6.8 Kernel AppArmor Feature Missing on Noble
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
livecd-rootfs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
After the 6.8 rolled out the public cloud team pre publication test were failing on our snap_preseed_
This test checks the output of `snap debug seeding` to assert `seed-completion` is present and not empty.
With the recent kernel update this test is failing which indicates a kernel feature mismatch between
the running kernel and the feature set hard-coded in livecd-rootfs for this image.
This will cause boot time to lower about ~200ms.
Proposed MP is adding 6.8 apparmor features to noble branch of livecd-rootfs
Related bugs LP: #2052789
[ Impact ]
Boot will be slowed by ~200ms until this is resolved in livecd-rootfs
[ Test Plan ]
* build any noble cloud image with 6.8 kernel
* boot
* run `snap debug preseed`
* assert the test described above passes
[ Where problems could occur ]
* Similar patches already exist for later releases 6.2, 6.5 kernel etc. and have been used on other private customer kernels and all kernels released after 22.04, so there is already a good track record for this patchset and it shouldn't create any issues.
[ Other Info ]
* This is a time-sensitive issue for a paying customer
Related branches
- Utkarsh Gupta: Approve
- Canonical Foundations Team: Pending requested
-
Diff: 267 lines (+43/-0)37 files modifieddebian/changelog (+7/-0)
live-build/apparmor/6.8/capability (+1/-0)
live-build/apparmor/6.8/caps/mask (+1/-0)
live-build/apparmor/6.8/dbus/mask (+1/-0)
live-build/apparmor/6.8/domain/attach_conditions/xattr (+1/-0)
live-build/apparmor/6.8/domain/change_hat (+1/-0)
live-build/apparmor/6.8/domain/change_hatv (+1/-0)
live-build/apparmor/6.8/domain/change_onexec (+1/-0)
live-build/apparmor/6.8/domain/change_profile (+1/-0)
live-build/apparmor/6.8/domain/computed_longest_left (+1/-0)
live-build/apparmor/6.8/domain/fix_binfmt_elf_mmap (+1/-0)
live-build/apparmor/6.8/domain/post_nnp_subset (+1/-0)
live-build/apparmor/6.8/domain/stack (+1/-0)
live-build/apparmor/6.8/domain/version (+1/-0)
live-build/apparmor/6.8/file/mask (+1/-0)
live-build/apparmor/6.8/io_uring/mask (+1/-0)
live-build/apparmor/6.8/ipc/posix_mqueue (+1/-0)
live-build/apparmor/6.8/mount/mask (+1/-0)
live-build/apparmor/6.8/namespaces/mask (+1/-0)
live-build/apparmor/6.8/namespaces/pivot_root (+1/-0)
live-build/apparmor/6.8/namespaces/profile (+1/-0)
live-build/apparmor/6.8/network/af_mask (+1/-0)
live-build/apparmor/6.8/network/af_unix (+1/-0)
live-build/apparmor/6.8/network_v8/af_mask (+1/-0)
live-build/apparmor/6.8/policy/outofband (+1/-0)
live-build/apparmor/6.8/policy/set_load (+1/-0)
live-build/apparmor/6.8/policy/versions/v5 (+1/-0)
live-build/apparmor/6.8/policy/versions/v6 (+1/-0)
live-build/apparmor/6.8/policy/versions/v7 (+1/-0)
live-build/apparmor/6.8/policy/versions/v8 (+1/-0)
live-build/apparmor/6.8/policy/versions/v9 (+1/-0)
live-build/apparmor/6.8/ptrace/mask (+1/-0)
live-build/apparmor/6.8/query/label/data (+1/-0)
live-build/apparmor/6.8/query/label/multi_transaction (+1/-0)
live-build/apparmor/6.8/query/label/perms (+1/-0)
live-build/apparmor/6.8/rlimit/mask (+1/-0)
live-build/apparmor/6.8/signal/mask (+1/-0)
Subscribing ubuntu-release as per FFE policy. This bug will block noble cloud image release