error parsing AppArmor version
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
podman |
Fix Released
|
Unknown
|
|||
golang-github-containers-common (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Mantic |
Fix Released
|
Critical
|
Unassigned | ||
libpod (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
On mantic, when run as root, podman cannot run any container due to misparsing the AppArmor version. This requires a patch to golang-
[ Test Plan ]
Run (as root) any container. For example:
```
sudo podman run --rm -it ubuntu ls /
Resolved "ubuntu" as an alias (/etc/container
Trying to pull docker.
Getting image source signatures
Copying blob aece8493d397 done
Copying config e4c5895818 done
Writing manifest to image destination
Storing signatures
Error: install profile containers-
```
Success looks like:
```
sudo podman run --rm -it ubuntu ls /
Resolved "ubuntu" as an alias (/etc/container
Trying to pull docker.
Getting image source signatures
Copying blob aece8493d397 done
Copying config e4c5895818 done
Writing manifest to image destination
Storing signatures
bin boot dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
```
Additionally some quick smoke testing would be sensible; podman has lots of subcommands, but running “podman volume list”, “podman info”, and “podman ps” as both a user and as root would cover some basic smoke testing.
[ Where problems could occur ]
While the patch is small, it requires a rebuild of podman that will pull in any other changes in the archive since the last build. A quick check of the Built-Using metadata shows that there aren't any major changes since the last build, but there *have* been some rebuilds, most concerningly a golang-1.20 patch release.
[ Original report ]
After upgrading to mantic, I had an error launching any (root mode) container with podman. I then confirmed this happens on a clean 23.10 VM.
root@ubuntu:~# podman run --rm -it ubuntu
Error: install profile containers-
root@ubuntu:~#
This issue has recently been fixed upstream in containers/common:
https:/
https:/
The patch applies cleanly to this version. After rebuilding podman against the patched package everything worked as expected.
root@ubuntu:~# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 23.10
Release: 23.10
root@ubuntu:~#
root@ubuntu:~# apt-cache policy podman
podman:
Installed: 4.3.1+ds1-8
Candidate: 4.3.1+ds1-8
Version table:
*** 4.3.1+ds1-8 500
500 http://
100 /var/lib/
root@ubuntu:~#
tags: | added: mantic regression-release |
information type: | Public → Public Security |
information type: | Public Security → Public |
Changed in podman: | |
status: | Unknown → Fix Released |
description: | updated |
tags: |
added: verification-done-mantic removed: verification-needed verification-needed-mantic |
The attachment "apparmor_ version. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]