[Bug 2052789] Re: AppArmor profiles missing in kernel 5.15.0-1051+ release

Fri Apr 5 15:36:37 UTC 2024

Verified Focal:

This exact proposed version of livecd-rootfs has been used in cloud
image build for many weeks now and has met all of the steps listed in
the test plan.

GCE daily minimal image daily-ubuntu-minimal-2004-focal-v20240405``
being one such image with snaps and built using this version of livecd-
rootfs.

Steps:

1. Launch `daily-ubuntu-minimal-2004-focal-v20240405` from project
`ubuntu-os-cloud-devel` in GCE

```
gcloud compute instances create $(petname) --zone=europe-west1-d --image=daily-ubuntu-minimal-2004-focal-v20240405 --image-project=ubuntu-os-cloud-devel
```

4. logged in and ran `sudo snap debug seeding`

```
ubuntu at usable-mullet:~$ sudo snap debug seeding
seeded:            true
preseeded:         true
image-preseeding:  5.744s
seed-completion:   3.278s
```

5. and just to double check, yes there are snaps

```
ubuntu at usable-mullet:~$ snap list
Name              Version   Rev    Tracking         Publisher          Notes
core20            20240111  2182   latest/stable    canonical✓         base
google-cloud-cli  471.0.0   229    latest/stable/…  google-cloud-sdk✓  classic
snapd             2.61.2    21184  latest/stable    canonical✓         snapd
```

** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2052789

Title:
  AppArmor profiles missing in kernel 5.15.0-1051+ release

Status in livecd-rootfs package in Ubuntu:
  Fix Committed
Status in livecd-rootfs source package in Focal:
  Fix Committed
Status in livecd-rootfs source package in Jammy:
  Fix Released

Bug description:
  After the kernel roll to linux-gcp-5.15 to version
  5.15.0-1051.59_20.04.1 the public cloud team pre publication test were
  failing on our snap_preseed_optimized test which checks to ensure that
  snaps are preseeded correctly

  This test checks the output of `snap debug seeding` to assert `seed-
  completion` is present and not empty.

  ``
  ❯ snap debug seeding
  seeded:            true
  preseeded:         true
  image-preseeding:  39.367s
  seed-completion:   1.335s
  ```

  If `/var/lib/snapd/seed/seed.yaml` exists it also asserts that
  `preseeded` is present and not empty.

  With the recent kernel update this test is failing which indicates a kernel feature mismatch between
  the running kernel and the feature set hard-coded in livecd-rootfs for this image.
  Boot will be slowed by ~200ms until this is resolved in livecd-rootfs.

  This solution is to add a 5.15 apparmor configuration to the focal
  branch of livecd-rootfs

  The issue is also present with the recent 5.15 kernels in Jammy.

  Related bugs LP: #2031943 and LP: #2045384

  [ Impact ]

  Boot will be slowed by ~200ms until this is resolved in livecd-rootfs

  [ Test Plan ]

   * for focal build any cloud image with preseeded snaps with HWE 5.15 kernel
   * for jammy build any cloud image with preseeded snaps with up to date 5.15 kernel
   * boot
   * run `snap debug seeding`
   * assert the test described above passes

  [ Where problems could occur ]

   * Similar patches already exist for later releases 6.2, 6.5 kernel
  etc. and have been used on other private customer kernels and all
  kernels released after 22.04, so there is already a good track record
  for this patchset and it shouldn't create any issues.

  [ Other Info ]

   * This is a time-sensitive issue for a paying customer

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2052789/+subscriptions