[Bug 1058356] Re: fails to install when kernel does not provide block_suspend capability
Jamie Strandboge
jamie at ubuntu.com
Fri Oct 12 19:48:46 UTC 2012
** Description changed:
- On our Jenkins builds we're getting a failure to install the cups
- package. This seems to be because the apparmor profile looks for
- suspend capability but the virtualized builders do not have it. Here
- seems to be the relevant log:
+ [IMPACT]
+ * Users upgrading from 12.04 LTS to 12.10 will encounter upgrade errors because
+ apparmor_parser fails to load new policy on an old kernel. Specifically, the
+ block_suspend capability is new in the 12.10 kernel and does not exist in the
+ 12.04 LTS kernel. On upgrade, the cups upstart job calls
+ /lib/init/apparmor-profile-load from upstart, which in turn calls apparmor_parser.
+ apparmor_parser will exit with error on upgrades causing the upstart job to fail
+ no restart, which is performed during the upgrade.
+
+ [TESTCASE]
+ * One can either
+ - perform an upgrade from 12.04 to 12.10, or
+ - obtain the apparmor profile from the 12.10 cups package[1], copy it to
+ /etc/apparmor.d/usr.sbin.cupsd and then perform 'sudo restart cups'. If the
+ bug is not fixed, you will see 'restart: Job failed to restart'. If it is
+ fixed, you will see 'cups start/running, process ####' (note, if cups is not
+ already running you will need to do 'sudo start cups' instead of 'restart').
+
+ [1]http://bazaar.launchpad.net/~ubuntu-
+ branches/ubuntu/quantal/cups/quantal/view/head:/debian/local/apparmor-
+ profile
+
+ [Regression Potential]
+ * The regression potential is extremely low. The only change is adding '|| exit 0' to a
+ shell script.
+
+ [Other Info]
+ * This has been discussed with the security team, the release team and foundations and
+ we all agree this is the best fix at this time.
+
+
+ Previous report:
+ On our Jenkins builds we're getting a failure to install the cups package. This seems to be because the apparmor profile looks for suspend capability but the virtualized builders do not have it. Here seems to be the relevant log:
AppArmor parser error for /etc/apparmor.d/usr.sbin.cupsd in /etc/apparmor.d/usr.sbin.cupsd at line 24: Invalid capability block_suspend.
start: Job failed to start
invoke-rc.d: initscript cups, action "start" failed.
dpkg: error processing cups (--configure):
- subprocess installed post-installation script returned error exit status 1
+ subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
- cups
+ cups
E: Sub-process /usr/bin/dpkg returned an error code (1)
Full log: https://jenkins.qa.ubuntu.com/job/indicator-session-
ci/label=quantal/16/console
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/1058356
Title:
fails to install when kernel does not provide block_suspend capability
Status in “upstart” package in Ubuntu:
Fix Committed
Status in “upstart” source package in Quantal:
Fix Committed
Bug description:
[IMPACT]
* Users upgrading from 12.04 LTS to 12.10 will encounter upgrade errors because
apparmor_parser fails to load new policy on an old kernel. Specifically, the
block_suspend capability is new in the 12.10 kernel and does not exist in the
12.04 LTS kernel. On upgrade, the cups upstart job calls
/lib/init/apparmor-profile-load from upstart, which in turn calls apparmor_parser.
apparmor_parser will exit with error on upgrades causing the upstart job to fail
no restart, which is performed during the upgrade.
[TESTCASE]
* One can either
- perform an upgrade from 12.04 to 12.10, or
- obtain the apparmor profile from the 12.10 cups package[1], copy it to
/etc/apparmor.d/usr.sbin.cupsd and then perform 'sudo restart cups'. If the
bug is not fixed, you will see 'restart: Job failed to restart'. If it is
fixed, you will see 'cups start/running, process ####' (note, if cups is not
already running you will need to do 'sudo start cups' instead of 'restart').
[1]http://bazaar.launchpad.net/~ubuntu-
branches/ubuntu/quantal/cups/quantal/view/head:/debian/local/apparmor-
profile
[Regression Potential]
* The regression potential is extremely low. The only change is adding '|| exit 0' to a
shell script.
[Other Info]
* This has been discussed with the security team, the release team and foundations and
we all agree this is the best fix at this time.
Previous report:
On our Jenkins builds we're getting a failure to install the cups package. This seems to be because the apparmor profile looks for suspend capability but the virtualized builders do not have it. Here seems to be the relevant log:
AppArmor parser error for /etc/apparmor.d/usr.sbin.cupsd in /etc/apparmor.d/usr.sbin.cupsd at line 24: Invalid capability block_suspend.
start: Job failed to start
invoke-rc.d: initscript cups, action "start" failed.
dpkg: error processing cups (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
cups
E: Sub-process /usr/bin/dpkg returned an error code (1)
Full log: https://jenkins.qa.ubuntu.com/job/indicator-session-
ci/label=quantal/16/console
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1058356/+subscriptions
More information about the foundations-bugs
mailing list