[Bug 2045384] Re: AppArmor patch for mq-posix interface is missing in jammy
Georgia Garcia
2045384 at bugs.launchpad.net
Thu Feb 8 18:38:59 UTC 2024
Ran AppArmor tests from the QA Regression Tests [1] and POSIX mqueue
tests from the AppArmor test suite and they all passed as expected.
georgia at sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 5.15.0-1056-azure #64-Ubuntu SMP Tue Feb 6 19:23:34 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
georgia at sec-jammy-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
.....
----------------------------------------------------------------------
Ran 62 tests in 1061.185s
OK (skipped=2)
georgia at sec-jammy-amd64:~$ apt source apparmor
georgia at sec-jammy-amd64:~$ cd apparmor-3.0.4/tests/regression/apparmor/
georgia at sec-jammy-amd64:~/apparmor-3.0.4/tests/regression/apparmor$ USE_SYSTEM=1 make
georgia at sec-jammy-amd64:~/apparmor-3.0.4/tests/regression/apparmor$ sudo ./posix_mq.sh
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
xpass: POSIX MQUEUE (confined root - mqueue label 1)
xpass: POSIX MQUEUE (confined root - mqueue label 1 : mq_notify)
xpass: POSIX MQUEUE (confined root - mqueue label 1 : select)
xpass: POSIX MQUEUE (confined root - mqueue label 1 : poll)
xpass: POSIX MQUEUE (confined root - mqueue label 1 : epoll)
xpass: POSIX MQUEUE (confined root - mqueue label 2)
xpass: POSIX MQUEUE (confined root - mqueue label 2 : mq_notify)
xpass: POSIX MQUEUE (confined root - mqueue label 2 : select)
xpass: POSIX MQUEUE (confined root - mqueue label 2 : poll)
xpass: POSIX MQUEUE (confined root - mqueue label 2 : epoll)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 1)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 1 : mq_notify)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 1 : select)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 1 : poll)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 1 : epoll)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 2)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 2 : mq_notify)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 2 : select)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 2 : poll)
xpass: POSIX MQUEUE (confined 1002 - mqueue label 2 : epoll)
[1] https://launchpad.net/qa-regression-testing
** Tags removed: verification-needed-jammy-linux-azure
** Tags added: verification-done-jammy-linux-azure
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2045384
Title:
AppArmor patch for mq-posix interface is missing in jammy
Status in linux package in Ubuntu:
Triaged
Status in livecd-rootfs package in Ubuntu:
New
Status in linux source package in Jammy:
Fix Released
Status in livecd-rootfs source package in Jammy:
New
Bug description:
[ Impact ]
mq-posix snapd interface does not work on Ubuntu Core 22. It results
in permission denied even all interfaces are connected.
Our brandstore customer is using posix message queue for IPC between
snaps. They added mq-posix interface and connected them properly but
getting permission denied error.
The AppArmor patch for posix message queue created for other customer
did not land in the standard jammy kernel.
Userspace support for AppArmor message queue handling is already
present in Ubuntu Core 22, it is just missing from the kernel.
[ Test Plan ]
* Create snaps using the posix-mq snapd interface on Ubuntu Core 22 or Classic 22.04 with the standard kernel.
* Example snaps for testing: https://code.launchpad.net/~itrue/+git/mqtest-provider and https://code.launchpad.net/~itrue/+git/mqtest-client
[ Where problems could occur ]
* The patches already exist for 5.15 and have been used on other
private customer kernels and all kernels released after 22.04, so
there is already a good track record for this patchset and it
shouldn't create any issues.
[ Other Info ]
* This is a time-sensitive issue for a paying customer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2045384/+subscriptions
More information about the foundations-bugs
mailing list