Control: reassign -1 apparmor
Control: affects -1 src:systemd
Control: retitle -1 apparmor makes systemd autopkgtests fail on bookworm
Control: found -1 3.0.8-3

The plot thickens...

Am 23.08.23 um 13:20 schrieb Michael Biebl:
On Tue, 22 Aug 2023 16:08:24 +0200 Michael Biebl <bi...@debian.org> wrote:
Source: systemd
Version: 254.1-2
Severity: important


Looking at https://ci.debian.net/packages/s/systemd/unstable/amd64/ ,
systemd has been failing on debci since about the beginning of May.

Asking around on #debci, this might be kernel related, as the debci
related systems were upgraded to bookworm around that time.


Small update:
I can reproduce the failures in a bookworm (qemu) VM, using LXC.
Only upgrading the kernel to the one from trixie [1] is sufficient to make autopkgtest pass.


... so does disabling AppArmor with the bookworm kernel.

For completeness sake the failing tests are:

# autopkgtest systemd -- lxc autopkgtest-bookworm


784s hostnamed            FAIL non-zero exit status 1
784s localed-locale       FAIL non-zero exit status 1
784s localed-x11-keymap   FAIL non-zero exit status 1
784s networkd-test.py     FAIL non-zero exit status 1
784s boot-and-services    FAIL non-zero exit status 1
784s unit-tests           FAIL non-zero exit status 1


# autopkgtest systemd -- lxc autopkgtest-trixie

782s hostnamed            FAIL non-zero exit status 1
782s localed-locale       FAIL non-zero exit status 1
782s networkd-test.py     FAIL non-zero exit status 1
782s boot-and-services    FAIL non-zero exit status 1


Running e.g.
# autopkgtest --test-name=hostnamed systemd -- lxc autopkgtest-trixie

I see the following error in the journal:

Aug 23 14:23:50 debian audit[4096]: AVC apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send" Aug 23 14:23:50 debian kernel: audit: type=1400 audit(1692793430.788:33): apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send" Aug 23 14:23:50 debian kernel: audit: type=1400 audit(1692793430.788:34): apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send" Aug 23 14:23:50 debian audit[4096]: AVC apparmor="DENIED" operation="file_lock" profile="lxc-autopkgtest-lxc-iomhit_</var/lib/lxc>" pid=4096 comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0 requested_mask="send"



With the 6.4 kernel, no such error happens.

So, this looks to me like an AppArmor issue, thus reassigning to the apparmor package.


Dear AppArmor maintainers: can you please have a look? If you need further information, please let me know.

Regards,
Michael

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to