2023-10-22 04:05:28 |
Claudio Leite |
bug |
|
|
added bug |
2023-10-22 04:05:28 |
Claudio Leite |
attachment added |
|
apparmor_version.patch https://bugs.launchpad.net/bugs/2040082/+attachment/5712161/+files/apparmor_version.patch |
|
2023-10-22 04:06:45 |
Claudio Leite |
bug task added |
|
libpod (Ubuntu) |
|
2023-10-22 08:17:19 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2023-10-22 08:17:22 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2023-10-25 09:37:38 |
Martin Pitt |
golang-github-containers-common (Ubuntu): status |
New |
Triaged |
|
2023-10-25 09:37:43 |
Martin Pitt |
libpod (Ubuntu): status |
New |
Triaged |
|
2023-10-25 09:37:46 |
Martin Pitt |
golang-github-containers-common (Ubuntu): importance |
Undecided |
Critical |
|
2023-10-25 09:37:48 |
Martin Pitt |
libpod (Ubuntu): importance |
Undecided |
Critical |
|
2023-10-25 09:38:13 |
Martin Pitt |
nominated for series |
|
Ubuntu Mantic |
|
2023-10-25 09:38:13 |
Martin Pitt |
bug task added |
|
libpod (Ubuntu Mantic) |
|
2023-10-25 09:38:13 |
Martin Pitt |
bug task added |
|
golang-github-containers-common (Ubuntu Mantic) |
|
2023-10-25 09:46:28 |
Martin Pitt |
bug task deleted |
libpod (Ubuntu Mantic) |
|
|
2023-10-25 09:46:32 |
Martin Pitt |
libpod (Ubuntu): importance |
Critical |
Undecided |
|
2023-10-25 09:46:37 |
Martin Pitt |
golang-github-containers-common (Ubuntu Mantic): status |
New |
Triaged |
|
2023-10-25 09:46:41 |
Martin Pitt |
golang-github-containers-common (Ubuntu Mantic): importance |
Undecided |
Critical |
|
2023-10-25 11:12:11 |
Martin Pitt |
tags |
patch |
mantic patch regression-release |
|
2023-10-28 09:57:31 |
FrancisJiang |
information type |
Public |
Public Security |
|
2023-10-28 09:57:51 |
FrancisJiang |
information type |
Public Security |
Public |
|
2023-10-28 09:58:35 |
FrancisJiang |
bug |
|
|
added subscriber FrancisJiang |
2023-11-01 12:12:14 |
Reinhard Tartler |
bug watch added |
|
https://github.com/containers/podman/issues/20278 |
|
2023-11-01 12:12:14 |
Reinhard Tartler |
bug task added |
|
podman |
|
2023-11-01 13:25:18 |
Bug Watch Updater |
podman: status |
Unknown |
Fix Released |
|
2023-11-05 10:46:53 |
Chris Halse Rogers |
description |
After upgrading to mantic, I had an error launching any (root mode) container with podman. I then confirmed this happens on a clean 23.10 VM.
root@ubuntu:~# podman run --rm -it ubuntu
Error: install profile containers-default-0.50.1: generate default profile into pipe: get AppArmor version: convert AppArmor patch version: strconv.Atoi: parsing "0~alpha2": invalid syntax
root@ubuntu:~#
This issue has recently been fixed upstream in containers/common:
https://github.com/containers/podman/issues/20278
https://github.com/containers/common/pull/1689
The patch applies cleanly to this version. After rebuilding podman against the patched package everything worked as expected.
root@ubuntu:~# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 23.10
Release: 23.10
root@ubuntu:~#
root@ubuntu:~# apt-cache policy podman
podman:
Installed: 4.3.1+ds1-8
Candidate: 4.3.1+ds1-8
Version table:
*** 4.3.1+ds1-8 500
500 http://us.archive.ubuntu.com/ubuntu mantic/universe amd64 Packages
100 /var/lib/dpkg/status
root@ubuntu:~# |
[ Impact ]
On mantic, when run as root, podman cannot run any container due to misparsing the AppArmor version. This requires a patch to golang-github-containers-common to handle Mantic's AppArmor version containing "~alpha2", and then a no-change rebuild for libpod to pick up the fixed code.
[ Test Plan ]
Run (as root) any container. For example:
```
sudo podman run --rm -it ubuntu ls /
Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/ubuntu:latest...
Getting image source signatures
Copying blob aece8493d397 done
Copying config e4c5895818 done
Writing manifest to image destination
Storing signatures
Error: install profile containers-default-0.50.1: generate default profile into pipe: get AppArmor version: convert AppArmor patch version: strconv.Atoi: parsing "0~alpha2": invalid syntax
```
Success looks like:
```
sudo podman run --rm -it ubuntu ls /
Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/ubuntu:latest...
Getting image source signatures
Copying blob aece8493d397 done
Copying config e4c5895818 done
Writing manifest to image destination
Storing signatures
bin boot dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
```
Additionally some quick smoke testing would be sensible; podman has lots of subcommands, but running “podman volume list”, “podman info”, and “podman ps” as both a user and as root would cover some basic smoke testing.
[ Where problems could occur ]
While the patch is small, it requires a rebuild of podman that will pull in any other changes in the archive since the last build. A quick check of the Built-Using metadata shows that there aren't any major changes since the last build, but there *have* been some rebuilds, most concerningly a golang-1.20 patch release.
[ Original report ]
After upgrading to mantic, I had an error launching any (root mode) container with podman. I then confirmed this happens on a clean 23.10 VM.
root@ubuntu:~# podman run --rm -it ubuntu
Error: install profile containers-default-0.50.1: generate default profile into pipe: get AppArmor version: convert AppArmor patch version: strconv.Atoi: parsing "0~alpha2": invalid syntax
root@ubuntu:~#
This issue has recently been fixed upstream in containers/common:
https://github.com/containers/podman/issues/20278
https://github.com/containers/common/pull/1689
The patch applies cleanly to this version. After rebuilding podman against the patched package everything worked as expected.
root@ubuntu:~# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 23.10
Release: 23.10
root@ubuntu:~#
root@ubuntu:~# apt-cache policy podman
podman:
Installed: 4.3.1+ds1-8
Candidate: 4.3.1+ds1-8
Version table:
*** 4.3.1+ds1-8 500
500 http://us.archive.ubuntu.com/ubuntu mantic/universe amd64 Packages
100 /var/lib/dpkg/status
root@ubuntu:~# |
|
2023-11-06 00:12:59 |
Georgi Georgiev |
bug |
|
|
added subscriber Georgi Georgiev |
2023-11-12 15:42:49 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Reinhard Tartler |
2023-11-14 07:17:45 |
Chris Halse Rogers |
golang-github-containers-common (Ubuntu Mantic): status |
Triaged |
Fix Committed |
|
2023-11-14 07:17:46 |
Chris Halse Rogers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2023-11-14 07:17:49 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
2023-11-14 07:17:56 |
Chris Halse Rogers |
tags |
mantic patch regression-release |
mantic patch regression-release verification-needed verification-needed-mantic |
|
2023-11-14 09:43:15 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Chris Halse Rogers |
2023-11-15 03:54:36 |
Chris Halse Rogers |
libpod (Ubuntu Mantic): status |
New |
Fix Committed |
|
2023-11-23 00:08:39 |
Launchpad Janitor |
golang-github-containers-common (Ubuntu): status |
Triaged |
Fix Released |
|
2023-11-30 02:49:50 |
Chris Halse Rogers |
tags |
mantic patch regression-release verification-needed verification-needed-mantic |
mantic patch regression-release verification-done-mantic |
|
2023-11-30 06:38:42 |
Launchpad Janitor |
libpod (Ubuntu Mantic): status |
Fix Committed |
Fix Released |
|
2023-11-30 06:38:50 |
Launchpad Janitor |
golang-github-containers-common (Ubuntu Mantic): status |
Fix Committed |
Fix Released |
|
2023-11-30 06:38:53 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2023-12-04 10:01:50 |
Martin Pitt |
libpod (Ubuntu): status |
Triaged |
Fix Committed |
|
2023-12-04 10:01:57 |
Martin Pitt |
libpod (Ubuntu): importance |
Undecided |
Critical |
|
2023-12-06 11:28:30 |
Launchpad Janitor |
libpod (Ubuntu): status |
Fix Committed |
Fix Released |
|