[Bug 1988270] Re: AppArmor fails to start with Yoga UCA libvirt profile on Focal
Christian Ehrhardt
1988270 at bugs.launchpad.net
Wed Oct 5 15:59:49 UTC 2022
I'll have a look for the same in server-backports ppa, but it might be
as easy as the old apparmor not knowing about these and failing. If that
is true we might need to remove them on the backports.
@Security - is there more to know about these particular features (will
they come to focal, is there more to know about it, ...)?
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1988270
Title:
AppArmor fails to start with Yoga UCA libvirt profile on Focal
Status in Ubuntu Cloud Archive:
Confirmed
Status in apparmor package in Ubuntu:
Invalid
Status in apparmor source package in Focal:
New
Bug description:
On a fully patched Ubuntu Focal with Yoga UCA enabled, after
installation of libvirt-daemon-system, restarting apparmor would fail
with error:
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Restarting AppArmor
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Reloading AppArmor profiles
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6341]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6348]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6413]: AppArmor parser error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6418]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Error: At least one profile failed to load
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Failed with result 'exit-code'.
Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: Failed to start Load AppArmor profiles.
In addition to bpf, perfmon capability, which is also enabled in
/etc/apparmor.d/usr.sbin.libvirtd profile, would lead to the same
error.
System information:
root at ubuntu2004:~# uname -a
Linux ubuntu2004.localdomain 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
root at ubuntu2004:~# dpkg -l libvirt\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==========================================-=======================-============-=============================================================
ii libvirt-clients 8.0.0-1ubuntu7.1~cloud0 amd64 Programs for the libvirt library
ii libvirt-daemon 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon
ii libvirt-daemon-config-network 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network)
ii libvirt-daemon-config-nwfilter 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (default network filters)
un libvirt-daemon-driver-lxc <none> <none> (no description available)
ii libvirt-daemon-driver-qemu 8.0.0-1ubuntu7.1~cloud0 amd64 Virtualization daemon QEMU connection driver
un libvirt-daemon-driver-storage-gluster <none> <none> (no description available)
un libvirt-daemon-driver-storage-iscsi-direct <none> <none> (no description available)
un libvirt-daemon-driver-storage-rbd <none> <none> (no description available)
un libvirt-daemon-driver-storage-zfs <none> <none> (no description available)
un libvirt-daemon-driver-vbox <none> <none> (no description available)
un libvirt-daemon-driver-xen <none> <none> (no description available)
ii libvirt-daemon-system 8.0.0-1ubuntu7.1~cloud0 amd64 Libvirt daemon configuration files
ii libvirt-daemon-system-systemd 8.0.0-1ubuntu7.1~cloud0 all Libvirt daemon configuration files (systemd)
un libvirt-daemon-system-sysv <none> <none> (no description available)
un libvirt-login-shell <none> <none> (no description available)
un libvirt-sanlock <none> <none> (no description available)
ii libvirt0:amd64 8.0.0-1ubuntu7.1~cloud0 amd64 library for interfacing with different virtualization systems
root at ubuntu2004:~# dpkg -l apparmor\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=======================-=================-============-======================================
ii apparmor 2.13.3-7ubuntu5.1 amd64 user-space parser utility for AppArmor
un apparmor-profiles-extra <none> <none> (no description available)
un apparmor-utils <none> <none> (no description available)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1988270/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list