[Bug 2122633] Re: os-prober is broken on Questing due to apparmor misconfiguration

Fri Sep 12 17:32:18 UTC 2025

@rlee287

I should've prepared the logs sooner but I didn't have access to the
machine at the time of filing the bug.

Here is the log:

---
root at vmsan:~# aa-complain os-prober
Setting /usr/bin/os-prober to complain mode.
Warning: profile os-prober represents multiple programs
Warning: profile os-prober represents multiple programs

---
root at vmsan:~# os-prober
/dev/nvme0n1p1@/EFI/Microsoft/Boot/bootmgfw.efi:Windows Boot Manager:Windows:efi

---
root at vmsan:~# journalctl --system -b-0 --output=short | grep -e os-prober -e audit
Sep 12 10:18:53 vmsan kernel: audit: type=1400 audit(1757697533.603:3866): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="os-prober" pid=5589 comm="apparmor_parser"
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.751:3867): apparmor="ALLOWED" operation="exec" class="file" profile="os-prober" name="/usr/lib/cargo/bin/coreutils/mktemp" pid=5595 comm="os-prober" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp"
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.751:3868): apparmor="ALLOWED" operation="file_mmap" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/usr/lib/cargo/bin/coreutils/mktemp" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.751:3869): apparmor="ALLOWED" operation="file_mmap" class="file" profile="os-prober" name="/usr/lib/cargo/bin/coreutils/mktemp" pid=5595 comm="mktemp" requested_mask="m" denied_mask="m" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.751:3870): apparmor="ALLOWED" operation="file_mmap" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.752:3871): apparmor="ALLOWED" operation="open" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/etc/ld.so.cache" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.752:3872): apparmor="ALLOWED" operation="getattr" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/etc/ld.so.cache" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.752:3873): apparmor="ALLOWED" operation="getattr" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/etc/ld.so.cache" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.752:3874): apparmor="ALLOWED" operation="file_mmap" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/etc/ld.so.cache" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.752:3875): apparmor="ALLOWED" operation="open" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/usr/lib/x86_64-linux-gnu/libselinux.so.1" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan kernel: audit: type=1400 audit(1757697542.752:3876): apparmor="ALLOWED" operation="file_perm" class="file" profile="os-prober//null-/usr/lib/cargo/bin/coreutils/mktemp" name="/usr/lib/x86_64-linux-gnu/libselinux.so.1" pid=5595 comm="mktemp" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 10:19:02 vmsan os-prober[5710]: debug: running /usr/lib/os-probes/mounted/05efi on mounted /dev/nvme0n1p1
Sep 12 10:19:03 vmsan os-prober[5749]: debug: os detected by /usr/lib/os-probes/mounted/05efi
Sep 12 10:19:03 vmsan os-prober[5766]: debug: running /usr/lib/os-probes/mounted/05efi on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5769]: debug: running /usr/lib/os-probes/mounted/10freedos on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5772]: debug: running /usr/lib/os-probes/mounted/10qnx on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5775]: debug: running /usr/lib/os-probes/mounted/20macosx on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5778]: debug: running /usr/lib/os-probes/mounted/20microsoft on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5781]: debug: running /usr/lib/os-probes/mounted/30utility on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5784]: debug: running /usr/lib/os-probes/mounted/40lsb on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5786]: debug: running /usr/lib/os-probes/mounted/70hurd on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5788]: debug: running /usr/lib/os-probes/mounted/80minix on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5790]: debug: running /usr/lib/os-probes/mounted/83haiku on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5793]: debug: running /usr/lib/os-probes/mounted/90linux-distro on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5797]: debug: running /usr/lib/os-probes/mounted/90solaris on mounted /dev/nvme0n1p2
Sep 12 10:19:03 vmsan os-prober[5804]: debug: running /usr/lib/os-probes/50mounted-tests on /dev/nvme0n1p3
Sep 12 10:19:03 vmsan os-prober[5811]: debug: os detected by /usr/lib/os-probes/50mounted-tests
Sep 12 10:19:03 vmsan os-prober[5817]: debug: running /usr/lib/os-probes/50mounted-tests on /dev/nvme0n1p4
Sep 12 10:19:03 vmsan os-prober[5824]: debug: os detected by /usr/lib/os-probes/50mounted-tests
Sep 12 10:19:03 vmsan os-prober[5830]: debug: running /usr/lib/os-probes/50mounted-tests on /dev/nvme0n1p5
Sep 12 10:19:03 vmsan os-prober[5839]: debug: os detected by /usr/lib/os-probes/50mounted-tests
Sep 12 10:19:03 vmsan os-prober[5845]: debug: running /usr/lib/os-probes/50mounted-tests on /dev/nvme0n1p6

---
root at vmsan:~# aa-enforce os-prober
Setting /usr/bin/os-prober to enforce mode.
Warning: profile os-prober represents multiple programs

---
root at vmsan:~# os-prober
/usr/bin/os-prober: 25: mktemp: Permission denied
/usr/bin/os-prober: 17: cannot create /dmraid-map: Permission denied
/usr/bin/os-prober: 18: rm: Permission denied

---
root at vmsan:~# journalctl --system -b-0 --output=short | grep -e os-prober -e audit
Sep 12 10:19:18 vmsan kernel: audit: type=1400 audit(1757697558.347:7406): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="os-prober" pid=5862 comm="apparmor_parser"
Sep 12 10:19:27 vmsan kernel: audit: type=1400 audit(1757697567.912:7407): apparmor="DENIED" operation="exec" class="file" profile="os-prober" name="/usr/lib/cargo/bin/coreutils/mktemp" pid=5886 comm="os-prober" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Sep 12 10:19:27 vmsan kernel: audit: type=1400 audit(1757697567.912:7408): apparmor="DENIED" operation="exec" class="file" profile="os-prober" name="/usr/lib/cargo/bin/coreutils/mktemp" pid=5886 comm="os-prober" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Sep 12 10:19:27 vmsan kernel: audit: type=1400 audit(1757697567.913:7409): apparmor="DENIED" operation="mknod" class="file" profile="os-prober" name="/dmraid-map" pid=5884 comm="os-prober" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Sep 12 10:19:27 vmsan kernel: audit: type=1400 audit(1757697567.913:7410): apparmor="DENIED" operation="exec" class="file" profile="os-prober" name="/usr/lib/cargo/bin/coreutils/rm" pid=5887 comm="os-prober" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Sep 12 10:19:27 vmsan kernel: audit: type=1400 audit(1757697567.913:7411): apparmor="DENIED" operation="exec" class="file" profile="os-prober" name="/usr/lib/cargo/bin/coreutils/rm" pid=5887 comm="os-prober" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to os-prober in Ubuntu.
https://bugs.launchpad.net/bugs/2122633

Title:
  os-prober is broken on Questing due to apparmor misconfiguration

Status in apparmor package in Ubuntu:
  New
Status in os-prober package in Ubuntu:
  New
Status in rust-coreutils package in Ubuntu:
  New

Bug description:
  os=prober fails to function Questing.

  It appears that apparmor blocks temp directory creation (mktemp from
  rust-coreutils) in context of os-prober.

  Just renaming os-prober script to anything else allows it to function.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2122633/+subscriptions