Ubuntu
apparmor package

[Ubuntu 25.10 Questing] systemd-detect-virt fails with Permission denied

Bug #2127681 reported by fprietog
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
New
Undecided
Unassigned

Bug Description

Important: system is a real aarch64 ("Raspberry Pi 5" not virtualized).

In Ubuntu 25.10 Questing the command "systemd-detect-virt" (and the commands that uses it like "needrestart") fail because of a permission denied to open "/sys/firmware/devicetree/base/" due to apparmor:

type=AVC msg=audit(1760147077.071:503): apparmor="DENIED" operation="open" class="file" profile="systemd-detect-virt" name="/sys/firmware/devicetree/base/" pid=3644 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
type=SYSCALL msg=audit(1760147077.071:503): arch=c00000b7 syscall=56 success=no exit=-13 a0=ffffffffffffff9c a1=ffffa1e710b0 a2=84800 a3=0 items=0 ppid=3643 pid=3644 auid=1026 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=5 comm="systemd-detect-" exe="/usr/bin/systemd-detect-virt" subj=systemd-detect-virt key=(null)ARCH=aarch64 SYSCALL=openat AUID="fprietog" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1760147077.071:503): proctitle=2F7573722F62696E2F73797374656D642D6465746563742D76697274002D2D766D002D2D7175696574

This apparmor profile for "systemd-detect-virt" is new in Ubuntu 25.10 so in previous Ubuntu versions it just works.

Additional info:
----------------
# lsb_release -rd
Description: Ubuntu 25.10
Release: 25.10

# apt-cache policy apparmor
apparmor:
  Instalados: 5.0.0~alpha1-0ubuntu8
  Candidato: 5.0.0~alpha1-0ubuntu8
  Tabla de versión:
 *** 5.0.0~alpha1-0ubuntu8 500
        500 https://ports.ubuntu.com/ubuntu-ports questing/main arm64 Packages
        100 /var/lib/dpkg/status

Revision history for this message
fprietog (fprietog) wrote (last edit ):

May this be a duplicate of this bug? :

within qemu-RISCV64: systemd-detect-virt results in "Failed to check for virtualization: Permission denied"

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2127111

Looks very similar but the system arch and the environment are totally different.

Revision history for this message
Ryan Lee (rlee287) wrote :

This looks like the same root cause, so I'll mark this bug as a duplicate of the other one.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.