The apparmor mount test is failing because while testing mounting, it is attempting to mount with the option MS_MANDLOCK and bionic's linux-kvm kernel has CONFIG_MANDATORY_FILE_LOCKING disabled, causing the operation to fail even when apparmor is not involved. Given that upstream seems to believe the code enabled by CONFIG_MANDATORY_FILE_LOCKING is little-used and buggy, I do not believe that disabling this option in the linux-kvm kernel is a bug (though it is a difference in behavior with the generic kernel).
The correct fix here is probably to have the apparmor test use a different mount option.
Hi Po-Hsu,
The apparmor mount test is failing because while testing mounting, it is attempting to mount with the option MS_MANDLOCK and bionic's linux-kvm kernel has CONFIG_ MANDATORY_ FILE_LOCKING disabled, causing the operation to fail even when apparmor is not involved. Given that upstream seems to believe the code enabled by CONFIG_ MANDATORY_ FILE_LOCKING is little-used and buggy, I do not believe that disabling this option in the linux-kvm kernel is a bug (though it is a difference in behavior with the generic kernel).
The correct fix here is probably to have the apparmor test use a different mount option.
Thanks.