I'll have a look for the same in server-backports ppa, but it might be
as easy as the old apparmor not knowing about these and failing. If that
is true we might need to remove them on the backports.
@Security - is there more to know about these particular features (will
they come to focal, is there more to know about it, ...)?
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1988270
Title:
AppArmor fails to start with Yoga UCA libvirt profile on Focal
Status in Ubuntu Cloud Archive:
Confirmed
Status in apparmor package in Ubuntu:
Invalid
Status in apparmor source package in Focal:
New
Bug description:
On a fully patched Ubuntu Focal with Yoga UCA enabled, after
installation of libvirt-daemon-system, restarting apparmor would fail
with error:
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Restarting
AppArmor
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Reloading
AppArmor profiles
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6341]: Skipping
profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6348]: AppArmor
parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line
29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6413]: AppArmor
parser error for /etc/apparmor.d/usr.sbin.libvirtd in
/etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6418]: Skipping
profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Error: At
least one profile failed to load
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Main
process exited, code=exited, status=1/FAILURE
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Failed
with result 'exit-code'.
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: Failed to start Load
AppArmor profiles.
In addition to bpf, perfmon capability, which is also enabled in
/etc/apparmor.d/usr.sbin.libvirtd profile, would lead to the same
error.
System information:
root@ubuntu2004:~# uname -a
Linux ubuntu2004.localdomain 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10
13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu2004:~# dpkg -l libvirt\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version
Architecture Description
+++-==========================================-=======================-============-=============================================================
ii libvirt-clients 8.0.0-1ubuntu7.1~cloud0 amd64
Programs for the libvirt library
ii libvirt-daemon 8.0.0-1ubuntu7.1~cloud0 amd64
Virtualization daemon
ii libvirt-daemon-config-network 8.0.0-1ubuntu7.1~cloud0 all
Libvirt daemon configuration files (default network)
ii libvirt-daemon-config-nwfilter 8.0.0-1ubuntu7.1~cloud0 all
Libvirt daemon configuration files (default network filters)
un libvirt-daemon-driver-lxc <none> <none>
(no description available)
ii libvirt-daemon-driver-qemu 8.0.0-1ubuntu7.1~cloud0 amd64
Virtualization daemon QEMU connection driver
un libvirt-daemon-driver-storage-gluster <none> <none>
(no description available)
un libvirt-daemon-driver-storage-iscsi-direct <none> <none>
(no description available)
un libvirt-daemon-driver-storage-rbd <none> <none>
(no description available)
un libvirt-daemon-driver-storage-zfs <none> <none>
(no description available)
un libvirt-daemon-driver-vbox <none> <none>
(no description available)
un libvirt-daemon-driver-xen <none> <none>
(no description available)
ii libvirt-daemon-system 8.0.0-1ubuntu7.1~cloud0 amd64
Libvirt daemon configuration files
ii libvirt-daemon-system-systemd 8.0.0-1ubuntu7.1~cloud0 all
Libvirt daemon configuration files (systemd)
un libvirt-daemon-system-sysv <none> <none>
(no description available)
un libvirt-login-shell <none> <none>
(no description available)
un libvirt-sanlock <none> <none>
(no description available)
ii libvirt0:amd64 8.0.0-1ubuntu7.1~cloud0 amd64
library for interfacing with different virtualization systems
root@ubuntu2004:~# dpkg -l apparmor\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=======================-=================-============-======================================
ii apparmor 2.13.3-7ubuntu5.1 amd64 user-space parser
utility for AppArmor
un apparmor-profiles-extra <none> <none> (no description
available)
un apparmor-utils <none> <none> (no description
available)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1988270/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
