[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

Wed, 08 Apr 2020 07:11:46 -0700 

Here is an 'sudo systemd-analyze plot > ./1871148-vm-no-varlib-
mount.svg' on a focal VM that reports the following critical-chain:

$ sudo systemd-analyze critical-chain apparmor.service
The time when unit became active or started is printed after the "@" character.
The time the unit took to start is printed after the "+" character.

apparmor.service +222ms
└─local-fs.target @2.562s
  └─run-user-122.mount @4.834s
    └─swap.target @1.687s
      
└─dev-disk-by\x2duuid-f5ea22a0\x2de078\x2d4d8e\x2d9412\x2d1fad2171a080.swap 
@1.663s +24ms
        
└─dev-disk-by\x2duuid-f5ea22a0\x2de078\x2d4d8e\x2d9412\x2d1fad2171a080.device 
@1.662s

Note that var.lib.mount is *not* listed in the critical chain. In the
svg, we see:

zfs-load-module.service (3ms)
zfs-import-cache.service (268ms)
zfs-import.target
...
var-lib.mount (156ms)
...
zfs-volume-wait.service (235ms)
...
zfs-volumes.target
...
zfs-mount.service (66ms)
local-fs.target
apparmor.service (222ms)
...

Maybe everything is fine but critical-chain has a bug?

** Attachment added: "1871148-vm-no-varlib-mount.svg"
   
https://bugs.launchpad.net/apparmor/+bug/1871148/+attachment/5349686/+files/1871148-vm-no-varlib-mount.svg

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1871148

Title:
  services start before apparmor profiles are loaded

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Fix Released
Status in zsys package in Ubuntu:
  New
Status in apparmor source package in Focal:
  Fix Released
Status in zsys source package in Focal:
  New

Bug description:
  Per discussion with Zyga in #snapd on Freenode, I have hit a race
  condition where services are being started by the system before
  apparmor has been started. I have a complete log of my system showing
  the effect somewhere within at https://paste.ubuntu.com/p/Jyx6gfFc3q/.
  Restarting apparmor using `sudo systemctl restart apparmor` is enough
  to bring installed snaps back to full functionality.

  Previously, when running any snap I would receive the following in the
  terminal:

  ---
  cannot change profile for the next exec call: No such file or directory
  snap-update-ns failed with code 1: File exists
  ---

  Updated to add for Jamie:

  $ snap version
  snap    2.44.2+20.04
  snapd   2.44.2+20.04
  series  16
  ubuntu  20.04
  kernel  5.4.0-21-generic

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to