linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression with new apparmor profiles/features
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| chrony (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Noble |
Invalid
|
Undecided
|
Unassigned | ||
| linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-aws (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-azure (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-gcp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-ibm (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-oracle (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Noble |
Fix Released
|
Undecided
|
Unassigned | ||
| snapd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Noble |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
* Canonical Public Cloud discovered that `chronyc -c sources` now fails with `506 Cannot talk to daemon` with the latest kernels. We are seeing this in linux-azure and linux-gcp kernels (6.8.0-1005.5)
* Disabling AppArmor (`sudo systemctl stop apparmor`) completely results in no regression and `chronyc -c sources` returns as expected
* Disabling the apparmor profile for `chronyd` only results in no regression and `chronyc -c sources` returns as expected
* There are zero entries in dmesg when this occurs
* There are zero entries in dmesg when this occurs if the apparmor profile for `chronyd` is placed in complain mode instead of enforce mode
* We changed the time server from the internal GCP metadata.
We also noted issues with DNS resolution in snaps like `google-cloud-cli` in GCE images.
* Disabling apparmor completely for snaps too (`sudo systemctl stop snapd.apparmor`) results in no regression and calling the snaps returns as expected.
The same issues are present in azure kernel `linux-azure` `6.8.0-1005.5` and the -proposed `6.8.0-25.25` generic kernel.
This is a release blocker for Noble release
| tags: | added: block-proposed block-proposed-noble |
| tags: | removed: block-proposed block-proposed-noble |
| Changed in chrony (Ubuntu Noble): | |
| status: | New → Invalid |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux (Ubuntu Noble): | |
| status: | New → Fix Released |
| summary: |
- linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new + linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression with new apparmor profiles/features |
| Changed in snapd (Ubuntu Noble): | |
| status: | New → Invalid |
| Changed in linux-aws (Ubuntu Noble): | |
| status: | New → Fix Released |
| Changed in linux-azure (Ubuntu Noble): | |
| status: | New → Fix Released |
| Changed in linux-gcp (Ubuntu Noble): | |
| status: | New → Fix Released |
| Changed in linux-ibm (Ubuntu Noble): | |
| status: | New → Fix Released |
| Changed in linux-oracle (Ubuntu Noble): | |
| status: | New → Fix Released |
This bug was fixed in the package linux - 6.8.0-28.28
---------------
linux (6.8.0-28.28) noble; urgency=medium
* noble/linux: 6.8.0-28.28 -proposed tracker (LP: #2061867)
* linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new apparmor
profiles/
- SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom
-- Paolo Pisati <email address hidden> Tue, 16 Apr 2024 18:29:17 +0200