[Bug 2074204] Re: AppArmor profiles missing for jammy and 6.8 kernel

Timo Aaltonen 2074204 at bugs.launchpad.net
Fri Aug 9 05:21:29 UTC 2024 

Hello Tomáš, or anyone else affected,

Accepted livecd-rootfs into jammy-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/livecd-
rootfs/2.765.46 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
jammy to verification-done-jammy. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-jammy. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: livecd-rootfs (Ubuntu Jammy)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2074204

Title:
  AppArmor profiles missing for jammy and 6.8 kernel

Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Jammy:
  Fix Committed

Bug description:
  A CPC test build of a jammy image with 6.8 edge kernel revealed that
  AppArmor profiles are missing for 6.8 kernel in livecd-rootfs, leading
  to fall back to generic AppArmor profiles which don't contain
  configuration for io_uring. This leads to `snap debug seeding` output
  non-empty `seed-restart-system-key` dict (attached in snap-debug-
  seeding.json) after first boot.

  [ Impact ]

  Boot will be slowed by ~200ms until this is resolved in livecd-rootfs

  [ Test Plan ]
  * Build a jammy cloud image with preseeded snaps with the 6.8 edge kernel
  * Boot an instance
  * Invoke "snap debug seeding"
  * Ensure the output does not include "seed-restart-system-key", if it does the difference between "preseed-system-key" and "apparmor-features"/"apparmor-parser-features" is other than "io_uring"

  [ Where problems could occur ]
  * If the attempted fix has problems "snap debug seeding" should continue to report "seed-restart-system-key". There should not be any other fallout.

  [ Other Info ]

  Public cloud images block image publication on a test ensuring that
  snaps are preseeded. As a result this will block jammy image
  publication once the edge kernel becomes the HWE kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2074204/+subscriptions

More information about the foundations-bugs mailing list