Ubuntu
ubuntu-advantage-tools package

  1. Bug #2067810
  2. Comment #21

Comment 21 for bug 2067810

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

For bionic I had to change the script a bit to be able to launch a lxd bionic VM. In bionic I also didn't always get an apparmor DENIED with the dpkg --print-foreign-architectures, but I did get it when I logged in interactively. Since the other checks produced a DENIED message, and later with the update did not, I decided it was not worth debugging further.

Same with xenial.

# Testing series bionic
###########################################
Creating bionic-2067810
Device config added to bionic-2067810
Waiting for container IP
Waiting for container ssh
Connection to 10.0.102.136 22 port [tcp/ssh] succeeded!
Waiting for cloud-init to be done
timeout: unrecognized option '--verbose'
Try 'timeout --help' for more information.
cloud-init status --wait failed on container bionic-2067810

dpkg-preconfigure: unable to re-open stdin: No such file or directory

# Latest u-a-t is installed
###########################################
ubuntu-advantage-tools:
  Installed: 32.3~18.04
  Candidate: 32.3~18.04
  Version table:
 *** 32.3~18.04 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     17 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
###########################################

# Creating conditions for the bug
###########################################
###########################################

# Reproducing the bug
###########################################

# Triggering apparmor DENIED messages
###########################################

# aa-exec -p ubuntu_pro_esm_cache//dpkg dpkg --print-foreign-architectures

# dmesg:

# aa-exec -p ubuntu_pro_esm_cache apt-cache policy | head
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages
     release v=18.04,o=Ubuntu,a=bionic-security,n=bionic,l=Ubuntu,c=multiverse,b=amd64
     origin security.ubuntu.com
 500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages
     release v=18.04,o=Ubuntu,a=bionic-security,n=bionic,l=Ubuntu,c=universe,b=amd64
     origin security.ubuntu.com
 500 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages

# dmesg:
[Fri Jun 21 22:13:00 2024] audit: type=1400 audit(1719007981.644:28): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=2251 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[Fri Jun 21 22:13:00 2024] audit: type=1400 audit(1719007981.664:29): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=2252 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

# esm-cache.service test
###########################################

# /var/lib/apt/periodic/ contents
###########################################
total 8
drwxr-xr-x 2 root root 4096 Jun 21 22:13 .
drwxr-xr-x 5 root root 4096 Jun 21 22:12 ..

# systemctl start esm-cache.service

# dmesg:
[Fri Jun 21 22:13:03 2024] audit: type=1400 audit(1719007984.315:30): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=2284 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[Fri Jun 21 22:13:03 2024] audit: type=1400 audit(1719007984.319:31): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=2285 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[Fri Jun 21 22:13:03 2024] audit: type=1400 audit(1719007984.322:32): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=2289 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[Fri Jun 21 22:13:04 2024] audit: type=1400 audit(1719007984.949:33): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch" pid=2300 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=104 ouid=0
[Fri Jun 21 22:13:04 2024] audit: type=1400 audit(1719007984.949:34): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch" pid=2302 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=104 ouid=0
[Fri Jun 21 22:13:04 2024] audit: type=1400 audit(1719007984.953:35): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch" pid=2304 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=104 ouid=0
[Fri Jun 21 22:13:04 2024] audit: type=1400 audit(1719007984.957:36): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch" pid=2306 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=104 ouid=0
[Fri Jun 21 22:13:04 2024] audit: type=1400 audit(1719007984.957:37): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch" pid=2309 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=104 ouid=0

# Updating to proposed
###########################################
deb http://archive.ubuntu.com/ubuntu bionic-proposed main
dpkg-preconfigure: unable to re-open stdin: No such file or directory
ubuntu-advantage-tools:
  Installed: 32.3.1~18.04
  Candidate: 32.3.1~18.04
  Version table:
 *** 32.3.1~18.04 500
        500 http://archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     32.3~18.04 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
     17 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

# Now there must be no apparmor DENIED messages
###########################################

# Triggering apparmor DENIED messages
###########################################

# aa-exec -p ubuntu_pro_esm_cache//dpkg dpkg --print-foreign-architectures

# dmesg:

# aa-exec -p ubuntu_pro_esm_cache apt-cache policy | head
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages
     release v=18.04,o=Ubuntu,a=bionic-proposed,n=bionic,l=Ubuntu,c=main,b=amd64
     origin archive.ubuntu.com
 500 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages
     release v=18.04,o=Ubuntu,a=bionic-security,n=bionic,l=Ubuntu,c=multiverse,b=amd64
     origin security.ubuntu.com
 500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages

# dmesg:

# esm-cache.service test
###########################################

# /var/lib/apt/periodic/ contents
###########################################
total 8
drwxr-xr-x 2 root root 4096 Jun 21 22:13 .
drwxr-xr-x 5 root root 4096 Jun 21 22:13 ..

# systemctl start esm-cache.service

# dmesg:

TEST SUCCEEDED