Noble verification
# Reproducing the error
root@n-uat-2067810:~# apt-cache policy ubuntu-pro-client ubuntu-pro-client: Installed: 32.3~24.04 Candidate: 32.3~24.04 Version table: *** 32.3~24.04 500 500 http://br.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages 100 /var/lib/dpkg/status 31.2.3 500 500 http://br.archive.ubuntu.com/ubuntu noble/main amd64 Packages
root@n-uat-2067810:~# pro version 32.3~24.04
Test case (a):
root@n-uat-2067810:~# aa-exec -p ubuntu_pro_esm_cache//dpkg dpkg --print-foreign-architectures root@n-uat-2067810:~#
dmesg shows: [Thu Jun 20 21:06:45 2024] audit: type=1400 audit(1718917605.728:124): apparmor="DENIED" operation="open" class="file" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=3074 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
root@n-uat-2067810:~# aa-exec -p ubuntu_pro_esm_cache apt-cache policy Package files: 100 /var/lib/dpkg/status release a=now 500 http://br.archive.ubuntu.com/ubuntu noble-security/restricted amd64 Packages release v=24.04,o=Ubuntu,a=noble-security,n=noble,l=Ubuntu,c=restricted,b=amd64 origin br.archive.ubuntu.com ... (normal output) ... Pinned packages: root@n-uat-2067810:~#
dmesg shows: [Thu Jun 20 21:07:09 2024] audit: type=1400 audit(1718917629.197:125): apparmor="DENIED" operation="open" class="file" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=3086 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [Thu Jun 20 21:07:09 2024] audit: type=1400 audit(1718917629.202:126): apparmor="DENIED" operation="open" class="file" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=3087 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Test case (b): root@n-uat-2067810:~# systemctl start esm-cache.service root@n-uat-2067810:~#
dmesg shows multiple DENIED entries, like: [Thu Jun 20 21:10:04 2024] audit: type=1400 audit(1718917804.553:139): apparmor="DENIED" operation="open" class="file" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=3505 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [Thu Jun 20 21:10:04 2024] audit: type=1400 audit(1718917804.558:140): apparmor="DENIED" operation="open" class="file" profile="ubuntu_pro_esm_cache//dpkg" name="/var/lib/dpkg/arch" pid=3506 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [Thu Jun 20 21:10:05 2024] audit: type=1400 audit(1718917805.323:141): apparmor="DENIED" operation="open" class="file" profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch" pid=3515 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=42 ouid=0
# Verifying the fix
Upgrading to version from proposed: root@n-uat-2067810:~# apt-cache policy ubuntu-pro-client ubuntu-pro-client: Installed: 32.3.1~24.04 Candidate: 32.3.1~24.04 Version table: *** 32.3.1~24.04 100 100 http://br.archive.ubuntu.com/ubuntu noble-proposed/main amd64 Packages 100 /var/lib/dpkg/status 32.3~24.04 500 500 http://br.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages 31.2.3 500 500 http://br.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Test case (a): root@n-uat-2067810:~# aa-exec -p ubuntu_pro_esm_cache//dpkg dpkg --print-foreign-architectures root@n-uat-2067810:~# aa-exec -p ubuntu_pro_esm_cache apt-cache policy Package files: 100 /var/lib/dpkg/status release a=now 500 http://br.archive.ubuntu.com/ubuntu noble-security/restricted amd64 Packages release v=24.04,o=Ubuntu,a=noble-security,n=noble,l=Ubuntu,c=restricted,b=amd64 origin br.archive.ubuntu.com (...) (normal output) root@n-uat-2067810:~#
No apparmor DENIED logs in dmesg.
Test case (b) root@n-uat-2067810:~# l /var/lib/dpkg/arch -rw-r--r-- 1 root root 0 Jun 20 21:15 /var/lib/dpkg/arch root@n-uat-2067810:~# rm -rf /var/lib/apt/periodic/* root@n-uat-2067810:~# systemctl start esm-cache.service
Noble verification succeeded.
Noble verification
# Reproducing the error
root@n- uat-2067810: ~# apt-cache policy ubuntu-pro-client br.archive. ubuntu. com/ubuntu noble-updates/main amd64 Packages dpkg/status br.archive. ubuntu. com/ubuntu noble/main amd64 Packages
ubuntu-pro-client:
Installed: 32.3~24.04
Candidate: 32.3~24.04
Version table:
*** 32.3~24.04 500
500 http://
100 /var/lib/
31.2.3 500
500 http://
root@n- uat-2067810: ~# pro version
32.3~24.04
Test case (a):
root@n- uat-2067810: ~# aa-exec -p ubuntu_ pro_esm_ cache// dpkg dpkg --print- foreign- architectures uat-2067810: ~#
root@n-
dmesg shows: 5.728:124) : apparmor="DENIED" operation="open" class="file" profile= "ubuntu_ pro_esm_ cache// dpkg" name="/ var/lib/ dpkg/arch" pid=3074 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[Thu Jun 20 21:06:45 2024] audit: type=1400 audit(171891760
root@n- uat-2067810: ~# aa-exec -p ubuntu_ pro_esm_ cache apt-cache policy dpkg/status br.archive. ubuntu. com/ubuntu noble-security/ restricted amd64 Packages o=Ubuntu, a=noble- security, n=noble, l=Ubuntu, c=restricted, b=amd64 ubuntu. com uat-2067810: ~#
Package files:
100 /var/lib/
release a=now
500 http://
release v=24.04,
origin br.archive.
...
(normal output)
...
Pinned packages:
root@n-
dmesg shows: 9.197:125) : apparmor="DENIED" operation="open" class="file" profile= "ubuntu_ pro_esm_ cache// dpkg" name="/ var/lib/ dpkg/arch" pid=3086 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 9.202:126) : apparmor="DENIED" operation="open" class="file" profile= "ubuntu_ pro_esm_ cache// dpkg" name="/ var/lib/ dpkg/arch" pid=3087 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[Thu Jun 20 21:07:09 2024] audit: type=1400 audit(171891762
[Thu Jun 20 21:07:09 2024] audit: type=1400 audit(171891762
Test case (b): uat-2067810: ~# systemctl start esm-cache.service uat-2067810: ~#
root@n-
root@n-
dmesg shows multiple DENIED entries, like: 4.553:139) : apparmor="DENIED" operation="open" class="file" profile= "ubuntu_ pro_esm_ cache// dpkg" name="/ var/lib/ dpkg/arch" pid=3505 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 4.558:140) : apparmor="DENIED" operation="open" class="file" profile= "ubuntu_ pro_esm_ cache// dpkg" name="/ var/lib/ dpkg/arch" pid=3506 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 5.323:141) : apparmor="DENIED" operation="open" class="file" profile= "ubuntu_ pro_esm_ cache// apt_methods_ gpgv" name="/ var/lib/ dpkg/arch" pid=3515 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=42 ouid=0
[Thu Jun 20 21:10:04 2024] audit: type=1400 audit(171891780
[Thu Jun 20 21:10:04 2024] audit: type=1400 audit(171891780
[Thu Jun 20 21:10:05 2024] audit: type=1400 audit(171891780
# Verifying the fix
Upgrading to version from proposed: uat-2067810: ~# apt-cache policy ubuntu-pro-client br.archive. ubuntu. com/ubuntu noble-proposed/main amd64 Packages dpkg/status br.archive. ubuntu. com/ubuntu noble-updates/main amd64 Packages br.archive. ubuntu. com/ubuntu noble/main amd64 Packages
root@n-
ubuntu-pro-client:
Installed: 32.3.1~24.04
Candidate: 32.3.1~24.04
Version table:
*** 32.3.1~24.04 100
100 http://
100 /var/lib/
32.3~24.04 500
500 http://
31.2.3 500
500 http://
Test case (a): uat-2067810: ~# aa-exec -p ubuntu_ pro_esm_ cache// dpkg dpkg --print- foreign- architectures uat-2067810: ~# aa-exec -p ubuntu_ pro_esm_ cache apt-cache policy dpkg/status br.archive. ubuntu. com/ubuntu noble-security/ restricted amd64 Packages o=Ubuntu, a=noble- security, n=noble, l=Ubuntu, c=restricted, b=amd64 ubuntu. com uat-2067810: ~#
root@n-
root@n-
Package files:
100 /var/lib/
release a=now
500 http://
release v=24.04,
origin br.archive.
(...)
(normal output)
root@n-
No apparmor DENIED logs in dmesg.
Test case (b) uat-2067810: ~# l /var/lib/dpkg/arch uat-2067810: ~# rm -rf /var/lib/ apt/periodic/ * uat-2067810: ~# systemctl start esm-cache.service
root@n-
-rw-r--r-- 1 root root 0 Jun 20 21:15 /var/lib/dpkg/arch
root@n-
root@n-
No apparmor DENIED logs in dmesg.
Noble verification succeeded.