[Bug 2062929] Re: AppArmor profile policy `unconfined_restrictions` missing for jammy and mantic 6.5 kernel

Ankush Pathak 2062929 at bugs.launchpad.net
Thu Jun 27 15:40:19 UTC 2024 

@racb RE comment #4
As far as I understand the only reason the jammy approval should block on mantic approval is that the approvals must happen in the order of releases with later release being before an older release.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2062929

Title:
  AppArmor profile policy `unconfined_restrictions` missing for jammy
  and mantic 6.5 kernel

Status in livecd-rootfs package in Ubuntu:
  New
Status in livecd-rootfs source package in Jammy:
  In Progress
Status in livecd-rootfs source package in Mantic:
  In Progress
Status in livecd-rootfs source package in Oracular:
  Invalid

Bug description:
  A CPC snap preseeding test failure on arm64 is blocking image pulication.
  A recent update, specifically 6.5.0.1017.17~22.04.1, to the jammy 6.5 kernel introduced a new AppArmor profile `unconfined_restrictions`. This is not reflected in the snap preseeding code and needs to be updated.

  [ Impact ]

  Boot will be slowed by ~200ms until this is resolved in livecd-rootfs

  [ Test Plan ]
  * Build a jammy and mantic cloud image with preseeded snaps with the 6.5.0 1017+ kernel
  * Boot an instance 
  * Invoke "snap debug seeding" 
  * Ensure the output does not include "seed-restart-system-key", if it does the difference between "preseed-system-key" and "apparmor-features"/"apparmor-parser-features" is other than "policy:unconfined_restrictions"

  [ Where problems could occur ]
  * If the attempted fix has problems "snap debug seeding" should continue to report "seed-restart-system-key". There should not be any other fallout.

  [  Other Info ]
  Public cloud images block image publication on a test ensuring that snaps are preseeded. As a result this bug is blocking jammy and mantic image publication.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2062929/+subscriptions

More information about the foundations-bugs mailing list