[Bug 2069461] [NEW] AppArmor profiles missing in kernel 5.15 on jammy

[Ryan Hill]

Public bug reported:

Upcoming Ubuntu Jammy FIPS images will be using the 5.15 kernel. During
our pre-publication testing the public cloud team noticed failures in
our snap_preseed_optimized test which checks to ensure that snaps are
preseeded correctly.

This test checks the output of `snap debug seeding` to assert `seed-
completion` is present and not empty.

``
❯ snap debug seeding
seeded: true
preseeded: true
image-preseeding: 39.367s
seed-completion: 1.335s
```

If `/var/lib/snapd/seed/seed.yaml` exists it also asserts that
`preseeded` is present and not empty.

With the 5.15 kernel this test is failing which indicates a kernel feature mismatch between
the running kernel and the feature set hard-coded in livecd-rootfs for this image.
Boot will be slowed by ~200ms until this is resolved in livecd-rootfs.

This solution is to add a 5.15 apparmor configuration to the jammy
branch of livecd-rootfs

[ Impact ]

Boot will be slowed by ~200ms until this is resolved in livecd-rootfs

[ Test Plan ]

 * for jammy build any cloud image with preseeded snaps with up to date 5.15 kernel (ec2-pro-fips builds prompted this)
 * boot
 * run `snap debug seeding`
 * assert the test described above passes

[ Where problems could occur ]

 * If these changes do not resolve the preseeding issue, then a feature
mismatch will remain as will the ~200ms boot delay. This will require
further iteration, but no degradation is expected

[ Other Info ]

** Affects: livecd-rootfs (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2069461

Title:
  AppArmor profiles missing in kernel 5.15 on jammy

Status in livecd-rootfs package in Ubuntu:
  New

Bug description:
  Upcoming Ubuntu Jammy FIPS images will be using the 5.15 kernel.
  During our pre-publication testing the public cloud team noticed
  failures in our snap_preseed_optimized test which checks to ensure
  that snaps are preseeded correctly.

  This test checks the output of `snap debug seeding` to assert `seed-
  completion` is present and not empty.

  ``
  ❯ snap debug seeding
  seeded: true
  preseeded: true
  image-preseeding: 39.367s
  seed-completion: 1.335s
  ```

  If `/var/lib/snapd/seed/seed.yaml` exists it also asserts that
  `preseeded` is present and not empty.

  With the 5.15 kernel this test is failing which indicates a kernel feature mismatch between
  the running kernel and the feature set hard-coded in livecd-rootfs for this image.
  Boot will be slowed by ~200ms until this is resolved in livecd-rootfs.

  This solution is to add a 5.15 apparmor configuration to the jammy
  branch of livecd-rootfs

  [ Impact ]

  Boot will be slowed by ~200ms until this is resolved in livecd-rootfs

  [ Test Plan ]

   * for jammy build any cloud image with preseeded snaps with up to date 5.15 kernel (ec2-pro-fips builds prompted this)
   * boot
   * run `snap debug seeding`
   * assert the test described above passes

  [ Where problems could occur ]

   * If these changes do not resolve the preseeding issue, then a
  feature mismatch will remain as will the ~200ms boot delay. This will
  require further iteration, but no degradation is expected

  [ Other Info ]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2069461/+subscriptions