[Merge] ~jchittum/livecd-rootfs:mount-faux-cgroup-for-snapd into livecd-rootfs:ubuntu/master
John Chittum
mp+409359 at code.launchpad.net
Wed Sep 29 12:11:27 UTC 2021
John Chittum has proposed merging ~jchittum/livecd-rootfs:mount-faux-cgroup-for-snapd into livecd-rootfs:ubuntu/master.
Commit message:
Mount cgroup2 type for snapd
LP: 1944004 described an issue where a libc transition caused snapd
seccomp profiles to reference a path that no longer existed, leading to
permission denied errors. The committed fix for snapd then raised an
issue where running `snapd debug seeding` would present a
preseed-system-key and seed-restart-system-key due to a mismatch
between the running kernel capabilities and the profiles being loaded by
snapd. By mounting a cgroup2 type to /sys/fs/cgroup, the capabilities
match for snapd as mounted in the chroot. This is done similarly to
live-build/functions:138-140 where apparmour and seccomp actions are
mounted after updating the buildd.
Requested reviews:
Ubuntu Core Development Team (ubuntu-core-dev)
For more details, see:
https://code.launchpad.net/~jchittum/livecd-rootfs/+git/livecd-rootfs/+merge/409359
worked with anonymouse67, stolowski, and pedronis to identify the change. The change needed in livecd-rootfs presented itself during CPC testing, and my testing here is to emulate that exact testing to ensure `snapd debug seeding` returns clean.
Tested locally using bartender:
1. ran a build using ubuntu-old-fashioned/scripts/ubuntu-bartender with the following command:
bartender --hook-extras-dir ~/dev01/cloudware/cpc_packaging.extra --livecd-rootfs-dir ~/dev01/livecd-rootfs --build-provider aws --aws-keypair-name jchittum-cpc-jenkins --aws-profile default -- --series impish --project ubuntu-cpc --image-target qcow2
This ran a build on aws using local checkouts of livecd-rootfs (with this change) and cpc's extras (which are unused). The `qcow2` build provides the most basic bootable image
2. used qemu to run an instance:
qemu-system-x86_64 -cpu host -machine type=q35,accel=kvm -m 2048 -nographic -snapshot -netdev id=net00,type=user,hostfwd=tcp::2222-:22 -device virtio-net-pci,netdev=net00 -drive if=virtio,format=qcow2,file=livecd.ubuntu-cpc.img -drive if=virtio,format=raw,file=/home/jchittum/dev01/vmdks/cloud_init_working.iso -drive if=pflash,format=raw,file=/usr/share/OVMF/OVMF_CODE.fd,readonly
This does a UEFI boot with the file produced from the build.
3. ssh'd into the instance and ran `sudo snapd debug seeding`. This returned without the preseed-system-key and seed-restart-system-key
4. ran CPC's cloud-test-framework against the existing instance (thus emulating our current failing case). This came back with no errors
5. Created a custom package of livecd-rootfs with my change
6. request an LP build using the custom package of livecd-rootfs
7. downloaded build and started with qemu (same as #2)
8. ran #3 (ssh + sudo snapd debug seeding) and observered the following:
ubuntu at ubuntu:~$ sudo snap debug seeding
seeded: true
preseeded: true
image-preseeding: 26.491s
seed-completion: 1.661s
9. Ran cloud-test-framework, and had it come back green.
--
Your team Ubuntu Core Development Team is requested to review the proposed merge of ~jchittum/livecd-rootfs:mount-faux-cgroup-for-snapd into livecd-rootfs:ubuntu/master.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: review-diff.txt
Type: text/x-diff
Size: 1147 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-reviews/attachments/20210929/14c73f15/attachment.diff>
More information about the Ubuntu-reviews
mailing list