Ubuntu
livecd-rootfs package

apparmor features overlay needs to be updated with 5.19 features.

Bug #1993204 reported by Simon Poirier
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
livecd-rootfs (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

 * The apparmor feature overlay used to build images currently doesn't
   match the target system features. Seeding snaps relies on this info
   on image build. Mismatch between features at boot vs seeding has
   the effect of slowing down boot by ~200ms.

[ Test Plan ]

 * When booting the resulting image, snapd should not have a `seed-restart-system-key`
   when running `snap debug seeding`

[ Other info ]

 * The updated values have been copied verbatim from a fresh image with `linux-image-5.19.0-1008-kvm`

Related branches

~simpoir/livecd-rootfs/+git/livecd-rootfs:kinetic-update-apparmor-feat
Steve Langasek: Needs Information
Thomas Bechtold (community): Needs Information
Andrew Cloke (community): Approve
Diff: 63 lines (+13/-3)
8 files modified
debian/changelog (+6/-0)
live-build/apparmor/generic/caps/mask (+1/-1)
live-build/apparmor/generic/ipc/posix_mqueue (+1/-0)
live-build/apparmor/generic/namespaces/mask (+1/-0)
live-build/apparmor/generic/network/af_mask (+1/-1)
live-build/apparmor/generic/network_v8/af_mask (+1/-1)
live-build/apparmor/generic/policy/outofband (+1/-0)
live-build/apparmor/generic/policy/versions/v9 (+1/-0)
Simon Poirier (simpoir)
summary: - apparmor features overlay needs to be updated with new 5.19 features.
+ apparmor features overlay needs to be updated with 5.19 features.
Revision history for this message
Steve Langasek (vorlon) wrote :

Copying my comments from the MP:

I agree that we should ensure snapd is generating correct cache in the chroot that will be applicable on the booted system.

I think it's terrible that any of this stuff is hard-coded in livecd-rootfs source.

Any thoughts on how to keep this up-to-date going forward without maintaining a clone of a snapshot of a /sys subtree?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package livecd-rootfs - 2.791

---------------
livecd-rootfs (2.791) kinetic; urgency=medium

  [ Brian Murray ]
  * Finish the rename of FK_FORCE_CONTAINER into FK_FORCE. (LP: #1989194)

  [ Simon Poirier ]
  * update apparmor feature overlay match the target kernel (LP: #1993204)

 -- Brian Murray <email address hidden> Mon, 17 Oct 2022 13:08:52 -0700

Changed in livecd-rootfs (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.