| 2022-08-31 07:55:13 |
Danila Balagansky |
bug |
|
|
added bug |
| 2022-08-31 08:03:01 |
Andrew Bonney |
bug |
|
|
added subscriber Andrew Bonney |
| 2022-10-02 13:55:46 |
Thobias Trevisan |
bug |
|
|
added subscriber Thobias Trevisan |
| 2022-10-02 14:26:47 |
Felipe Alencastro |
bug |
|
|
added subscriber Felipe Alencastro |
| 2022-10-02 14:37:13 |
Felipe Alencastro |
cloud-archive: status |
New |
Confirmed |
|
| 2022-10-03 01:06:17 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
| 2022-10-05 15:59:45 |
Christian Ehrhardt |
bug |
|
|
added subscriber John Johansen |
| 2022-10-05 15:59:57 |
Christian Ehrhardt |
bug task added |
|
apparmor (Ubuntu) |
|
| 2022-10-05 16:00:04 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Focal |
|
| 2022-10-05 16:00:04 |
Christian Ehrhardt |
bug task added |
|
apparmor (Ubuntu Focal) |
|
| 2022-10-05 16:00:16 |
Christian Ehrhardt |
apparmor (Ubuntu): status |
New |
Invalid |
|
| 2022-10-11 08:11:37 |
Ponnuvel Palaniyappan |
tags |
|
sts |
|
| 2022-10-17 14:06:29 |
Heather Lemon |
cloud-archive: assignee |
|
Heather Lemon (hypothetical-lemon) |
|
| 2022-10-17 15:17:49 |
Heather Lemon |
attachment added |
|
adds focal-yoga patch https://bugs.launchpad.net/cloud-archive/+bug/1988270/+attachment/5624588/+files/lp1988270-focalyoga-removecapability.debdiff |
|
| 2022-10-17 18:03:28 |
Heather Lemon |
description |
On a fully patched Ubuntu Focal with Yoga UCA enabled, after installation of libvirt-daemon-system, restarting apparmor would fail with error:
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Restarting AppArmor
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Reloading AppArmor profiles
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6341]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6348]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6413]: AppArmor parser error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6418]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Error: At least one profile failed to load
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Failed with result 'exit-code'.
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: Failed to start Load AppArmor profiles.
In addition to bpf, perfmon capability, which is also enabled in /etc/apparmor.d/usr.sbin.libvirtd profile, would lead to the same error.
System information:
root@ubuntu2004:~# uname -a
Linux ubuntu2004.localdomain 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu2004:~# dpkg -l libvirt\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==========================================-=======================-============-=============================================================
ii libvirt-clients 8.0.0-1ubuntu7.1~cloud0 amd64 Programs for the libvirt library
ii libvirt-daemon 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon
ii libvirt-daemon-config-network 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network)
ii libvirt-daemon-config-nwfilter 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network filters)
un libvirt-daemon-driver-lxc <none> <none> (no description available)
ii libvirt-daemon-driver-qemu 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon QEMU connection driver
un libvirt-daemon-driver-storage-gluster <none> <none> (no description available)
un libvirt-daemon-driver-storage-iscsi-direct <none> <none> (no description available)
un libvirt-daemon-driver-storage-rbd <none> <none> (no description available)
un libvirt-daemon-driver-storage-zfs <none> <none> (no description available)
un libvirt-daemon-driver-vbox <none> <none> (no description available)
un libvirt-daemon-driver-xen <none> <none> (no description available)
ii libvirt-daemon-system 8.0.0-1ubuntu7.1~cloud0 amd64 Libvirt daemon configuration files
ii libvirt-daemon-system-systemd 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (systemd)
un libvirt-daemon-system-sysv <none> <none> (no description available)
un libvirt-login-shell <none> <none> (no description available)
un libvirt-sanlock <none> <none> (no description available)
ii libvirt0:amd64 8.0.0-1ubuntu7.1~cloud0 amd64 library for interfacing with different virtualization systems
root@ubuntu2004:~# dpkg -l apparmor\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=======================-=================-============-======================================
ii apparmor 2.13.3-7ubuntu5.1 amd64 user-space parser utility for AppArmor
un apparmor-profiles-extra <none> <none> (no description available)
un apparmor-utils <none> <none> (no description available) |
[ Impact ]
AppArmor fails to start with yoga-focal uca libvirt profile
[ Test Plan ]
generate yoga-focal openstack instance
juju ssh nova-compute/0
sudo systemctl restart apparmor
journalctl -xe
# Error message
ct 04 15:55:32 juju-6d4862-apparmorbug-9 apparmor.systemd[94081]: AppArmor parser error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.li>
Oct 04 15:55:32 juju-6d4862-apparmorbug-9 apparmor.systemd[94082]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Oct 04 15:55:32 juju-6d4862-apparmorbug-9 audit[94084]: AVC apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="u>
Oct 04 15:55:32 juju-6d4862-apparmorbug-9 apparmor.systemd[94005]: Error: At least one profile failed to load
[ Other Notes ]
On a fully patched Ubuntu Focal with Yoga UCA enabled, after installation of libvirt-daemon-system, restarting apparmor would fail with error:
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Restarting AppArmor
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Reloading AppArmor profiles
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6341]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6348]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6413]: AppArmor parser error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6418]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Error: At least one profile failed to load
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Failed with result 'exit-code'.
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: Failed to start Load AppArmor profiles.
In addition to bpf, perfmon capability, which is also enabled in /etc/apparmor.d/usr.sbin.libvirtd profile, would lead to the same error.
System information:
root@ubuntu2004:~# uname -a
Linux ubuntu2004.localdomain 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu2004:~# dpkg -l libvirt\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==========================================-=======================-============-=============================================================
ii libvirt-clients 8.0.0-1ubuntu7.1~cloud0 amd64 Programs for the libvirt library
ii libvirt-daemon 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon
ii libvirt-daemon-config-network 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network)
ii libvirt-daemon-config-nwfilter 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network filters)
un libvirt-daemon-driver-lxc <none> <none> (no description available)
ii libvirt-daemon-driver-qemu 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon QEMU connection driver
un libvirt-daemon-driver-storage-gluster <none> <none> (no description available)
un libvirt-daemon-driver-storage-iscsi-direct <none> <none> (no description available)
un libvirt-daemon-driver-storage-rbd <none> <none> (no description available)
un libvirt-daemon-driver-storage-zfs <none> <none> (no description available)
un libvirt-daemon-driver-vbox <none> <none> (no description available)
un libvirt-daemon-driver-xen <none> <none> (no description available)
ii libvirt-daemon-system 8.0.0-1ubuntu7.1~cloud0 amd64 Libvirt daemon configuration files
ii libvirt-daemon-system-systemd 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (systemd)
un libvirt-daemon-system-sysv <none> <none> (no description available)
un libvirt-login-shell <none> <none> (no description available)
un libvirt-sanlock <none> <none> (no description available)
ii libvirt0:amd64 8.0.0-1ubuntu7.1~cloud0 amd64 library for interfacing with different virtualization systems
root@ubuntu2004:~# dpkg -l apparmor\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=======================-=================-============-======================================
ii apparmor 2.13.3-7ubuntu5.1 amd64 user-space parser utility for AppArmor
un apparmor-profiles-extra <none> <none> (no description available)
un apparmor-utils <none> <none> (no description available) |
|
| 2022-10-19 14:49:32 |
Edward Hope-Morley |
nominated for series |
|
Ubuntu Jammy |
|
| 2022-10-19 14:49:32 |
Edward Hope-Morley |
bug task added |
|
apparmor (Ubuntu Jammy) |
|
| 2022-10-19 14:50:00 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/yoga |
|
| 2022-10-19 14:50:00 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/yoga |
|
| 2022-10-19 14:50:00 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/zed |
|
| 2022-10-19 14:50:00 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/zed |
|
| 2022-10-19 15:56:53 |
Heather Lemon |
attachment added |
|
updated patch file to remove quilt .pc lines https://bugs.launchpad.net/cloud-archive/+bug/1988270/+attachment/5625273/+files/lp1988270-focalyoga-libvirt-removecapability-revision1.debdiff |
|
| 2022-11-29 08:49:17 |
Launchpad Janitor |
apparmor (Ubuntu Focal): status |
New |
Confirmed |
|
| 2022-11-29 08:49:17 |
Launchpad Janitor |
apparmor (Ubuntu Jammy): status |
New |
Confirmed |
|
| 2022-11-29 08:51:03 |
Rafa |
bug |
|
|
added subscriber Rafa |
| 2022-11-29 08:53:29 |
Rafa |
cloud-archive/yoga: status |
New |
Confirmed |
|
| 2022-11-29 14:06:15 |
Heather Lemon |
cloud-archive/zed: assignee |
Heather Lemon (hypothetical-lemon) |
|
|
| 2023-01-09 13:52:12 |
Heather Lemon |
bug |
|
|
added subscriber Heather Lemon |
| 2023-03-29 16:16:06 |
Heather Lemon |
nominated for series |
|
cloud-archive/xena |
|
| 2023-03-29 16:16:06 |
Heather Lemon |
bug task added |
|
cloud-archive/xena |
|
| 2023-03-29 16:16:06 |
Heather Lemon |
nominated for series |
|
cloud-archive/antelope |
|
| 2023-03-29 16:16:06 |
Heather Lemon |
bug task added |
|
cloud-archive/antelope |
|
| 2023-03-29 16:16:28 |
Heather Lemon |
bug task deleted |
cloud-archive/xena |
|
|
| 2023-03-30 13:50:48 |
Heather Lemon |
cloud-archive/yoga: status |
Confirmed |
Fix Released |
|
| 2023-04-04 15:19:49 |
Edward Hope-Morley |
bug task deleted |
cloud-archive |
|
|
| 2023-04-04 15:20:15 |
Edward Hope-Morley |
bug task deleted |
cloud-archive/antelope |
|
|
| 2023-04-04 15:20:20 |
Edward Hope-Morley |
bug task deleted |
cloud-archive/yoga |
|
|
| 2023-04-04 15:20:28 |
Edward Hope-Morley |
bug task deleted |
cloud-archive/zed |
|
|
| 2023-04-04 15:23:35 |
Edward Hope-Morley |
apparmor (Ubuntu Jammy): status |
Confirmed |
Fix Released |
|
| 2023-04-04 15:23:37 |
Edward Hope-Morley |
apparmor (Ubuntu Focal): status |
Confirmed |
Fix Committed |
|
| 2023-04-04 15:23:41 |
Edward Hope-Morley |
apparmor (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
