for armhf containers:
  https://git.launchpad.net/autopkgtest-
  cloud/tree/charms/focal/autopkgtest-cloud-worker/autopkgtest-
  cloud/tools/armhf-lxd.userdata#n76

  I created an armhf container on a pi4 host (arm64) with these
  settings, but couldn't reproduce the issue there. There is something
  else going on in the autopkgtest infra regarding arhmf.

  FTR, I created the container like this:

  lxc launch ubuntu-daily:lunar pi4:l-armhf \
  -c raw.lxc="apparmor.profile=unconfined" \
  -c raw.lxc="seccomp.profile=" \
  -c security.nesting=true

  EDIT: hm, the above actually doesn't work. Only the last raw.lxc value
  is used. See https://blog.simos.info/how-to-add-multi-line-raw-lxc-
  configuration-to-lxd/

  But still, apparmor works just fine. There is some other setup going
  on in the autopkgtest infrastructure.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2008393/+subscriptions

More information about the foundations-bugs mailing list