[Bug 2146543] [NEW] 259.5-0ubuntu1 in container triggers non fatal errors on upgrade - measurements
Christian Ehrhardt
2146543 at bugs.launchpad.net
Fri Mar 27 11:06:36 UTC 2026
Public bug reported:
https://launchpad.net/ubuntu/+source/systemd/259.5-0ubuntu1 recently migrated,
I see no bug reported and nothing in proposed about what I've seen on upgrade.
On upgrade I see (in red)
Setting up systemd (259.5-0ubuntu1) ...
...
fchownat() of /sys/kernel/security/tpm0/binary_bios_measurements failed: Permission denied
fchownat() of /sys/kernel/security/ima/binary_runtime_measurements failed: Permission denied
...
The two fchownat are red and the paths exist:
root at r-hwe:~# ll /sys/kernel/security/tpm0/binary_bios_measurements /sys/kernel/security/ima/binary_runtime_measurements
lr--r--r-- 1 nobody nogroup 0 Feb 3 12:25 /sys/kernel/security/ima/binary_runtime_measurements@ -> binary_runtime_measurements_sha1
-r--r----- 1 nobody nogroup 0 Feb 3 12:25 /sys/kernel/security/tpm0/binary_bios_measurements
Theory: this is a RR container on NN and hence the kernel might not have
that, but even then I'm unsure if fchownat would be happy through the
namespace isolation.
I guess the question is if this could be more graceful and less panic-
red in a container?
This could be in a library - I see the very same later again
Setting up tpm-udev (4.1.3-6) ...
fchownat() of /sys/kernel/security/tpm0/binary_bios_measurements failed: Permission denied
fchownat() of /sys/kernel/security/ima/binary_runtime_measurements failed: Permission denied
** Affects: systemd (Ubuntu)
Importance: Low
Status: New
** Affects: tpm-udev (Ubuntu)
Importance: Low
Status: New
** Also affects: tpm-udev (Ubuntu)
Importance: Undecided
Status: New
** Changed in: systemd (Ubuntu)
Importance: Undecided => Low
** Changed in: tpm-udev (Ubuntu)
Importance: Undecided => Low
** Summary changed:
- 259.5-0ubuntu1 triggers non fatal errors on upgrade - measurements
+ 259.5-0ubuntu1 in container triggers non fatal errors on upgrade - measurements
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tpm-udev in Ubuntu.
https://bugs.launchpad.net/bugs/2146543
Title:
259.5-0ubuntu1 in container triggers non fatal errors on upgrade -
measurements
Status in systemd package in Ubuntu:
New
Status in tpm-udev package in Ubuntu:
New
Bug description:
https://launchpad.net/ubuntu/+source/systemd/259.5-0ubuntu1 recently migrated,
I see no bug reported and nothing in proposed about what I've seen on upgrade.
On upgrade I see (in red)
Setting up systemd (259.5-0ubuntu1) ...
...
fchownat() of /sys/kernel/security/tpm0/binary_bios_measurements failed: Permission denied
fchownat() of /sys/kernel/security/ima/binary_runtime_measurements failed: Permission denied
...
The two fchownat are red and the paths exist:
root at r-hwe:~# ll /sys/kernel/security/tpm0/binary_bios_measurements /sys/kernel/security/ima/binary_runtime_measurements
lr--r--r-- 1 nobody nogroup 0 Feb 3 12:25 /sys/kernel/security/ima/binary_runtime_measurements@ -> binary_runtime_measurements_sha1
-r--r----- 1 nobody nogroup 0 Feb 3 12:25 /sys/kernel/security/tpm0/binary_bios_measurements
Theory: this is a RR container on NN and hence the kernel might not
have that, but even then I'm unsure if fchownat would be happy through
the namespace isolation.
I guess the question is if this could be more graceful and less panic-
red in a container?
This could be in a library - I see the very same later again
Setting up tpm-udev (4.1.3-6) ...
fchownat() of /sys/kernel/security/tpm0/binary_bios_measurements failed: Permission denied
fchownat() of /sys/kernel/security/ima/binary_runtime_measurements failed: Permission denied
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2146543/+subscriptions
More information about the foundations-bugs
mailing list