@paelzer sorry missed your question earlier, yes this is known. The newer capability support for apparmor is being backported to focal. Hopefully we will see the SRU for it this week.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1988270 Title: AppArmor fails to start with Yoga UCA libvirt profile on Focal Status in Ubuntu Cloud Archive: Confirmed Status in apparmor package in Ubuntu: Invalid Status in apparmor source package in Focal: New Bug description: [ Impact ] AppArmor fails to start with yoga-focal uca libvirt profile [ Test Plan ] generate yoga-focal openstack instance juju ssh nova-compute/0 sudo systemctl restart apparmor journalctl -xe # Error message ct 04 15:55:32 juju-6d4862-apparmorbug-9 apparmor.systemd[94081]: AppArmor parser error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.li> Oct 04 15:55:32 juju-6d4862-apparmorbug-9 apparmor.systemd[94082]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd Oct 04 15:55:32 juju-6d4862-apparmorbug-9 audit[94084]: AVC apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="u> Oct 04 15:55:32 juju-6d4862-apparmorbug-9 apparmor.systemd[94005]: Error: At least one profile failed to load [ Other Notes ] On a fully patched Ubuntu Focal with Yoga UCA enabled, after installation of libvirt-daemon-system, restarting apparmor would fail with error: Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Restarting AppArmor Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Reloading AppArmor profiles Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6341]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6348]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf. Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6413]: AppArmor parser error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf. Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6418]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Error: At least one profile failed to load Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Failed with result 'exit-code'. Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: Failed to start Load AppArmor profiles. In addition to bpf, perfmon capability, which is also enabled in /etc/apparmor.d/usr.sbin.libvirtd profile, would lead to the same error. System information: root@ubuntu2004:~# uname -a Linux ubuntu2004.localdomain 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@ubuntu2004:~# dpkg -l libvirt\* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==========================================-=======================-============-============================================================= ii libvirt-clients 8.0.0-1ubuntu7.1~cloud0 amd64 Programs for the libvirt library ii libvirt-daemon 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon ii libvirt-daemon-config-network 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network) ii libvirt-daemon-config-nwfilter 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network filters) un libvirt-daemon-driver-lxc <none> <none> (no description available) ii libvirt-daemon-driver-qemu 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon QEMU connection driver un libvirt-daemon-driver-storage-gluster <none> <none> (no description available) un libvirt-daemon-driver-storage-iscsi-direct <none> <none> (no description available) un libvirt-daemon-driver-storage-rbd <none> <none> (no description available) un libvirt-daemon-driver-storage-zfs <none> <none> (no description available) un libvirt-daemon-driver-vbox <none> <none> (no description available) un libvirt-daemon-driver-xen <none> <none> (no description available) ii libvirt-daemon-system 8.0.0-1ubuntu7.1~cloud0 amd64 Libvirt daemon configuration files ii libvirt-daemon-system-systemd 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (systemd) un libvirt-daemon-system-sysv <none> <none> (no description available) un libvirt-login-shell <none> <none> (no description available) un libvirt-sanlock <none> <none> (no description available) ii libvirt0:amd64 8.0.0-1ubuntu7.1~cloud0 amd64 library for interfacing with different virtualization systems root@ubuntu2004:~# dpkg -l apparmor\* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=======================-=================-============-====================================== ii apparmor 2.13.3-7ubuntu5.1 amd64 user-space parser utility for AppArmor un apparmor-profiles-extra <none> <none> (no description available) un apparmor-utils <none> <none> (no description available) To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1988270/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
