[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Similar issue: https://gitlab.com/libvirt/libvirt/-/issues/548 . These two may want a common fix with "allow qemu to read sysfs"? ** Bug watch added: gitlab.com/libvirt/libvirt/-/issues #548 https://gitlab.com/libvirt/libvirt/-/issues/548 -- You received this bug notification because you are

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Hi Marius, > What actually is the effect of the denial? Will qemu not use more than one > CPU, > or is it something less harmful? Since the new interface is arch specific and new the code does fall back tot he old way. 226 /* On some architectures it is possible to distinguish between config

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Thanks a lot everyone! What actually is the effect of the denial? Will qemu not use more than one CPU, or is it something less harmful? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchp

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

This has now landed upstream, on the master branch as c159d0925 Allow access to possible cpus for glibc-2.36 and has been cherry-picked back to 3.1, 3.0, 2.13, and 2.12 branches. This schedules it for release in the 2.12.4 and 2.13.7, 3.0.8 releases this week. Unfortunately 3.1.2 was cut last wee

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Submitted upstream: https://lists.ubuntu.com/archives/apparmor/2022-November/012528.html Once discussed and accepted there I suggest a backport to Kinetic. I hope this debug and patch helps, but to manage expectations, I'd hope/expect that someone usually looking after apparmor does that follow

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Reported upstream at https://gitlab.com/apparmor/apparmor/-/issues/283 ** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #283 https://gitlab.com/apparmor/apparmor/-/issues/283 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subs

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

That is the commit causing the change [1] in behavior. That is pretty low level (in libc6) and will probably hit anything that links against libnuma. I think the fix should therefore go into /etc/apparmor.d/abstractions/base Today it has: # glibc's sysconf(3) routine to determine free memor