[Bug 2008393] Re: armhf dep8 failure due to restrictions changing apparmor profile status
Andreas Hasenack
2008393 at bugs.launchpad.net
Tue Feb 28 17:16:54 UTC 2023
** Description changed:
The armhf DEP8 testers in Ubuntu infrastructure have some restrictions
and cannot change an apparmor profile. This is causing the tests to
fail, because they try to make sure rsyslog is being tested in enforced
mode:
Enforcing the /etc/apparmor.d/usr.sbin.rsyslogd apparmor profile
Setting /etc/apparmor.d/usr.sbin.rsyslogd to enforce mode.
ERROR: /sbin/apparmor_parser: Unable to replace "rsyslogd". Permission
denied; attempted to load a profile while confined?
The package migrated to lunar even with this error because it never had
DEP8 tests before, and the armhf baseline was born in this error state.
These are the LXD settings used for armhf containers:
https://git.launchpad.net/autopkgtest-
cloud/tree/charms/focal/autopkgtest-cloud-worker/autopkgtest-
cloud/tools/armhf-lxd.userdata#n76
I created an armhf container on a pi4 host (arm64) with these settings,
but couldn't reproduce the issue there. There is something else going on
in the autopkgtest infra regarding arhmf.
FTR, I created the container like this:
lxc launch ubuntu-daily:lunar pi4:l-armhf \
-c raw.lxc="apparmor.profile=unconfined" \
-c raw.lxc="seccomp.profile=" \
-c security.nesting=true
EDIT: hm, the above actually doesn't work. Only the last raw.lxc value
is used. See https://blog.simos.info/how-to-add-multi-line-raw-lxc-
configuration-to-lxd/
+
+ But still, apparmor works just fine. There is some other setup going on
+ in the autopkgtest infrastructure.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2008393
Title:
armhf dep8 failure due to restrictions changing apparmor profile
status
Status in rsyslog package in Ubuntu:
In Progress
Bug description:
The armhf DEP8 testers in Ubuntu infrastructure have some restrictions
and cannot change an apparmor profile. This is causing the tests to
fail, because they try to make sure rsyslog is being tested in
enforced mode:
Enforcing the /etc/apparmor.d/usr.sbin.rsyslogd apparmor profile
Setting /etc/apparmor.d/usr.sbin.rsyslogd to enforce mode.
ERROR: /sbin/apparmor_parser: Unable to replace "rsyslogd".
Permission denied; attempted to load a profile while confined?
The package migrated to lunar even with this error because it never
had DEP8 tests before, and the armhf baseline was born in this error
state.
These are the LXD settings used for armhf containers:
https://git.launchpad.net/autopkgtest-
cloud/tree/charms/focal/autopkgtest-cloud-worker/autopkgtest-
cloud/tools/armhf-lxd.userdata#n76
I created an armhf container on a pi4 host (arm64) with these
settings, but couldn't reproduce the issue there. There is something
else going on in the autopkgtest infra regarding arhmf.
FTR, I created the container like this:
lxc launch ubuntu-daily:lunar pi4:l-armhf \
-c raw.lxc="apparmor.profile=unconfined" \
-c raw.lxc="seccomp.profile=" \
-c security.nesting=true
EDIT: hm, the above actually doesn't work. Only the last raw.lxc value
is used. See https://blog.simos.info/how-to-add-multi-line-raw-lxc-
configuration-to-lxd/
But still, apparmor works just fine. There is some other setup going
on in the autopkgtest infrastructure.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2008393/+subscriptions
More information about the foundations-bugs
mailing list