Ubuntu
livecd-rootfs package

apparmor feature mismatch for 6.14 kernel

Bug #2102120 reported by Jess Jang on 2025-03-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	livecd-rootfs (Ubuntu)	Fix Released	Undecided	Jess Jang

Bug Description

preseeding with the 6.14 kernel fails due to apparmor feature mismatch.

[ Impact ]

preseeding with that kernel fails which makes the boot slower.

[ Test Plan ]

* build image with livecd-rootfs
* register image on cloud
* boot image
* check that "snap debug seeding" output doesn't contain the "seed-restart-system-key" key.

[ Where problems could occur ]

Very unlikely that this creates problems. We backported similar changes a couple of times already.

[ Other Info ]
* this only needs to be SRUed for Noble . The relevant code is already in plucky and oracular
* a similar SRU we did already is https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2098306

See original description

Related branches

~jessica-youjeong/livecd-rootfs:6.14-apparmor

Merged into livecd-rootfs:ubuntu/master at revision 43d147829816181ec109e2ba1ccb42621ce3a269

Utkarsh Gupta: Approve on 2025-03-13

Thomas Bechtold (community): Approve on 2025-03-13

Canonical Foundations Team: Pending requested 2025-03-13

Diff: 386 lines (+60/-0)

54 files modified

debian/changelog (+6/-0)
live-build/apparmor/6.14/capability (+1/-0)
live-build/apparmor/6.14/caps/extended (+1/-0)
live-build/apparmor/6.14/caps/mask (+1/-0)
live-build/apparmor/6.14/dbus/mask (+1/-0)
live-build/apparmor/6.14/domain/attach_conditions/xattr (+1/-0)
live-build/apparmor/6.14/domain/change_hat (+1/-0)
live-build/apparmor/6.14/domain/change_hatv (+1/-0)
live-build/apparmor/6.14/domain/change_onexec (+1/-0)
live-build/apparmor/6.14/domain/change_profile (+1/-0)
live-build/apparmor/6.14/domain/computed_longest_left (+1/-0)
live-build/apparmor/6.14/domain/disconnected.path (+1/-0)
live-build/apparmor/6.14/domain/fix_binfmt_elf_mmap (+1/-0)
live-build/apparmor/6.14/domain/interruptible (+1/-0)
live-build/apparmor/6.14/domain/kill.signal (+1/-0)
live-build/apparmor/6.14/domain/post_nnp_subset (+1/-0)
live-build/apparmor/6.14/domain/stack (+1/-0)
live-build/apparmor/6.14/domain/unconfined_allowed_children (+1/-0)
live-build/apparmor/6.14/domain/version (+1/-0)
live-build/apparmor/6.14/file/mask (+1/-0)
live-build/apparmor/6.14/io_uring/mask (+1/-0)
live-build/apparmor/6.14/ipc/posix_mqueue (+1/-0)
live-build/apparmor/6.14/mount/mask (+1/-0)
live-build/apparmor/6.14/mount/move_mount (+1/-0)
live-build/apparmor/6.14/namespaces/mask (+1/-0)
live-build/apparmor/6.14/namespaces/pivot_root (+1/-0)
live-build/apparmor/6.14/namespaces/profile (+1/-0)
live-build/apparmor/6.14/namespaces/userns_create (+1/-0)
live-build/apparmor/6.14/network/af_mask (+1/-0)
live-build/apparmor/6.14/network/af_unix (+1/-0)
live-build/apparmor/6.14/network_v8/af_inet (+1/-0)
live-build/apparmor/6.14/network_v8/af_mask (+1/-0)
live-build/apparmor/6.14/network_v9/af_mask (+2/-0)
live-build/apparmor/6.14/network_v9/af_unix (+1/-0)
live-build/apparmor/6.14/policy/notify/user (+1/-0)
live-build/apparmor/6.14/policy/outofband (+1/-0)
live-build/apparmor/6.14/policy/permstable32 (+1/-0)
live-build/apparmor/6.14/policy/permstable32_version (+1/-0)
live-build/apparmor/6.14/policy/set_load (+1/-0)
live-build/apparmor/6.14/policy/state32 (+1/-0)
live-build/apparmor/6.14/policy/unconfined_restrictions/change_profile (+1/-0)
live-build/apparmor/6.14/policy/unconfined_restrictions/io_uring (+1/-0)
live-build/apparmor/6.14/policy/unconfined_restrictions/userns (+1/-0)
live-build/apparmor/6.14/policy/versions/v5 (+1/-0)
live-build/apparmor/6.14/policy/versions/v6 (+1/-0)
live-build/apparmor/6.14/policy/versions/v7 (+1/-0)
live-build/apparmor/6.14/policy/versions/v8 (+1/-0)
live-build/apparmor/6.14/policy/versions/v9 (+1/-0)
live-build/apparmor/6.14/ptrace/mask (+1/-0)
live-build/apparmor/6.14/query/label/data (+1/-0)
live-build/apparmor/6.14/query/label/multi_transaction (+1/-0)
live-build/apparmor/6.14/query/label/perms (+1/-0)
live-build/apparmor/6.14/rlimit/mask (+1/-0)
live-build/apparmor/6.14/signal/mask (+1/-0)

Jess Jang (jessica-youjeong) on 2025-03-13

summary:	- apparmor feature missmatch for 6.12 kernel + apparmor feature mismatch for 6.14 kernel
description:	updated

Revision history for this message

Jess Jang (jessica-youjeong) wrote on 2025-03-13:

I did testing described above in the plan
The image registered & booted on ec2 does preseed correctly:

# snap debug seeding
seeded: true
preseeded: true
image-preseeding: 1.933s
seed-completion: 1.564s

Changed in livecd-rootfs (Ubuntu):
assignee:	nobody → Jess Jang (jessica-youjeong)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-03-13:

This bug was fixed in the package livecd-rootfs - 25.04.23

---------------
livecd-rootfs (25.04.23) plucky; urgency=medium

* Add 6.14 kernel apparmor features' preseeds. (LP: #2102120)

-- Jess Jang <email address hidden> Wed, 12 Mar 2025 21:08:31 -0500

Changed in livecd-rootfs (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulivecd-rootfs package