This bug was fixed in the package linux - 6.5.0-9.9
---------------
linux (6.5.0-9.9) mantic; urgency=medium
* mantic/linux: 6.5.0-9.9 -proposed tracker (LP: #2038687)
* update apparmor and LSM stacking patch set (LP: #2028253)
- re-apply apparmor 4.0.0
* Disable restricting unprivileged change_profile by default, due to LXD
latest/stable not yet compatible with this new apparmor feature
(LP: #2038567)
- SAUCE: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in
-- Andrea Righi <[email protected]> Fri, 06 Oct 2023 21:03:52
+0200
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2038567
Title:
Disable restricting unprivileged change_profile by default, due to LXD
latest/stable not yet compatible with this new apparmor feature
Status in Release Notes for Ubuntu:
New
Status in apparmor package in Ubuntu:
New
Status in linux package in Ubuntu:
Fix Released
Status in lxd package in Ubuntu:
Triaged
Status in snapd package in Ubuntu:
New
Bug description:
Following upgrade to 6.5.0-7 kernel in mantic cloud images we are
seeing a regression in our cloud image tests. The test runs the
following:
```
lxd init --auto --storage-backend dir
lxc launch ubuntu-daily:mantic mantic
lxc info mantic
lxc exec mantic -- cloud-init status --wait
```
The `lxc exec mantic -- cloud-init status --wait` times out after 240s
and will fail our test as a result.
I have been able to replicate in a local VM
```
wget
http://cloud-images.ubuntu.com/mantic/20231005/mantic-server-cloudimg-amd64.img
wget --output-document=launch-qcow2-image-qemu.sh
https://gist.githubusercontent.com/philroche/14c241c086a5730481e24178b654268f/raw/7af95cd4dfc8e1d0600e6118803d2c866765714e/gistfile1.txt
chmod +x launch-qcow2-image-qemu.sh
./launch-qcow2-image-qemu.sh --password passw0rd --image
./mantic-server-cloudimg-amd64.img
cat <<EOF > "./reproducer.sh"
#!/bin/bash -eux
lxd init --auto --storage-backend dir
lxc launch ubuntu-daily:mantic mantic
lxc info mantic
lxc exec mantic -- cloud-init status --wait
EOF
chmod +x ./reproducer.sh
sshpass -p passw0rd scp -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o
StrictHostKeyChecking=no -P 2222 ./reproducer.sh [email protected]:~/
sshpass -p passw0rd ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o
StrictHostKeyChecking=no -p 2222 [email protected] sudo apt-get update
sshpass -p passw0rd ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o
StrictHostKeyChecking=no -p 2222 [email protected] sudo apt-get upgrade
--assume-yes
sshpass -p passw0rd ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o
StrictHostKeyChecking=no -p 2222 [email protected] ./reproducer.sh
```
The issue is not present with the 6.5.0-5 kernel and the issue is
present regardless of the container launched. I tried the jammy
container to test this.
From my test VM
```
ubuntu@cloudimg:~$ uname --all
Linux cloudimg 6.5.0-7-generic #7-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 29
09:14:56 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@cloudimg:~$ uname --kernel-release
6.5.0-7-generic
```
This is a regression in our test that will block 23.10 cloud image
release next week.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/2038567/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
